ranshou utworzono 15 listopada 2009 utworzono 15 listopada 2009 Mam (w sumie mamy) problem z laptopem mojej rodzicielki jakieś pół roku temu przywlokła do domu z pracy jakieś trojany która zainfekowały jej komputer , potem i mój został zbezczeszczony i musiałam formata robić -.- otóż wolno się uruchamiają aplikacje , zacina się system , bardzo szybko się nagrzewa i też bardzo szybko bateria się wyczerpuje oraz jak próbowałam podłączyć laptopa do internetu w ogóle nie działał ... znaczy się pojawiło się w pasku zadań że niby nawiązano połączenie z internetem ale na żadną stronę nie mogłam wejść, nie mogłam antywirusa zaktualizować. Mimo ,iż zainstalowałam Operę dalej nie działało zainstalowałam malware i przeskanowałam wykryło 4 trojany : [log]Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2775 Windows 5.1.2600 Dodatek Service Pack 2 2009-11-15 10:16:43 mbam-log-2009-11-15 (10-16-43).txt Typ skanowania: Pełne skanowanie (C:\|) Przeskanowane obiekty: 166160 Upłynęło: 26 minute(s), 48 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 1 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 1 Zainfekowane pliki: 2 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowane pliki: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Generic.Bot.H) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. [/log] usunęłam wszystko , wcześniej jeszcze skanowałam Kasperskim i znalazło tam pare (parenaście w sumie ) trojanów , jednak jest on nieaktywowany więc nie był w stanie wykryć wszystkich tych co wykrył malware (malware aktualizacji też ściągnąć nie mogłam ) , chciałam go aktywować i zaktualizować ale niestety właśnie nie mogłam zrobiłam też log z OTL jakby to coś pomogło : [log]OTL logfile created on: 2009-11-15 10:25:33 - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\vital\Pulpit Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 238,42 Mb Total Physical Memory | 66,75 Mb Available Physical Memory | 28,00% Memory free 585,35 Mb Paging File | 342,96 Mb Available in Paging File | 58,59% Paging File free Paging file location(s): C:\pagefile.sys 360 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,25 Gb Total Space | 31,07 Gb Free Space | 83,40% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-04C2F51B2B Current User Name: vital Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-11-15 09:10:20 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vital\Pulpit\OTL.exe PRC - [2008-02-08 18:36:14 | 00,227,856 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe PRC - [2008-02-08 18:36:14 | 00,227,856 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe PRC - [2005-07-12 00:10:00 | 00,430,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe PRC - [2004-12-01 16:06:20 | 01,089,536 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe PRC - [2004-11-26 11:02:30 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe PRC - [2004-11-17 10:56:10 | 01,077,327 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe PRC - [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2004-10-08 14:44:24 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2004-10-08 14:43:12 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2004-10-08 08:31:34 | 00,106,496 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe PRC - [2004-10-08 08:31:26 | 00,155,648 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2004-10-08 08:27:22 | 00,126,976 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2004-09-28 00:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe PRC - [2004-08-10 22:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004-08-04 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-04 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-07-13 21:51:04 | 00,892,928 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe PRC - [2004-06-17 08:03:44 | 00,059,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE PRC - [2004-06-16 16:44:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2003-09-15 16:52:04 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2003-07-08 15:57:08 | 01,519,616 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\bin\fbserver.exe PRC - [2003-07-08 15:55:36 | 00,073,728 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\bin\fbguard.exe PRC - [2001-12-06 17:01:30 | 00,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009-11-15 09:10:20 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vital\Pulpit\OTL.exe MOD - [2008-02-08 18:37:48 | 00,088,592 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll MOD - [2008-02-08 18:37:42 | 00,048,656 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll MOD - [2008-02-08 18:26:08 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\msvcr80.dll MOD - [2004-10-08 14:44:16 | 00,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll MOD - [2004-08-04 12:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 12:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-02-08 18:36:14 | 00,227,856 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP) SRV - [2004-08-10 22:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf) SRV - [2004-08-04 12:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2004-06-16 16:44:06 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003-07-08 15:57:08 | 01,519,616 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\bin\fbserver.exe -- (FirebirdServer) SRV - [2003-07-08 15:55:36 | 00,073,728 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\bin\fbguard.exe -- (FirebirdGuardian) SRV - [2003-02-20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2007-12-28 19:51:04 | 00,195,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif) DRV - [2007-12-13 13:28:40 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2007-10-31 13:41:16 | 00,110,096 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2005-08-16 11:23:10 | 00,038,422 | ---- | M] (Generic) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec) DRV - [2004-11-23 19:50:44 | 00,030,464 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr) DRV - [2004-11-04 18:29:38 | 00,155,392 | ---- | M] (Inprocomm, Inc.) -- C:\WINDOWS\system32\drivers\i2220ntx.sys -- (IPN2220) DRV - [2004-10-15 14:52:48 | 00,071,168 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004-10-08 14:33:46 | 00,185,824 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2004-10-08 08:54:56 | 00,752,093 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2004-09-28 22:08:36 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5) DRV - [2004-09-28 22:08:24 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln) DRV - [2004-09-28 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004-09-28 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004-09-28 00:05:00 | 00,086,458 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004-09-28 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004-09-28 00:05:00 | 00,025,947 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004-09-28 00:05:00 | 00,015,131 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004-09-28 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004-09-28 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004-09-28 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres) DRV - [2004-09-21 12:44:06 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2004-09-21 12:42:42 | 00,685,184 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004-09-21 12:42:08 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004-09-15 16:02:26 | 00,279,552 | R--- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA) DRV - [2004-09-15 16:01:14 | 00,034,048 | R--- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD) DRV - [2004-08-18 17:02:26 | 00,007,552 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr) DRV - [2004-08-17 02:21:00 | 00,087,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004-08-13 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm) DRV - [2004-08-04 12:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004-08-04 00:07:36 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbbatt.sys -- (SMBBATT) DRV - [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2004-07-13 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2004-03-17 11:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2004-01-22 15:22:39 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\vital\Ustawienia lokalne\Temp\cdiskdun.sys -- (cdiskdun) DRV - [2003-01-29 14:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) DRV - [2001-08-17 22:57:56 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbhc.sys -- (SMBHC) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ IE - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\S-1-5-21-1509221761-718572268-1117250352-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\S-1-5-21-1509221761-718572268-1117250352-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.50:80 O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O3 - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\programy\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.) O4 - HKU\S-1-5-21-1509221761-718572268-1117250352-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1509221761-718572268-1117250352-1006..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\vital\Menu Start\Programy\Autostart\OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\vital\Menu Start\Programy\Autostart\Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-11-29 13:45:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0cadbda0-490a-11dc-843a-00c09f7ad5d9}\Shell\AutoRun\command - "" = Temp0021\sys.exe O33 - MountPoints2\{0cadbda0-490a-11dc-843a-00c09f7ad5d9}\Shell\OpEn\CoMmAnD - "" = Temp0021\sys.exe O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-11-15 09:46:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vital\Dane aplikacji\Malwarebytes [2009-11-15 09:46:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-11-15 09:46:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-11-15 09:46:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-11-15 09:44:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vital\Ustawienia lokalne\Dane aplikacji\Opera [2009-11-15 09:44:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vital\Dane aplikacji\Opera [2009-11-15 09:42:17 | 00,000,000 | ---D | C] -- C:\programy [2009-11-15 09:40:12 | 09,185,168 | ---- | C] (Opera Software ASA ) -- C:\Documents and Settings\vital\Pulpit\Opera_1001_int_Setup.exe [2009-11-15 09:40:09 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\vital\Pulpit\mbam-setup.exe [2009-11-15 09:40:04 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vital\Pulpit\OTL.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-11-15 10:22:12 | 00,064,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009-11-15 10:21:16 | 03,408,416 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009-11-15 10:18:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-11-15 10:18:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-11-15 10:18:15 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\vital\NTUSER.DAT [2009-11-15 10:18:14 | 00,007,028 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009-11-15 10:18:13 | 00,046,676 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009-11-15 10:17:43 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\vital\ntuser.ini [2009-11-15 10:17:30 | 04,799,910 | -H-- | M] () -- C:\Documents and Settings\vital\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-15 09:46:45 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-11-15 09:42:52 | 00,000,551 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2009-11-15 09:13:32 | 09,185,168 | ---- | M] (Opera Software ASA ) -- C:\Documents and Settings\vital\Pulpit\Opera_1001_int_Setup.exe [2009-11-15 09:10:50 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\vital\Pulpit\mbam-setup.exe [2009-11-15 09:10:20 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vital\Pulpit\OTL.exe [2009-11-14 16:28:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-11-11 21:49:43 | 00,008,995 | ---- | M] () -- C:\Documents and Settings\vital\Moje dokumenty\pismo procesowe.grzwywna.19.11.09.sxw [2009-11-11 18:00:51 | 00,000,412 | ---- | M] () -- C:\Documents and Settings\vital\Moje dokumenty\spider.sav [2009-10-29 23:33:21 | 00,012,185 | ---- | M] () -- C:\Documents and Settings\vital\Pulpit\pozew KK. 2009 konkubinat.sxw [2009-10-29 22:36:56 | 00,012,416 | ---- | M] () -- C:\Documents and Settings\vital\Pulpit\załacznik do rozprawy kk 2009.sxw [2009-10-29 21:40:36 | 00,020,000 | ---- | M] () -- C:\Documents and Settings\vital\Pulpit\Rurka Agnieszka konkubinat 07[1][1].12.07 a.sxw [2009-10-29 20:42:54 | 00,079,872 | ---- | M] () -- C:\Documents and Settings\vital\Pulpit\Rurka Agnieszka konkubinat 07[1][1].12.07 a.doc [2009-10-26 20:14:36 | 00,436,216 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-10-26 20:14:35 | 00,380,548 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-10-26 20:14:35 | 00,067,276 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-10-26 20:14:35 | 00,052,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-10-26 20:14:32 | 00,946,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-11-15 09:46:45 | 00,000,655 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-11-15 09:42:51 | 00,000,551 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2009-11-11 20:03:50 | 00,008,995 | ---- | C] () -- C:\Documents and Settings\vital\Moje dokumenty\pismo procesowe.grzwywna.19.11.09.sxw [2009-10-29 21:58:22 | 00,012,416 | ---- | C] () -- C:\Documents and Settings\vital\Pulpit\załacznik do rozprawy kk 2009.sxw [2009-10-29 21:48:16 | 00,012,185 | ---- | C] () -- C:\Documents and Settings\vital\Pulpit\pozew KK. 2009 konkubinat.sxw [2009-10-29 20:52:41 | 00,020,000 | ---- | C] () -- C:\Documents and Settings\vital\Pulpit\Rurka Agnieszka konkubinat 07[1][1].12.07 a.sxw [2009-10-29 20:42:53 | 00,079,872 | ---- | C] () -- C:\Documents and Settings\vital\Pulpit\Rurka Agnieszka konkubinat 07[1][1].12.07 a.doc [2007-05-06 13:50:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2006-10-01 18:21:49 | 00,028,672 | ---- | C] () -- C:\WINDOWS\kmouse32.dll [2006-07-28 16:41:22 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006-05-21 09:46:26 | 00,000,235 | ---- | C] () -- C:\WINDOWS\MEP.INI [2006-04-09 21:06:42 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005-11-27 12:39:41 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\vital\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005-09-19 12:10:29 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\vital\Dane aplikacji\sversion.ini [2005-06-07 19:51:41 | 00,028,592 | ---- | C] () -- C:\Documents and Settings\vital\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2005-06-07 13:16:10 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005-06-07 13:07:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\vital\Dane aplikacji\desktop.ini [2005-06-07 13:07:55 | 04,799,910 | -H-- | C] () -- C:\Documents and Settings\vital\Ustawienia lokalne\Dane aplikacji\IconCache.db [2004-12-03 10:10:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2004-12-03 10:10:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004-12-03 10:07:49 | 00,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini [2004-12-03 09:35:54 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004-12-03 09:33:33 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004-12-03 09:33:33 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004-12-03 09:33:33 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004-12-03 09:33:33 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004-12-03 09:33:33 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004-12-03 09:33:33 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004-12-03 09:24:00 | 00,012,134 | R--- | C] () -- C:\WINDOWS\HWSetupStr.ini [2004-12-03 09:24:00 | 00,002,070 | R--- | C] () -- C:\WINDOWS\SVPW32Str.ini [2004-12-03 09:21:24 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2004-12-03 09:21:24 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2004-12-03 09:21:24 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2004-12-03 09:21:24 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2004-11-29 14:37:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2004-11-29 13:29:16 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004-11-29 13:28:57 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini [2004-11-29 13:28:54 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2004-11-29 13:28:49 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2004-11-29 13:28:36 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-11-11 21:08:36 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll [2004-08-04 08:58:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [color=#E56717]========== LOP Check ==========[/color] [2004-12-03 09:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\toshiba [2005-06-07 18:19:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vital\Dane aplikacji\InterVideo [2009-05-03 17:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vital\Dane aplikacji\Leadertech [2009-11-15 09:44:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vital\Dane aplikacji\Opera [2008-05-25 20:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vital\Dane aplikacji\Ponys [2004-12-03 09:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vital\Dane aplikacji\toshiba [2004-08-04 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-11-15 10:18:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] mam nadzieję że to nic groźnego i to tylko jakieś robaki bo boję się po tym ostatnim razie podłączać pendrivy do mojego kompa >_< w tym przypadku niestety musiałam ale nic mi antywir nie wykrył ^^
Psycholandia komentarz 15 listopada 2009 komentarz 15 listopada 2009 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL O3 - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1509221761-718572268-1117250352-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O33 - MountPoints2\{0cadbda0-490a-11dc-843a-00c09f7ad5d9}\Shell\AutoRun\command - "" = Temp0021\sys.exe O33 - MountPoints2\{0cadbda0-490a-11dc-843a-00c09f7ad5d9}\Shell\OpEn\CoMmAnD - "" = Temp0021\sys.exe :Commands [emptytemp] [start explorer] [Reboot][/code] Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [/code] Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
ranshou komentarz 21 listopada 2009 Autor komentarz 21 listopada 2009 (edytowane) hmm mam pytanie Y.Y b jak kliknęłam na ""run fix" (wczesniej wklejając to co mialam wkleić ofc ) to ile to sie ma skanować ? Y.Y bo siedzi nad tym już jakieś 40 minut... edit:// juz sie wyłaczył >.>;;; edit2:// Zrobiłam wszystko co kazałaś ale antywir nic nie wykył
Psycholandia komentarz 21 listopada 2009 komentarz 21 listopada 2009 Uruchom OTL i klik na CleanUP. Znaczy już czysto.
ranshou komentarz 29 listopada 2009 Autor komentarz 29 listopada 2009 niestety internet dalej nie działa wszystko co miałam wpisać i to co było na karcie instrukcji zrobiłam jednak dalej nie działa z tego co mi wiadomo był podłączany jakieś 3-4 lata temu do internetu i działało teraz pokazuje że to połączenie niby jest ale żadnej strony nie wczytuje ani aktualizacji też nie chce ściągać
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.