Komputer spowolnił

Trolek16 · 22 Kwiecień 2011 16:01

Witam! Od pewnego czasu zamula mi mój laptop jest to dziwne bo nigdy tak nie było…

Podejrzewam że mogą to być jakieś wirusy nie posiadam obecnie żadnego anty wirusa a podczas ściągania plików raczej nic nie załapałem.

Co z tym zrobić ? Wykonać skanowanie czymś i wkleić logi?

Z Góry dziękuje!

golden_finger · 22 Kwiecień 2011 17:50

Trolek16 , Zmień tytuł, by był związany z problemem, korzystając z przycisku EDYTUJ.

Zapoznaj się z TYMI informacjami.

Trolek16 · 23 Kwiecień 2011 07:46

No to zastosowałem się do Twoich poleceń…

Avasta mam - zeskanowałem nim cały system

Malware mam - zrobiłem to samo

Potem OTL’em skanowałem i o to logi: http://wklej.org/id/517575/

Trolek16 · 23 Kwiecień 2011 09:26

Tak. W Avaście wykazało bardzo dużo sality. Około 8 nie dało rady usunąć.

w Malware było 3 wirusy nie pamiętam już jakie ale usunęło

A logi coś wykazały?

Trolek16 · 23 Kwiecień 2011 21:35

Kasperskym też już skanowałem i nic nie wykryło

Teraz poczekać tylko aż ktoś logi sprawdzi

Wrzucam logi ponownie po skanowaniu Kapserskym Avastem i Malware : http://wklej.org/id/518032/

dawidooo · 17 Maj 2011 15:15

witam.czy ktos pomoze mi odczytac moje logi?z gory dzieki http://wklej.org/id/531095/

Acorus · 17 Maj 2011 16:03

Dawidooo-Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL FF - prefs.js…browser.search.defaultenginename: “Web Search…” FF - prefs.js…browser.search.defaultthis.engineName: “Utubebario Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}” FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js…extensions.enabledItems: vshare@toolbar:1.0.0 [2011-03-24 21:24:37 | 000,000,000 | —D | M] (Conduit Engine) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions\engine@conduit.com [2010-11-29 23:06:58 | 000,000,000 | —D | M] (vShare) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions\vshare@toolbar [2010-09-20 14:13:32 | 000,000,923 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\t5ytsp1j.default\searchplugins\conduit.xml [2010-11-29 23:07:11 | 000,001,583 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\t5ytsp1j.default\searchplugins\web-search.xml [2009-07-09 19:35:17 | 000,001,201 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\t5ytsp1j.default\searchplugins\winamp-search.xml O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. MsConfig - StartUpReg: PLFSet - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found [2010-08-04 21:37:46 | 000,000,000 | -HSD | M] – C:\Users\Wiolka i Dawid\AppData\Roaming.# :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]

Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

spandaupol · 17 Maj 2011 16:08

No rozumie że Avast jest stary ale dlaczego go usuwasz w ten sposób? To jakieś chyba przeoczenie

Acorus · 17 Maj 2011 16:20

Przepraszam-to pomyłka.Log zedytowany.

dawidooo · 20 Maj 2011 14:04

oto moje raporty

All processes killed

Error: Unable to interpret in the current context!

Error: Unable to interpret http://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}"> in the current context!

Error: Unable to interpret engine@conduit.com:3.3.3.2> in the current context!

Error: Unable to interpret in the current context!

Error: Unable to interpret <[2011-03-24 21:24:37 | 000,000,000 | —D | M] (Conduit Engine) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions\engine@conduit.com> in the current context!

Error: Unable to interpret <[2010-11-29 23:06:58 | 000,000,000 | —D | M] (vShare) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions\vshare@toolbar> in the current context!

Error: Unable to interpret <[2010-09-20 14:13:32 | 000,000,923 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\t5ytsp1j.default\searchplugins\conduit.xml> in the current context!

Error: Unable to interpret <[2010-11-29 23:07:11 | 000,001,583 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\t5ytsp1j.default\searchplugins\web-search.xml> in the current context!

Error: Unable to interpret <[2009-07-09 19:35:17 | 000,001,201 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\t5ytsp1j.default\searchplugins\winamp-search.xml> in the current context!

Error: Unable to interpret in the current context!

Error: Unable to interpret <[2010-08-04 21:37:46 | 000,000,000 | -HSD | M] – C:\Users\Wiolka i Dawid\AppData\Roaming.#> in the current context!

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Wiolka i Dawid

->Temp folder emptied: 21127218 bytes

->Temporary Internet Files folder emptied: 26775293 bytes

->Java cache emptied: 42393336 bytes

->FireFox cache emptied: 190495943 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 28030 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4036 bytes

RecycleBin emptied: 55055587 bytes

Total Files Cleaned = 320,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_152720

Files\Folders moved on Reboot…

File move failed. C:\Windows\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot…

oraz otl

OTL logfile created on: 2011-05-20 15:36:57 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Wiolka i Dawid\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 021,00 Mb Total Physical Memory | 345,00 Mb Available Physical Memory | 34,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,77 Gb Total Space | 29,84 Gb Free Space | 42,76% Space Free | Partition Type: NTFS

Drive D: | 69,52 Gb Total Space | 27,49 Gb Free Space | 39,55% Space Free | Partition Type: NTFS

Computer Name: WIOLKAIDAWID-PC | User Name: Wiolka i Dawid | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-05-17 16:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) – C:\Users\Wiolka i Dawid\Desktop\OTL.exe

PRC - [2011-05-08 17:37:35 | 000,924,632 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe

PRC - [2009-02-05 22:08:45 | 000,081,000 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-02-05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-02-05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011-05-17 16:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) – C:\Users\Wiolka i Dawid\Desktop\OTL.exe

MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) – C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-09-23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] – C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe – (Nero BackItUp Scheduler 4.0)

SRV - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast4\ashServ.exe – (avast! Antivirus)

SRV - [2009-02-05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe – (avast! Mail Scanner)

SRV - [2009-02-05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe – (avast! Web Scanner)

SRV - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv)

SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)

SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe – (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2009-08-25 08:56:08 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] – C:\Windows\System32\Drivers\sptd.sys – (sptd)

DRV - [2009-07-01 15:57:17 | 003,155,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\atikmdag.sys – (atikmdag)

DRV - [2009-07-01 15:16:08 | 000,156,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\Apfiltr.sys – (ApfiltrService)

DRV - [2009-02-05 22:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswSP.sys – (aswSP)

DRV - [2009-02-05 22:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswFsBlk.sys – (aswFsBlk)

DRV - [2009-02-05 22:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswMonFlt.sys – (aswMonFlt)

DRV - [2009-02-05 22:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswTdi.sys – (aswTdi)

DRV - [2009-02-05 22:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswRdr.sys – (aswRdr)

DRV - [2008-12-18 10:13:18 | 000,025,680 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | System | Running] – C:\Windows\System32\drivers\eusk2par.sys – (eusk2par)

DRV - [2008-07-10 16:29:58 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ewusbmdm.sys – (hwdatacard)

DRV - [2008-01-21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\NETw3v32.sys – (NETw3v32)

DRV - [2007-02-07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\snp2uvc.sys – (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2006-11-14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] – C:\Windows\System32\drivers\rixdptsk.sys – (rismxdp)

DRV - [2005-12-22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\rimsptsk.sys – (rimsptsk)

DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\rimmptsk.sys – (rimmptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start24.pl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pl.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 0D 65 6C 46 FA C9 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = http=127.0.0.1:25403

========== FireFox ==========

FF - prefs.js…browser.search.defaultenginename: “Web Search…”

FF - prefs.js…browser.search.defaultthis.engineName: “Utubebario Customized Web Search”

FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}”

FF - prefs.js…browser.search.useDBForOrder: true

FF - prefs.js…browser.startup.homepage: “http://start24.pl/”

FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js…extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0

FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js…extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js…extensions.enabledItems: {58beca16-cae6-4b7a-a0e8-153d0cbba63a}:3.3.3.2

FF - prefs.js…extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js…keyword.URL: “chrome://browser-region/locale/region.properties”

FF - prefs.js…network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\Components: C:\Program Files\Mozilla Firefox\components [2011-05-08 17:37:43 | 000,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-08 17:37:43 | 000,000,000 | —D | M]

[2009-07-02 15:25:21 | 000,000,000 | —D | M] (No name found) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Extensions

[2011-05-15 10:43:02 | 000,000,000 | —D | M] (No name found) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions

[2010-04-27 18:33:44 | 000,000,000 | —D | M] (Microsoft .NET Framework Assistant) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions{20a82645-c095-46ed-80e3-08825760534b}

[2011-03-24 21:24:34 | 000,000,000 | —D | M] (MovieBario Community Toolbar) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions{58beca16-cae6-4b7a-a0e8-153d0cbba63a}

[2009-12-09 21:15:02 | 000,000,000 | —D | M] (IE Tab) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010-10-26 16:59:41 | 000,000,000 | —D | M] (20-20 3D Viewer) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions\2020Player@2020Technologies.com

[2011-03-24 21:24:37 | 000,000,000 | —D | M] (Conduit Engine) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions\engine@conduit.com

[2010-11-29 23:06:58 | 000,000,000 | —D | M] (vShare) – C:\Users\Wiolka i Dawid\AppData\Roaming\mozilla\Firefox\Profiles\t5ytsp1j.default\extensions\vshare@toolbar

[2010-09-20 14:13:32 | 000,000,923 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\t5ytsp1j.default\searchplugins\conduit.xml

[2010-11-29 23:07:11 | 000,001,583 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\t5ytsp1j.default\searchplugins\web-search.xml

[2009-07-09 19:35:17 | 000,001,201 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\t5ytsp1j.default\searchplugins\winamp-search.xml

[2010-06-22 21:38:49 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions

[2010-06-22 21:38:49 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

File not found (No name found) –

() (No name found) – C:\USERS\WIOLKA I DAWID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5YTSP1J.DEFAULT\EXTENSIONS{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011-05-08 17:37:34 | 000,142,296 | ---- | M] (Mozilla Foundation) – C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007-02-12 21:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) – C:\Program Files\Mozilla Firefox\plugins\npigl.dll

[2011-05-08 17:37:38 | 000,002,767 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2011-05-08 17:37:38 | 000,001,406 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2011-05-08 17:37:38 | 000,000,917 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2011-05-08 17:37:38 | 000,000,858 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2011-05-08 17:37:38 | 000,001,183 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2011-05-08 17:37:38 | 000,001,683 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

Hosts file not found

O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.

O3 - HKLM…\Toolbar: (no name) - - No CLSID value found.

O3 - HKCU…\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM…\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware (reboot)] D:\programy\Malwarebytes’ Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU…\RunOnce: [shockwave Updater] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1

O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra ‘Tools’ menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - Reg Error: Key error. File not found

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra ‘Tools’ menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Wiolka i Dawid\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Wiolka i Dawid\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat – [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2011-05-20 15:27:20 | 000,000,000 | —D | C] – C:_OTL

[2011-05-17 16:29:35 | 000,580,608 | ---- | C] (OldTimer Tools) – C:\Users\Wiolka i Dawid\Desktop\OTL.exe

[2011-05-17 16:28:38 | 000,000,000 | —D | C] – C:\Users\Wiolka i Dawid\AppData\Roaming\Malwarebytes

[2011-05-17 16:28:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbamswissarmy.sys

[2011-05-17 16:28:25 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware

[2011-05-17 16:28:24 | 000,000,000 | —D | C] – C:\ProgramData\Malwarebytes

[2011-05-17 16:28:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbam.sys

[2011-05-05 18:37:23 | 000,043,968 | ---- | C] (Eutron) – C:\Windows\System32\drivers\eusk3usb.sys

[2011-05-05 18:37:23 | 000,000,000 | —D | C] – C:\Users\Wiolka i Dawid{00c5f5a1-c07a-4c95-bcdd-c24195b0c206}

[2011-05-05 18:37:21 | 000,025,680 | ---- | C] (Aladdin Knowledge Systems Ltd.) – C:\Windows\System32\drivers\eusk2par.sys

[2011-04-28 06:26:59 | 000,028,672 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\Apphlpdm.dll

[2011-04-28 06:26:57 | 004,240,384 | ---- | C] (Microsoft) – C:\Windows\System32\GameUXLegacyGDFs.dll

[2011-04-28 06:26:50 | 000,876,032 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\XpsPrint.dll

[2009-11-06 00:53:12 | 000,047,360 | ---- | C] (VSO Software) – C:\Users\Wiolka i Dawid\AppData\Roaming\pcouffin.sys

[2009-07-03 21:25:04 | 000,045,056 | ---- | C] ( ) – C:\Windows\PLFSet.dll

[2009-07-03 21:25:03 | 000,172,032 | ---- | C] ( ) – C:\Windows\System32\rsnp2uvc.dll

[2009-07-03 21:25:03 | 000,053,248 | ---- | C] ( ) – C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011-05-20 15:31:15 | 000,004,112 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011-05-20 15:31:15 | 000,004,112 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011-05-20 15:31:02 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat

[2011-05-20 15:30:57 | 1071,661,056 | -HS- | M] () – C:\hiberfil.sys

[2011-05-20 15:29:41 | 000,000,012 | ---- | M] () – C:\Windows\bthservsdp.dat

[2011-05-18 22:22:13 | 000,000,136 | ---- | M] () – C:\Users\Wiolka i Dawid\Desktop\YouTube - Chase and Status ft. Delilah - Time (Official Music) + Free Download.URL

[2011-05-17 16:29:35 | 000,580,608 | ---- | M] (OldTimer Tools) – C:\Users\Wiolka i Dawid\Desktop\OTL.exe

[2011-05-17 16:28:25 | 000,000,683 | ---- | M] () – C:\Users\Public\Desktop\Malwarebytes’ Anti-Malware.lnk

[2011-05-15 10:44:38 | 000,016,552 | ---- | M] () – C:\Users\Wiolka i Dawid\Documents\cc_20110515_104434.reg

[2011-05-06 17:12:40 | 000,672,140 | ---- | M] () – C:\Windows\System32\perfh015.dat

[2011-05-06 17:12:40 | 000,595,996 | ---- | M] () – C:\Windows\System32\perfh009.dat

[2011-05-06 17:12:40 | 000,130,516 | ---- | M] () – C:\Windows\System32\perfc015.dat

[2011-05-06 17:12:40 | 000,104,070 | ---- | M] () – C:\Windows\System32\perfc009.dat

[2011-05-05 13:49:59 | 000,085,504 | ---- | M] () – C:\Users\Wiolka i Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-04-27 17:07:51 | 000,001,847 | ---- | M] () – C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011-05-17 22:28:04 | 000,000,136 | ---- | C] () – C:\Users\Wiolka i Dawid\Desktop\YouTube - Chase and Status ft. Delilah - Time (Official Music) + Free Download.URL

[2011-05-17 16:28:25 | 000,000,683 | ---- | C] () – C:\Users\Public\Desktop\Malwarebytes’ Anti-Malware.lnk

[2011-05-15 10:44:36 | 000,016,552 | ---- | C] () – C:\Users\Wiolka i Dawid\Documents\cc_20110515_104434.reg

[2011-05-08 17:37:45 | 000,000,818 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011-03-19 00:12:25 | 000,000,043 | ---- | C] () – C:\Windows\MezzmoMediaServer.INI

[2011-02-27 13:22:52 | 000,024,206 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Roaming\UserTile.png

[2010-10-24 18:09:06 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempJH3304.html

[2010-10-14 10:10:07 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempUU3888.html

[2010-10-14 10:10:07 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempHS3888.html

[2010-10-14 09:00:23 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempHUH828.html

[2010-10-13 17:56:43 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\Tempew1648.html

[2010-10-13 10:56:21 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempwT2764.html

[2010-10-13 10:56:21 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempRo2764.html

[2010-03-05 11:00:11 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\Tempcz1208.html

[2010-03-05 11:00:11 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempKk1208.html

[2010-03-05 01:08:05 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\Tempzt1316.html

[2010-03-05 01:08:05 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\Tempnu1316.html

[2010-03-05 00:41:59 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\Tempqdn908.html

[2010-03-05 00:41:59 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\Tempqeg908.html

[2010-03-04 22:14:39 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempGvV968.html

[2010-03-04 22:14:39 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempTcp968.html

[2010-03-04 22:12:26 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TemphZ1808.html

[2010-03-04 22:12:26 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\Tempbc1808.html

[2010-03-04 22:12:22 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempGY1808.html

[2010-03-04 22:12:22 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\Tempvj1808.html

[2010-03-04 20:07:30 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempqLi528.html

[2010-03-04 20:07:30 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempKnG528.html

[2010-03-04 19:26:39 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempDgU528.html

[2010-03-04 19:26:39 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TemptGH528.html

[2010-03-04 10:42:27 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempnMP916.html

[2010-03-04 10:42:27 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempHij916.html

[2010-03-04 09:13:49 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempTdq348.html

[2010-03-04 09:13:49 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempqXa348.html

[2010-03-03 23:42:44 | 000,002,089 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempkC1620.html

[2010-03-03 23:42:43 | 000,002,432 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\TempLr1620.html

[2009-11-23 15:31:46 | 000,165,376 | ---- | C] () – C:\Windows\System32\unrar.dll

[2009-11-23 15:31:45 | 000,000,038 | ---- | C] () – C:\Windows\avisplitter.ini

[2009-11-23 15:31:42 | 000,881,664 | ---- | C] () – C:\Windows\System32\xvidcore.dll

[2009-11-23 15:31:42 | 000,205,824 | ---- | C] () – C:\Windows\System32\xvidvfw.dll

[2009-11-23 15:31:41 | 000,085,504 | ---- | C] () – C:\Windows\System32\ff_vfw.dll

[2009-11-16 11:13:09 | 000,000,067 | ---- | C] () – C:\Windows#1 DVD Ripper.INI

[2009-11-07 14:07:50 | 000,000,217 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Roaming\default.rss

[2009-11-06 00:53:12 | 000,087,608 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Roaming\inst.exe

[2009-11-06 00:53:12 | 000,007,887 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Roaming\pcouffin.cat

[2009-11-06 00:53:12 | 000,001,144 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Roaming\pcouffin.inf

[2009-07-03 21:25:04 | 001,729,152 | ---- | C] () – C:\Windows\System32\drivers\snp2uvc.sys

[2009-07-02 22:32:54 | 000,000,056 | -H-- | C] () – C:\ProgramData\ezsidmv.dat

[2009-07-01 22:47:09 | 000,085,504 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-07-01 16:37:33 | 000,000,012 | ---- | C] () – C:\Windows\bthservsdp.dat

[2009-07-01 16:03:23 | 000,000,000 | ---- | C] () – C:\Windows\ativpsrm.bin

[2009-07-01 15:59:03 | 003,107,788 | ---- | C] () – C:\Windows\System32\atiumdva.dat

[2009-07-01 15:59:03 | 000,159,744 | ---- | C] () – C:\Windows\System32\atitmmxx.dll

[2009-07-01 15:59:02 | 000,154,206 | ---- | C] () – C:\Windows\System32\atiicdxx.dat

[2009-07-01 13:55:25 | 000,117,248 | ---- | C] () – C:\Windows\System32\EhStorAuthn.dll

[2009-07-01 13:55:25 | 000,107,612 | ---- | C] () – C:\Windows\System32\StructuredQuerySchema.bin

[2009-07-01 12:40:19 | 000,018,904 | ---- | C] () – C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009-07-01 11:28:25 | 000,000,680 | ---- | C] () – C:\Users\Wiolka i Dawid\AppData\Local\d3d9caps.dat

[2008-01-21 08:24:14 | 000,672,140 | ---- | C] () – C:\Windows\System32\perfh015.dat

[2008-01-21 08:24:14 | 000,332,832 | ---- | C] () – C:\Windows\System32\perfi015.dat

[2008-01-21 08:24:14 | 000,130,516 | ---- | C] () – C:\Windows\System32\perfc015.dat

[2008-01-21 08:24:14 | 000,037,468 | ---- | C] () – C:\Windows\System32\perfd015.dat

[2007-03-29 12:42:38 | 000,389,120 | ---- | C] () – C:\Windows\System32\btwhidcs.dll

[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () – C:\Windows\bootstat.dat

[2006-11-02 14:47:37 | 000,229,208 | ---- | C] () – C:\Windows\System32\FNTCACHE.DAT

[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () – C:\Windows\System32\sysprepMCE.dll

[2006-11-02 12:33:01 | 000,595,996 | ---- | C] () – C:\Windows\System32\perfh009.dat

[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () – C:\Windows\System32\perfi009.dat

[2006-11-02 12:33:01 | 000,104,070 | ---- | C] () – C:\Windows\System32\perfc009.dat

[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () – C:\Windows\System32\perfd009.dat

[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () – C:\Windows\System32\dssec.dat

[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () – C:\Windows\mib.bin

[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () – C:\Windows\System32\NOISE.DAT

[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () – C:\Windows\System32\pacerprf.ini

[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () – C:\Windows\System32\mlang.dat

[2005-05-06 19:06:00 | 000,016,480 | ---- | C] () – C:\Windows\System32\rixdicon.dll

[2001-11-14 13:56:00 | 001,802,240 | ---- | C] () – C:\Windows\System32\lcppn21.dll

[1997-06-18 00:00:00 | 001,672,976 | ---- | C] () – C:\Windows\System32\MSO97V.DLL

[1997-06-18 00:00:00 | 000,022,016 | ---- | C] () – C:\Windows\System32\DOCOBJ.DLL

[1997-06-18 00:00:00 | 000,016,384 | ---- | C] () – C:\Windows\System32\MSORFS.DLL

[1997-06-18 00:00:00 | 000,012,288 | ---- | C] () – C:\Windows\System32\HLINKPRX.DLL

< End of report >

– Dodane 20.05.2011 (Pt) 17:21 –

sorki ze umiescilem to na stronie

Acorus · 20 Maj 2011 15:46

Powtórz usuwanie.Nie wkleiłeś :OTL

dawidooo · 22 Maj 2011 09:19

oto raport otl http://wklej.org/id/533272/

Acorus · 22 Maj 2011 09:29

W porządku.W OTL użyj opcji Sprzątanie.Przeskanuj programem Dr.WEB CureIt http://www.dobreprogramy.pl/Dr.WEB-Cure … 12976.html

Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe

Aktualizacja Avasta.