LOG z OTL problemy z internetem i kompem


(Biblek777) #1

Witam serdecznie,

mam problemy z działaniem komputera i internetem odkąd zainstalowałem program Gameztar.

Wyświetlają mi się niechciane strony i komputer dziwnie się zachowuje. Skanowałem dysk antywirusem nod32 i nic.

Daję loga z OTL i proszę o sprawdzenie go pod kontem wirusów, oraz proszę o pousuwanie niepotrzebnych procesów, plików etc. Nie potrafię sprawdzać logów i będę wdzięczny za pomoc. Jeśli będzie potrzeba prześle dodatkowe logi.

LOG: http://wklejto.pl/49054


(deFco247) #2

Nie trzeba było instalować tego syfu.

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.

Dodatkowo pokaz log System Repair Engineer

Smart Scan -> klikasz Scan.

Po skanie klikasz w okienku Save Reports i wklejasz zawartość powstałego logu.


(Biblek777) #3
2009-12-03,19:15:58


System Repair Engineer 2.8.1.1279

Smallfrogs (http://www.KZTechs.com)


Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed


Follow item(s) have been selected:

    All Boot Items (Including Registry, Startup Folders, Services and so on)

    Browser Add-ons

    Running Processes (Including process model information)

    File Associations

    Winsock Provider

    Autorun.Inf

    HOSTS File

    Process Privileges Scan

    Scheduled Tasks

    Windows Security Update Check

    API HOOK

    Hidden Process



Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  [(Verified)Microsoft Windows Publisher]
<"C:\Program Files\Ares\Ares.exe" -h> [Ares Development Group]
<"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020> [File is missing]
<"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun> [(Verified)DAEMON Tools Code Signing Services]
<"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"> [(Verified)Google Inc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  []
  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  [File is missing]
  [File is missing]
  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<"C:\Program Files\Winamp\winampa.exe"> [File is missing]
<"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset]
  [(Verified)Nero AG]
<"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"> [(Verified)Nero AG]
<"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript> [(Verified)Malwarebytes Corporation]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [Microsoft Corporation]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
  [(Verified)Microsoft Windows]
  [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]

    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
  [(Verified)Microsoft Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{93DFE5BA-5656-4BCA-A48F-7E4C9BD63BF5}]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_CURRENT_USER\Control Panel\Desktop]
  [(Verified)Microsoft Windows Publisher]


==================================

Startup Folders

[RocketDock]
 C:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [N/A]>


==================================

Services

[Google Software Updater / gusvc][Stopped/Manual Start]

  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe">

[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]

  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf">

[Nero BackItUp Scheduler 3 / Nero BackItUp Scheduler 3][Running/Auto Start]


[NMIndexingService / NMIndexingService][Running/Manual Start]

  <"C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe">

[NOD32 Kernel Service / NOD32krn][Running/Auto Start]

  <"C:\Program Files\Eset\nod32krn.exe">

[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]



==================================

Drivers

[Sterownik procesora AMD / AmdK8][Running/System Start]


[AMON / AMON][Running/Auto Start]

  <\SystemRoot\system32\drivers\amon.sys>

[gdrv / gdrv][Stopped/Manual Start]

  <\??\C:\WINDOWS\gdrv.sys>

[giveio / giveio][Running/Boot Start]

  <\SystemRoot\system32\giveio.sys>

[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]


[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]


[nod32drv / nod32drv][Running/System Start]

  <\SystemRoot\system32\drivers\nod32drv.sys>

[nv / nv][Running/Manual Start]


[nvata / nvata][Running/Boot Start]

  <\SystemRoot\system32\DRIVERS\nvata.sys>

[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]


[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]


[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]


[PxHelp20 / PxHelp20][Running/Boot Start]

  <\SystemRoot\System32\Drivers\PxHelp20.sys>

[Secdrv / Secdrv][Stopped/Manual Start]


[speedfan / speedfan][Running/Boot Start]

  <\SystemRoot\system32\speedfan.sys>

[sptd / sptd][Running/Boot Start]

  <\SystemRoot\System32\Drivers\sptd.sys>


==================================

Browser Add-ons

[Yahoo! Companion BHO]

  {02478D38-C3F9-4efb-9B51-7695ECA05670} 

[Adobe PDF Link Helper]

  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} 

[Google Toolbar Helper]

  {AA58ED58-01DD-4d91-8333-CF10577473F7} 

[Google Toolbar Notifier BHO]

  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} 

[Google Dictionary Compression sdch]

  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} 

[Java(tm) Plug-In 2 SSV Helper]

  {DBC80044-A445-435b-BC74-9C25C1C588A9} 

[JQSIEStartDetectorImpl Class]

  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} 

[&Badanie]

  {92780B25-18CC-41C8-B9BE-3C9C571A8263} 

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} 

[&Yahoo! Companion]

  {EF99BD32-C1FB-11D2-892F-0090271D4F88} 

[Google Toolbar]

  {2318C2B1-4965-11d4-9B18-009027A5CD4F} 

[Java Plug-in 1.6.0_15]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} 

[Java Plug-in 1.6.0_15]

  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} 

[Java Plug-in 1.6.0_15]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 

[Yahoo! Companion BHO]

  {02478D38-C3F9-4EFB-9B51-7695ECA05670} 

[Adobe PDF Link Helper]

  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} 

[Google Toolbar]

  {2318C2B1-4965-11D4-9B18-009027A5CD4F} 

[HTML Document]

  {25336920-03F9-11CF-8FD0-00AA00686F13} 

[XML DOM Document]

  {2933BF90-7B36-11D2-B20E-00C04F983E60} 

[Microsoft Shell UI Helper]

  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} 

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} 

[Active Desktop Mover]

  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>

[Microsoft Web Browser]

  {8856F961-340A-11D0-A96B-00C04FD705A2} 

[]

  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >

[]

  {9CB65201-89C4-402C-BA80-02D8C59F9B1D} <, >

[]

  {9CB65206-89C4-402C-BA80-02D8C59F9B1D} <, >

[Google Toolbar Helper]

  {AA58ED58-01DD-4D91-8333-CF10577473F7} 

[Google Toolbar Notifier BHO]

  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} 

[SearchAssistantOC]

  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>

[Google Dictionary Compression sdch]

  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} 

[Microsoft Url Search Hook]

  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} 

[RealPlayer G2 Control]

  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[Java(tm) Plug-In 2 SSV Helper]

  {DBC80044-A445-435B-BC74-9C25C1C588A9} 

[Google Find Bar]

  {E16DC1FE-7C34-43F2-B754-F3AD12DDF97C} 

[JQSIEStartDetectorImpl Class]

  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} 

[XML HTTP Request]

  {ED8C108E-4349-11D2-91A4-00C04F7969E8} 

[&Yahoo! Companion]

  {EF99BD32-C1FB-11D2-892F-0090271D4F88} 

[XML HTTP 3.0]

  {F5078F35-C551-11D3-89B9-0000F81FE221} 

[XML DOM Document]

  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} 

[XML HTTP]

  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} 

[]

  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >

[]

  {FE063DB1-4EC0-403E-8DD8-394C54984B2C} <, >

[]

  {FE063DB9-4EC0-403E-8DD8-394C54984B2C} <, >

[E&ksport do programu Microsoft Excel]



==================================

Running Processes

[PID][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [c] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [c] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

[PID][C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Nero AG, 3, 1, 0, 8]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Adobe Systems, Inc., 9.0.0.2008061100]

    [C] [Adobe Systems, Inc., 9.0.0.0]

    [C] [Alexander Roshal, 3.80]

    [C] [Nero AG, 3, 2, 3, 0]

    [C] [Nero AG, 3, 2, 3, 0]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [N/A,]

    [C] [Malwarebytes Corporation, 1, 2, 0, 0]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Sun Microsystems, Inc., 6.0.150.3]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

[PID][C] [Microsoft Corporation, 7.00.9466]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Nero AG, 3, 2, 3, 0]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Nero AG, 3, 2, 3, 0]

    [C] [Nero AG, 8.2.4.1]

    [C] [Nero AG, 3, 2, 3, 0]

    [C] [Nero AG, 3, 2, 3, 0]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [NVIDIA Corporation, 6.14.10.9163]

    [C] [N/A,]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [NVIDIA Corporation, 6.14.10.9163]

    [C] [N/A,]

    [C] [NVIDIA Corporation, 6.14.10.9163]

[PID][C] [Realtek Semiconductor Corp., 2.1.2.0]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

[PID][C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [N/A,]

[PID][C] [, 1, 0, 0, 1]

    [C] [N/A,]

    [C] [N/A,]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

[PID][C] [, 2.3]

    [C] [N/A,]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

[PID][C] [Sun Microsystems, Inc., 6.0.150.3]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Ares Development Group, 2.1.1.3035]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 7.00.9466]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

[PID][C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 3.2.5.0]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 1, 0, 1, 0]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 3.2.5.0]

    [C] [N/A,]

    [C] [Nero AG, 3.2.5.0]

[PID][C] [DT Soft Ltd, 4.30.4.0027]

    [C] [DT Soft Ltd, 4.30.4.0027]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [DT Soft Ltd, 4.30.4.0027]

    [C] [DT Soft Ltd., 1.17.0.0]

[PID][C] [Google Inc., 4, 1, 509, 1944]

    [C] [Google Inc., 5, 4, 4525, 1752]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Google Inc., 5, 4, 4525, 1752]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

[PID][C] [Nero AG, 3.2.5.0]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 8.00.50727.762]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 1, 0, 1, 0]

    [C] [Nero AG, 3.2.5.0]

    [C] [Nero AG, 3.2.5.0]

[PID][C] [N/A,]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

[PID][C] [(Verified) Microsoft Corporation, 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Mozilla Corporation, 1.9.1.5]

    [C] [Mozilla Foundation, 1.9.1.5]

    [C] [sqlite.org, 3.6.16]

    [C] [Mozilla Foundation, 8.00.0000]

    [C] [Netscape Communications Corporation, 4.0]

    [C] [Mozilla Foundation, 4.8.2]

    [C] [Mozilla Foundation, 3.12.4.5 Basic ECC]

    [C] [Mozilla Foundation, 3.12.4.5 Basic ECC]

    [C] [Mozilla Foundation, 3.12.4.5]

    [C] [Mozilla Foundation, 4.8.2]

    [C] [Mozilla Foundation, 4.8.2]

    [C] [Mozilla Foundation, 3.12.4.5 Basic ECC]

    [C] [Mozilla Foundation, 1.9.1.5]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

    [C] [Mozilla Foundation, 1.9.1.5]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Mozilla Foundation, 1.9.1.5]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Mozilla Foundation, 3.12.4.5 Basic ECC]

    [C] [Mozilla Foundation, 3.12.4.5 Basic ECC]

    [C] [Mozilla Foundation, 3.12.4.5 Basic ECC]

    [C] [Mozilla Foundation, 1.75]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [,]

[PID][C] [OldTimer Tools, 3.1.11.4]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Smallfrogs Studio, 2.8.1.1279]

[PID][C] [Smallfrogs Studio, 2.8.1.1279]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

    [C] [Smallfrogs Studio, 2, 1, 0, 15]

    [C] [Eset , 2, 70, 39]

    [C] [N/A,]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]


==================================

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE OK. ["%1" %*]

.COM OK. ["%1" %*]

.PIF OK. ["%1" %*]

.REG OK. [regedit.exe "%1"]

.BAT OK. ["%1" %*]

.SCR OK. ["%1" /S]

.CHM OK. ["C:\WINDOWS\hh.exe" %1]

.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK OK. [{00021401-0000-0000-C000-000000000046}]


==================================

Winsock Provider

NOD32 protected [MSAFD Tcpip [TCP/IP]]

    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

NOD32 protected [MSAFD Tcpip [UDP/IP]]

    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

NOD32 protected [MSAFD Tcpip [RAW/IP]]

    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

NOD32 protected [RSVP UDP Service Provider]

    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

NOD32 protected [RSVP TCP Service Provider]

    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

NOD32

    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)


==================================

Autorun.Inf

N/A


==================================

HOSTS File

127.0.0.1 localhost


==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1548, C:\WINDOWS\EXPLORER.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 340, C:\WINDOWS\NOTEPAD.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1540, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1420, C:\PROGRAM FILES\MULTIMEDIA COMBO SET DRIVER\PS2USBKBDDRV.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2096, C:\PROGRAM FILES\MULTIMEDIA COMBO SET DRIVER\MOUSEDRV.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2264, C:\PROGRAM FILES\ARES\ARES.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2504, C:\WINDOWS\BRICOPACKS\VISTA INSPIRAT 2\ROCKETDOCK\ROCKETDOCK.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2948, C:\DOCUMENTS AND SETTINGS\PIOTREK\MOJE DOKUMENTY\POBIERANIE\OTL.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3712, C:\DOCUMENTS AND SETTINGS\PIOTREK\MOJE DOKUMENTY\POBIERANIE\SRENG2\SRENGLDR.EXE]


==================================

Scheduled Tasks

[Enabled] WGASetup.job

        C:\WINDOWS\system32\KB905474\wgasetup.exe 


==================================

Windows Security Update Check

 Platforma Microsoft .NET Framework w wersji 1.1, język polski 

KB934268, Aktualizacja dla programu Microsoft Core XML Services (MSXML) 6.0 z dodatkiem Service Pack 1 (KB934268) 

KB892130, Narzędzie sprawdzania autentyczności Dodatki dla Oryginalnego Systemu Windows (KB892130) 

KB925850, Program Windows Media Player 11 

KB940157, Usługa wyszukiwania systemu Windows 4.0 dla systemu Windows XP (KB940157) 

KB902344, Aktualizacja dla odtwarzaczy multimedialnych obsługujących platformę WMDRM (KB902344) 

KB909520, Pakiet Podstawowy dostawca usług kryptograficznych dla kart inteligentnych firmy Microsoft: x86 (KB909520) 

KB936929, Dodatek Service Pack 3 dla systemu Windows XP (KB936929) 

KB951847, Dodatek Service Pack 1 dla programu Microsoft .NET Framework 3.5 i aktualizacja rodziny produktów .NET Framework 3.5 (KB951847): procesory x86 

KB975364, Aktualizacja listy widoku zgodności programu Internet Explorer 8 dla systemu Windows XP (KB975364) 

KB890830, Narzędzie Windows do usuwania złośliwego oprogramowania — listopad 2009 (KB890830) 

KB931125, Aktualizacja certyfikatów głównych (KB931125) [listopad 2009] 


==================================

API HOOK

N/A


==================================

Hidden Process

N/A


==================================

-- Dodane 03.12.2009 (Cz) 19:20 --

dodatkowy problem mam. Pulpit zablokowany i nie mogę na nim nic wykonać


(deFco247) #4

Zawartość logów wklejasz na wklej.to, a w poście dajesz link.

Uruchom SREng -> System Repair -> zakładka Browser Addons -> odszukaj i usuń:

Próbowałeś restart zabić i uruchomić proces explorer.exe w Menadżerze Zadań?


(Biblek777) #5

usunąłem to co mi mówiłeś. no próbowałem i działa normalnie. tylko pulpit dalej zablokowany

-- Dodane 03.12.2009 (Cz) 20:12 --

dostać się mogę do wszystkich plików tylko muszę to robić w inny sposób. bezpośrednio przez pulpit nie mogę bo nic na nim nie ma i nie moge nic z tym zrobić a przynajmniej nie umiem

-- Dodane 03.12.2009 (Cz) 20:28 --

http://wklej.to/QSHL

tu jest obecny log

-- Dodane 03.12.2009 (Cz) 20:44 --

dzięki za pomoc! !!


(deFco247) #6

A rozwiązanie było takie proste... Heh... :stuck_out_tongue:

W OTL kliknij CleanUp.

Wykonaj pełny skan Malwarebytes' Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport po usuwaniu.

Wyczyść rejestr i dysk CCleaner oraz wyłącz nim zbędniki z autostartu (Narzędzia -> Autostart).


(Biblek777) #7

http://wklejto.pl/49084

ten skan wykonywałem już wcześniej teraz wykonam pelny skan bo może coś tam sie jeszcze chowa.

czasem najprostsze rozwiązania przychodzą najtrudniej :smiley:

-- Dodane 03.12.2009 (Cz) 23:08 --

http://wklejto.pl/49089

tu jest pełny skan

dzięki jeszcze raz! !!