Combofix zawiesza się podczas skanowania komputera

Dla specjalistów Bezpieczeństwo
#1

Witam.

Mam problem z rozwiązaniem którego nie potrafię sobie poradzić. Otóż podczas startu komputera wywala mi błąd temp2.exe. Chciałem to usunąć combofixem tak jak to kiedyś ale combofix rozpoczyna skanowanie, nawet na ekranie nie pojawia się żaden postęp w skanowaniu i po 5 minutach komputer zalicza zwieche i można go jedynie wyłączyć przyciskiem power. Poniżej zamieszczam log z OTL’a. Będę ogromnie wdzięczny za pomoc.

OTL logfile created on: 2012-02-23 12:13:10 - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Katarzyna\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


502,05 Mb Total Physical Memory | 220,61 Mb Available Physical Memory | 43,94% Memory free

1,20 Gb Paging File | 0,97 Gb Available in Paging File | 81,05% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 10,59 Gb Total Space | 0,26 Gb Free Space | 2,46% Space Free | Partition Type: NTFS

Drive D: | 20,51 Gb Total Space | 15,13 Gb Free Space | 73,77% Space Free | Partition Type: NTFS

Drive E: | 43,40 Gb Total Space | 31,46 Gb Free Space | 72,49% Space Free | Partition Type: NTFS

Drive G: | 960,72 Mb Total Space | 955,81 Mb Free Space | 99,49% Space Free | Partition Type: FAT


Computer Name: PAWLIKOW-XK5UZX | User Name: Katarzyna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-02-23 12:12:28 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katarzyna\Pulpit\OTL.exe

PRC - [2012-02-23 12:06:18 | 000,035,346 | ---- | M] () -- C:\WINDOWS\system32\temp1.exe

PRC - [2010-08-11 16:11:47 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Katarzyna\Ustawienia lokalne\Temp\RtkBtMnt.exe

PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-06-27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007-06-27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2007-05-08 15:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

PRC - [2004-05-12 21:30:00 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

PRC - [1996-06-28 15:01:00 | 000,285,184 | ---- | M] (Corel Corporation) -- C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2012-02-23 12:06:18 | 000,035,346 | ---- | M] () -- C:\WINDOWS\system32\temp1.exe

MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL

MOD - [2007-09-20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011-06-26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)

SRV - [2008-11-22 01:25:46 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2010-08-11 14:43:41 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008-08-18 11:24:40 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ICDUSB3.sys -- (ICDUSB3)

DRV - [2006-06-28 09:25:24 | 004,304,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006-06-16 12:17:38 | 000,074,752 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2006-06-16 12:17:38 | 000,040,064 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2006-06-16 12:17:36 | 000,061,056 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2005-11-02 06:24:24 | 000,424,320 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005-10-31 07:16:00 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2005-10-24 03:20:52 | 000,218,496 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2005-10-18 09:53:24 | 000,998,656 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2005-10-18 09:52:30 | 000,721,280 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.startup.homepage: "ww.google.pl"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-20 15:02:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-20 15:02:12 | 000,000,000 | ---D | M]


[2010-08-11 14:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Katarzyna\Dane aplikacji\Mozilla\Extensions

[2010-08-11 14:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Katarzyna\Dane aplikacji\Mozilla\Firefox\Profiles\8e5r43rv.default\extensions

[2012-02-22 11:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-11-28 14:21:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010-11-28 14:21:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010-11-28 14:21:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011-10-11 13:32:33 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2011-10-11 13:32:33 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2011-10-11 13:32:33 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2011-10-11 13:32:33 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2011-10-11 13:32:33 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-10-11 13:32:33 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


[color=#E56717]========== Chrome ==========[/color]


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}


O1 HOSTS File: ([2003-04-16 12:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE (Novell, Inc.)

O4 - HKCU..\Run: [{C77037C7-F034-AD7F-DFCA-2081DCCA0393}] C:\Documents and Settings\Katarzyna\Dane aplikacji\Ethyqa\peovh.exe ()

O4 - HKCU..\Run: [AudioAdapterMate] C:\Program Files\CassetteMate\RecordMate.exe File not found

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - Startup: C:\Documents and Settings\Katarzyna\Menu Start\Programy\Autostart\PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE (Corel Corporation)

F3 - HKCU WinNT: Load - (C:\WINDOWS\svchost.exe) - C:\WINDOWS\svchost.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E14B6FDB-3214-479E-9E71-61A968E42D15}: DhcpNameServer = 194.204.152.34 194.204.159.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Katarzyna\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Katarzyna\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O29 - HKLM SecurityProviders - (AflonrUqhuyk.dll) - C:\WINDOWS\System32\AflonrUqhuyk.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-08-11 14:28:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | RHS- | M] () - C:\autorun.inf -- [NTFS]

O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | RHS- | M] () - D:\autorun.inf -- [NTFS]

O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | RHS- | M] () - E:\autorun.inf -- [NTFS]

O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | RHS- | M] () - G:\autorun.inf -- [FAT]

O33 - MountPoints2\{05448f17-14f9-11e0-971d-00197d6578c8}\Shell - "" = AutoRun

O33 - MountPoints2\{05448f17-14f9-11e0-971d-00197d6578c8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{0b1b1a52-5e04-11e1-b142-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{0b1b1a52-5e04-11e1-b142-0016d4c780e2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{0d590a58-c4f5-11df-9684-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{0d590a58-c4f5-11df-9684-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{28161c4e-cd9e-11df-9688-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{28161c4e-cd9e-11df-9688-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{28161c51-cd9e-11df-9688-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{28161c51-cd9e-11df-9688-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{424479ae-a54f-11df-964c-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{424479ae-a54f-11df-964c-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE

O33 - MountPoints2\{424479ae-a54f-11df-964c-0016d4c780e2}\Shell\configure\command - "" = G:\AUTORUN.EXE

O33 - MountPoints2\{424479ae-a54f-11df-964c-0016d4c780e2}\Shell\install\command - "" = G:\AUTORUN.EXE

O33 - MountPoints2\{818bf506-5da2-11e1-b140-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{818bf506-5da2-11e1-b140-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{818bf507-5da2-11e1-b140-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{818bf507-5da2-11e1-b140-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{818bf508-5da2-11e1-b140-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{818bf508-5da2-11e1-b140-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{b86d163d-a6bb-11df-9655-0016d4c780e2}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe

O33 - MountPoints2\{c140831f-bf06-11df-967a-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{c140831f-bf06-11df-967a-0016d4c780e2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{d681c84c-a559-11df-af87-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{d681c84c-a559-11df-af87-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{deb15858-cff9-11df-9689-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{deb15858-cff9-11df-9689-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{deb15859-cff9-11df-9689-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{deb15859-cff9-11df-9689-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{deb1585c-cff9-11df-9689-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{deb1585c-cff9-11df-9689-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\C\Shell - "" = AutoRun

O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-02-23 12:13:06 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Katarzyna\Pulpit\OTL.exe

[2012-02-23 11:19:36 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012-02-23 10:59:09 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012-02-23 10:54:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012-02-23 10:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012-02-23 10:54:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012-02-23 10:54:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012-02-23 10:54:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012-02-23 10:54:06 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-02-23 10:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Katarzyna\Menu Start\Programy\Narzędzia administracyjne

[2012-02-23 10:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Katarzyna\Moje dokumenty\Moje wideo

[2012-02-23 10:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo

[2012-02-23 10:52:14 | 004,417,295 | R--- | C] (Swearware) -- C:\Documents and Settings\Katarzyna\Pulpit\ComboFix.exe

[2012-02-20 14:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katarzyna\Pulpit\viewer_pliki

[2012-02-01 15:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katarzyna\Dane aplikacji\Ethyqa

[2012-02-01 15:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katarzyna\Dane aplikacji\Ekug

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-02-23 12:12:28 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katarzyna\Pulpit\OTL.exe

[2012-02-23 12:06:19 | 000,002,085 | ---- | M] () -- C:\WINDOWS\System32\temp2.exe

[2012-02-23 12:06:18 | 000,035,346 | ---- | M] () -- C:\WINDOWS\System32\temp1.exe

[2012-02-23 12:06:14 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012-02-23 12:06:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-02-23 10:59:14 | 000,000,295 | RHS- | M] () -- C:\boot.ini

[2012-02-23 10:51:49 | 000,000,179 | ---- | M] () -- C:\Boot.bak

[2012-02-23 10:35:10 | 004,417,295 | R--- | M] (Swearware) -- C:\Documents and Settings\Katarzyna\Pulpit\ComboFix.exe

[2012-02-22 23:22:19 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012-02-22 23:18:18 | 000,359,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2012-02-22 23:18:18 | 000,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012-02-22 23:18:18 | 000,051,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2012-02-22 23:18:18 | 000,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012-02-22 23:14:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-02-22 10:59:50 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Katarzyna\Pulpit\Microsoft Office Word 2003.lnk

[2012-02-22 10:25:36 | 000,003,648 | ---- | M] () -- C:\Documents and Settings\Katarzyna\intlname.ols

[2012-02-20 17:15:17 | 000,114,830 | ---- | M] () -- C:\Documents and Settings\Katarzyna\Pulpit\222.htm

[2012-02-20 15:26:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk

[2012-02-20 14:57:04 | 000,125,746 | ---- | M] () -- C:\Documents and Settings\Katarzyna\Pulpit\viewer.htm

[2012-02-20 11:48:07 | 002,314,039 | ---- | M] () -- C:\Documents and Settings\Katarzyna\Pulpit\warta.pdf

[2012-02-09 22:29:12 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Katarzyna\default.pls

[2012-02-09 22:29:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012-02-06 10:06:24 | 000,013,824 | ---- | M] () -- C:\WINDOWS\System32\AflonrUqhuyk.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-02-23 10:59:14 | 000,000,179 | ---- | C] () -- C:\Boot.bak

[2012-02-23 10:59:11 | 000,262,400 | RHS- | C] () -- C:\cmldr

[2012-02-23 10:54:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012-02-23 10:54:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012-02-23 10:54:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012-02-23 10:54:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012-02-23 10:54:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012-02-20 17:15:16 | 000,114,830 | ---- | C] () -- C:\Documents and Settings\Katarzyna\Pulpit\222.htm

[2012-02-20 14:57:03 | 000,125,746 | ---- | C] () -- C:\Documents and Settings\Katarzyna\Pulpit\viewer.htm

[2012-02-20 11:47:16 | 002,314,039 | ---- | C] () -- C:\Documents and Settings\Katarzyna\Pulpit\warta.pdf

[2012-02-06 10:06:24 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\AflonrUqhuyk.dll

[2011-07-11 13:49:25 | 000,070,207 | RHS- | C] () -- C:\WINDOWS\svchost.exe

[2011-07-11 13:49:25 | 000,035,346 | ---- | C] () -- C:\WINDOWS\System32\temp1.exe

[2011-07-11 13:49:25 | 000,002,085 | ---- | C] () -- C:\WINDOWS\System32\temp2.exe

[2011-07-11 13:49:25 | 000,001,211 | RHS- | C] () -- C:\WINDOWS\xcopy.exe

[2011-06-21 23:32:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011-01-05 16:11:41 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

[2010-12-02 16:37:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI

[2010-11-24 16:18:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI

[2010-11-24 16:10:49 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2010-11-24 16:10:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll

[2010-11-24 16:10:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll

[2010-11-24 16:10:08 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll

[2010-10-14 19:42:26 | 000,136,360 | ---- | C] () -- C:\WINDOWS\hpgins30.dat.temp

[2010-10-14 19:42:26 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl30.dat.temp

[2010-10-14 19:31:31 | 000,136,386 | ---- | C] () -- C:\WINDOWS\hpgins30.dat

[2010-10-14 19:31:31 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl30.dat

[2010-09-13 18:52:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010-09-06 18:29:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2010-08-13 09:54:59 | 000,356,352 | R--- | C] () -- C:\WINDOWS\EMCRI.dll

[2010-08-12 08:00:47 | 000,010,745 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini

[2010-08-12 07:57:46 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010-08-11 16:37:08 | 000,000,184 | ---- | C] () -- C:\WINDOWS\winhlp32.ini

[2010-08-11 16:37:08 | 000,000,184 | ---- | C] () -- C:\WINDOWS\winhelp.ini

[2010-08-11 16:35:44 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\POSP70US.DLL

[2010-08-11 16:35:43 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\POSP70IT.DLL

[2010-08-11 16:35:35 | 000,425,472 | ---- | C] () -- C:\WINDOWS\System32\POSP7032.DLL

[2010-08-11 16:35:19 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\POOLE70.DLL

[2010-08-11 16:33:10 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL

[2010-08-11 16:33:10 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL

[2010-08-11 16:28:40 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\WPAUTO.DLL

[2010-08-11 16:21:21 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Katarzyna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-08-11 15:21:44 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010-08-11 15:20:21 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-08-11 14:55:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010-08-11 14:47:17 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-08-11 14:47:15 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-08-11 14:47:15 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010-08-11 14:47:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010-08-11 14:47:13 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010-08-11 14:30:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010-08-11 14:26:17 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat


< End of report >

Pozdrawiam.

#2

Przeskanuj progr.Malwarebytes Anti-Malware

http://www.dobreprogramy.pl/Malwarebyte … 13117.html

Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW

Pokaż nowe logi z OTL.

#3

Ok, wygląda na to że wszystko się naprawiło. Oto log z OTL

OTL logfile created on: 2012-02-23 13:39:56 - Run 2

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Katarzyna\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


502,05 Mb Total Physical Memory | 233,49 Mb Available Physical Memory | 46,51% Memory free

1,20 Gb Paging File | 0,97 Gb Available in Paging File | 80,70% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 10,59 Gb Total Space | 1,00 Gb Free Space | 9,44% Space Free | Partition Type: NTFS

Drive D: | 20,51 Gb Total Space | 14,46 Gb Free Space | 70,51% Space Free | Partition Type: NTFS

Drive E: | 43,40 Gb Total Space | 31,40 Gb Free Space | 72,36% Space Free | Partition Type: NTFS

Drive G: | 960,72 Mb Total Space | 946,64 Mb Free Space | 98,53% Space Free | Partition Type: FAT


Computer Name: PAWLIKOW-XK5UZX | User Name: Katarzyna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-02-23 12:12:28 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katarzyna\Pulpit\OTL.exe

PRC - [2010-08-11 16:11:47 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Katarzyna\Ustawienia lokalne\Temp\RtkBtMnt.exe

PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-06-27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007-06-27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2007-05-08 15:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

PRC - [2004-05-12 21:30:00 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

PRC - [1996-06-28 15:01:00 | 000,285,184 | ---- | M] (Corel Corporation) -- C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2010-09-22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL

MOD - [2007-09-20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2008-11-22 01:25:46 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2010-08-11 14:43:41 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008-08-18 11:24:40 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ICDUSB3.sys -- (ICDUSB3)

DRV - [2006-06-28 09:25:24 | 004,304,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006-06-16 12:17:38 | 000,074,752 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2006-06-16 12:17:38 | 000,040,064 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2006-06-16 12:17:36 | 000,061,056 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2005-11-02 06:24:24 | 000,424,320 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005-10-31 07:16:00 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2005-10-24 03:20:52 | 000,218,496 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2005-10-18 09:53:24 | 000,998,656 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2005-10-18 09:52:30 | 000,721,280 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.startup.homepage: "ww.google.pl"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-20 15:02:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-20 15:02:12 | 000,000,000 | ---D | M]


[2010-08-11 14:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Katarzyna\Dane aplikacji\Mozilla\Extensions

[2010-08-11 14:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Katarzyna\Dane aplikacji\Mozilla\Firefox\Profiles\8e5r43rv.default\extensions

[2012-02-22 11:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-11-28 14:21:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010-11-28 14:21:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010-11-28 14:21:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011-10-11 13:32:33 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2011-10-11 13:32:33 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2011-10-11 13:32:33 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2011-10-11 13:32:33 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2011-10-11 13:32:33 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-10-11 13:32:33 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


[color=#E56717]========== Chrome ==========[/color]


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}


O1 HOSTS File: ([2003-04-16 12:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE (Novell, Inc.)

O4 - HKCU..\Run: [AudioAdapterMate] C:\Program Files\CassetteMate\RecordMate.exe File not found

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - Startup: C:\Documents and Settings\Katarzyna\Menu Start\Programy\Autostart\PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE (Corel Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E14B6FDB-3214-479E-9E71-61A968E42D15}: DhcpNameServer = 194.204.152.34 194.204.159.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Katarzyna\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Katarzyna\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-08-11 14:28:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | RHS- | M] () - C:\autorun.inf -- [NTFS]

O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | RHS- | M] () - D:\autorun.inf -- [NTFS]

O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | RHS- | M] () - E:\autorun.inf -- [NTFS]

O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | RHS- | M] () - G:\autorun.inf -- [FAT]

O33 - MountPoints2\{05448f17-14f9-11e0-971d-00197d6578c8}\Shell - "" = AutoRun

O33 - MountPoints2\{05448f17-14f9-11e0-971d-00197d6578c8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{0b1b1a52-5e04-11e1-b142-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{0b1b1a52-5e04-11e1-b142-0016d4c780e2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{0d590a58-c4f5-11df-9684-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{0d590a58-c4f5-11df-9684-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{28161c4e-cd9e-11df-9688-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{28161c4e-cd9e-11df-9688-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{28161c51-cd9e-11df-9688-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{28161c51-cd9e-11df-9688-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{424479ae-a54f-11df-964c-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{424479ae-a54f-11df-964c-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE

O33 - MountPoints2\{424479ae-a54f-11df-964c-0016d4c780e2}\Shell\configure\command - "" = G:\AUTORUN.EXE

O33 - MountPoints2\{424479ae-a54f-11df-964c-0016d4c780e2}\Shell\install\command - "" = G:\AUTORUN.EXE

O33 - MountPoints2\{818bf506-5da2-11e1-b140-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{818bf506-5da2-11e1-b140-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{818bf507-5da2-11e1-b140-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{818bf507-5da2-11e1-b140-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{818bf508-5da2-11e1-b140-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{818bf508-5da2-11e1-b140-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{b86d163d-a6bb-11df-9655-0016d4c780e2}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe

O33 - MountPoints2\{c140831f-bf06-11df-967a-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{c140831f-bf06-11df-967a-0016d4c780e2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{d681c84c-a559-11df-af87-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{d681c84c-a559-11df-af87-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{deb15858-cff9-11df-9689-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{deb15858-cff9-11df-9689-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{deb15859-cff9-11df-9689-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{deb15859-cff9-11df-9689-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{deb1585c-cff9-11df-9689-0016d4c780e2}\Shell - "" = AutoRun

O33 - MountPoints2\{deb1585c-cff9-11df-9689-0016d4c780e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\C\Shell - "" = AutoRun

O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-02-23 12:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katarzyna\Dane aplikacji\Malwarebytes

[2012-02-23 12:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware

[2012-02-23 12:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2012-02-23 12:39:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012-02-23 12:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012-02-23 12:13:06 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Katarzyna\Pulpit\OTL.exe

[2012-02-23 10:59:09 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012-02-23 10:54:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012-02-23 10:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012-02-23 10:54:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012-02-23 10:54:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012-02-23 10:54:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012-02-23 10:54:06 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-02-23 10:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Katarzyna\Menu Start\Programy\Narzędzia administracyjne

[2012-02-23 10:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Katarzyna\Moje dokumenty\Moje wideo

[2012-02-23 10:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo

[2012-02-01 15:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katarzyna\Dane aplikacji\Ethyqa

[2012-02-01 15:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katarzyna\Dane aplikacji\Ekug

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-02-23 13:22:02 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012-02-23 13:13:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-02-23 13:12:58 | 000,000,178 | -HS- | M] () -- C:\boot.ini

[2012-02-23 13:08:15 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012-02-23 12:39:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-02-23 12:12:28 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katarzyna\Pulpit\OTL.exe

[2012-02-23 10:51:49 | 000,000,179 | ---- | M] () -- C:\Boot.bak

[2012-02-22 23:18:18 | 000,359,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2012-02-22 23:18:18 | 000,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012-02-22 23:18:18 | 000,051,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2012-02-22 23:18:18 | 000,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012-02-22 23:14:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-02-22 10:59:50 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Katarzyna\Pulpit\Microsoft Office Word 2003.lnk

[2012-02-22 10:25:36 | 000,003,648 | ---- | M] () -- C:\Documents and Settings\Katarzyna\intlname.ols

[2012-02-20 15:26:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk

[2012-02-09 22:29:12 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Katarzyna\default.pls

[2012-02-09 22:29:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-02-23 13:31:27 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Katarzyna\Pulpit\Kalkulator.lnk

[2012-02-23 12:39:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-02-23 10:59:14 | 000,000,179 | ---- | C] () -- C:\Boot.bak

[2012-02-23 10:59:11 | 000,262,400 | RHS- | C] () -- C:\cmldr

[2012-02-23 10:54:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012-02-23 10:54:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012-02-23 10:54:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012-02-23 10:54:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012-02-23 10:54:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011-06-21 23:32:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011-01-05 16:11:41 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

[2010-12-02 16:37:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI

[2010-11-24 16:18:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI

[2010-11-24 16:10:49 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2010-11-24 16:10:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll

[2010-11-24 16:10:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll

[2010-11-24 16:10:08 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll

[2010-10-14 19:42:26 | 000,136,360 | ---- | C] () -- C:\WINDOWS\hpgins30.dat.temp

[2010-10-14 19:42:26 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl30.dat.temp

[2010-10-14 19:31:31 | 000,136,386 | ---- | C] () -- C:\WINDOWS\hpgins30.dat

[2010-10-14 19:31:31 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl30.dat

[2010-09-13 18:52:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010-09-06 18:29:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2010-08-13 09:54:59 | 000,356,352 | R--- | C] () -- C:\WINDOWS\EMCRI.dll

[2010-08-12 08:00:47 | 000,010,745 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini

[2010-08-12 07:57:46 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010-08-11 16:37:08 | 000,000,184 | ---- | C] () -- C:\WINDOWS\winhlp32.ini

[2010-08-11 16:37:08 | 000,000,184 | ---- | C] () -- C:\WINDOWS\winhelp.ini

[2010-08-11 16:35:44 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\POSP70US.DLL

[2010-08-11 16:35:43 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\POSP70IT.DLL

[2010-08-11 16:35:35 | 000,425,472 | ---- | C] () -- C:\WINDOWS\System32\POSP7032.DLL

[2010-08-11 16:35:19 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\POOLE70.DLL

[2010-08-11 16:33:10 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL

[2010-08-11 16:33:10 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL

[2010-08-11 16:28:40 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\WPAUTO.DLL

[2010-08-11 16:21:21 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Katarzyna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-08-11 15:21:44 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010-08-11 15:20:21 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-08-11 14:55:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010-08-11 14:47:17 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-08-11 14:47:15 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-08-11 14:47:15 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010-08-11 14:47:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010-08-11 14:47:13 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010-08-11 14:30:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010-08-11 14:26:17 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat


< End of report >

Tylko teraz co z tym malvarebytes? Mogę go bez problemu usunąć i wirusy nie powrócą?

#4

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Opróżnij kwarantannę Malwarebytesa.Możesz go zostawić i czasem nim przeskanować.

Wyłącz i włącz przywracanie systemu.

http://www.searchengines.pl/Czyszczenie … 41981.html

#5

Ok, zrobiłem wszystko tak jak kazałeś :). Komputer teraz od razu lepiej i szybciej chodzi :). Dzięki za pomoc. Pozdrawiam.