To tak zaczne od tego ze znalazlem w programach AKAMAI SESSION INTERFACE z usunieciem nie bylo problemu uzylem programu “Malwarebytes’ Anti-Malware” wykryl to jako trojana, usunal po restarcie.
Kolejnie znalalzem ten HFPLIP TOTAL SLIPSTREAM (v2.0.0pre-alpha, build 80630a)
podobnie jak radziles tamtej osobie uzylem OTL oto wynik rejestu
OTL Extras logfile created on: 2011-02-07 07:09:04 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Administrator\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1 022,00 Mb Total Physical Memory | 381,00 Mb Available Physical Memory | 37,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,98 Gb Total Space | 21,16 Gb Free Space | 75,64% Space Free | Partition Type: FAT32
Drive D: | 28,00 Gb Total Space | 26,72 Gb Free Space | 95,44% Space Free | Partition Type: NTFS
Drive E: | 12,00 Gb Total Space | 11,41 Gb Free Space | 95,07% Space Free | Partition Type: NTFS
Drive F: | 50,00 Gb Total Space | 42,63 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive G: | 100,00 Gb Total Space | 98,19 Gb Free Space | 98,19% Space Free | Partition Type: NTFS
Drive H: | 14,87 Gb Total Space | 12,60 Gb Free Space | 84,73% Space Free | Partition Type: NTFS
Drive I: | 4,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 14,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ZŁOM | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]
.cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.url [@ = InternetShortcut] – rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes]
.html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]
batfile [open] – “%1” %*
batfile [print] – Reg Error: Key error.
cmdfile [open] – “%1” %*
cmdfile [print] – Reg Error: Key error.
comfile [open] – “%1” %*
cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
exefile [open] – “%1” %*
htmlfile [edit] – Reg Error: Key error.
inffile [print] – Reg Error: Key error.
inifile [print] – Reg Error: Key error.
InternetShortcut [open] – rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] – Reg Error: Key error.
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
regfile [print] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
txtfile [print] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [browse with FastStone] – “C:\Program Files\FastStone Image Viewer\FSViewer.exe” “%1” ()
Directory [cmd] – cmd.exe /k cd “%L” (Microsoft Corporation)
Directory [openNew] – explorer %1 (Microsoft Corporation)
Directory [Winamp.Bookmark] – “C:\Program Files\winamp\winamp.exe” /BOOKMARK “%1” (Nullsoft)
Directory [Winamp.Enqueue] – “C:\Program Files\winamp\winamp.exe” /ADD “%1” (Nullsoft)
Directory [Winamp.Play] – “C:\Program Files\winamp\winamp.exe” “%1” (Nullsoft)
Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] – Reg Error: Key error.
Drive [find] – Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
“Start” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
“Start” = 4
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall” = 0
“DoNotAllowExceptions” = 0
“DisableNotifications” = 0
“DisableUnicastResponsesToMulticastBroadcast” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DoNotAllowExceptions” = 1
“DisableNotifications” = 0
“DisableUnicastResponsesToMulticastBroadcast” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“1900:UDP” = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
“2869:TCP” = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
“1057:TCP” = 1057:TCP:*:Enabled:Akamai NetSession Interface
“5000:UDP” = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“D:\Tibia\Tibia.exe” = D:\Tibia\Tibia.exe:*:Enabled:Tibia.exe – (CipSoft GmbH)
“C:\Program Files\Gadu-Gadu 10\gg.exe” = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 – (GG Network S.A.)
“D:\BattleForge\Bootstrapper.exe” = D:\BattleForge\Bootstrapper.exe:*:Disabled:BattleForge™ Launcher – (EA Phenomic)
“C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe” = C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe:*:Enabled:PLAY ONLINE – ()
“C:\Program Files\uTorrent\uTorrent.exe” = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent – ()
“D:\BattleForge\BattleForge.exe” = D:\BattleForge\BattleForge.exe:*:Disabled:BattleForge™ – (EA Phenomic)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{26A24AE4-039D-4CA4-87B4-2F83216023FF}” = Java 6 Update 23
“{3248F0A8-6813-11D6-A77B-00B0D0160070}” = Java 6 Update 7
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{53480330-E1D1-41CA-B8F8-7F78644F7F50}” = O&O Defrag Professional Edition
“{5AF71003-1797-4D93-9F37-4F2125CBF539}” = Microsoft .NET Framework 2.0 Language Pack - PLK
“{64CB2553-C109-4132-AA51-1F421B515FD1}” = Microsoft .NET Framework 1.1 Polish Language Pack
“{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
“{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2
“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper
“{AC76BA86-7AD7-1033-7B44-A90000000001}” = Adobe Reader 9 Lite
“{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2
“{C580908C-B3BA-4C19-BD60-16F02F272201}” = BattleForge™
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1
“{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}” = Ad-Aware
“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
“{F333A33D-125C-32A2-8DCE-5C5D14231E27}” = Visual C++ 2008 x86 Runtime - (v9.0.30729)
“{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01” = Visual C++ 2008 x86 Runtime - v9.0.30729.01
“Ad-Aware” = Ad-Aware
“Adobe Flash Player ActiveX” = Adobe Flash Player ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin
“Adobe Shockwave Player” = Adobe Shockwave Player 11
“ALLPlayer_is1” = ALLPlayer V4.X
“Driver Magician_is1” = Driver Magician 3.28
“Driver Sweeper” = Driver Sweeper 0.9 (Remove Only)
“DriveSpace” = Drive Space Indicator
“FastStone Image Viewer” = FastStone Image Viewer 3.5
“foobar2000” = foobar2000 v1.1
“Gadu-Gadu 10” = Gadu-Gadu 10
“GameDesire-Bingo” = GameDesire-Bingo
“GameDesire-Boards” = GameDesire-Boards
“GameDesire-Poker” = GameDesire-Poker
“GameDesire-Pool & Snooker” = GameDesire-Pool & Snooker
“GMailFS” = GMail Drive Shell Extension
“Google Chrome” = Google Chrome
“HFSLIPTotalSlipstream” = HFSLIP Total Slipstream (v2.0.0pre-alpha, build 80630a)
“KLiteCodecPack_is1” = K-Lite Codec Pack 6.4.0 (Full)
“MakeISO right click extensions” = MakeISO right click extensions
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware
“McAfee Security Scan” = McAfee Security Scan Plus
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“Microsoft .NET Framework 2.0 Language Pack - PLK” = Microsoft .NET Framework 2.0 — pakiet języka polskiego
“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1
“Mozilla Firefox (3.6.13)” = Mozilla Firefox (3.6.13)
“Mozilla Thunderbird (2.0.0.14)” = Mozilla Thunderbird (2.0.0.14)
“Nero8Lite_is1” = Nero 8 Micro 8.3.2.1b
“Notepad++” = Notepad++
“NVIDIA Drivers” = NVIDIA Drivers
“PLAY ONLINE” = PLAY ONLINE
“PowerISO” = PowerISO
“RealAlt_is1” = Real Alternative 2.0.2
“ShellExtension” = FirmTools 2.0 build 313
“Tibia_is1” = Tibia
“Unlocker” = Unlocker 1.8.7
“VisualTaskTips” = Visual Task Tips 2.3
“Winamp” = Winamp 5.54 addon by jeetu
“Windows Media Format Runtime” = Windows Media Format 11 runtime
“Windows Media Player” = Windows Media Player 11
“WinRAR archiver” = Archiwizator WinRAR
“Wolfenstein - Enemy Territory” = Wolfenstein - Enemy Territory
“Your Uninstaller! 2008_is1” = Your Uninstaller! 2008 Version 6.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“uTorrent” = µTorrent
========== Last 10 Event Log Errors ==========
[Application Events]
Error - 2010-09-11 18:29:06 | Computer Name = ZŁOM | Source = .NET Runtime Optimization Service | ID = 1111
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service reached limit of transient errors. Will shut down. Last error returned
from Service Manager: 0x800736b1.
Error - 2010-09-22 18:42:10 | Computer Name = ZŁOM | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 2010-10-04 14:41:05 | Computer Name = ZŁOM | Source = Google Update | ID = 20
Description =
[System Events]
Error - 2011-01-26 04:10:22 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-01-26 05:25:25 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-01-27 08:46:23 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-01-29 12:34:25 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-01-31 13:20:37 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-02-01 23:28:15 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-02-04 23:50:11 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-02-04 23:50:31 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-02-06 04:54:53 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-02-06 06:42:24 | Computer Name = ZŁOM | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
Prosze o pomoc
Sanchez(zajeli mi nick i tak juz wszedzie…)