Problem z kmj.exe i ogólną kondycją systemu [XP]

Dla specjalistów Bezpieczeństwo
#1

Witam,

mam problem z wirusem/robakiem kmj.exe oraz prawdopodobnie z innymi. Załączam logi z hijackthis oraz OTL. Ogarniętych proszę o pomoc.

OTL logfile created on: 2010-01-17 22:55:37 - Run 1

OTL logfile created on: 2010-01-17 22:55:37 - Run 1

OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Piotr\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


447,00 Mb Total Physical Memory | 79,00 Mb Available Physical Memory | 18,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18,68 Gb Total Space | 1,36 Gb Free Space | 7,26% Space Free | Partition Type: NTFS

Drive D: | 130,36 Gb Total Space | 3,41 Gb Free Space | 2,61% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: 5F27D83343B544B

Current User Name: Piotr

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-01-17 21:48:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotr\Pulpit\OTL.exe

PRC - [2009-12-23 20:18:18 | 02,642,168 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

PRC - [2009-12-03 16:45:48 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

PRC - [2009-11-25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-10-03 04:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

PRC - [2009-09-04 12:08:30 | 00,935,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2006-10-27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2006-01-11 17:23:34 | 15,961,088 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-01-17 22:55:11 | 00,093,184 | RHS- | M] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Temp\cvasds0.dll

MOD - [2010-01-17 21:48:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotr\Pulpit\OTL.exe

MOD - [2004-08-03 23:42:34 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-12-10 13:00:55 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-12-03 16:45:44 | 00,792,576 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3G700m.sys -- (S3G700)

DRV - [2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009-10-27 14:23:42 | 00,823,936 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8185.sys -- (rtl8185)

DRV - [2008-03-17 11:03:46 | 00,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2006-01-13 17:13:18 | 04,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004-07-17 10:36:38 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dziekanat.wip.pw.edu.pl/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-12-04 23:27:18 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins



O1 HOSTS File: ([2001-10-26 16:45:16 | 00,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)

O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Piotr\Ustawienia lokalne\Temp\herss.exe ()

O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation)

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKCU..\Run: [wsctf.exe] File not found

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.39.205 212.76.39.211

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Kawa.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Kawa.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-12-03 16:06:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2010-01-17 22:55:37 | 00,000,053 | RHS- | M] () - C:\autorun.inf -- [NTFS]

O32 - AutoRun File - [2010-01-17 22:55:37 | 00,000,053 | RHS- | M] () - D:\autorun.inf -- [NTFS]

O33 - MountPoints2\{154e499c-e10e-11de-8233-856d81f531c6}\Shell\AutoRun\command - "" = E:\npee.com -- File not found

O33 - MountPoints2\{154e499c-e10e-11de-8233-856d81f531c6}\Shell\open\Command - "" = E:\npee.com -- File not found

O33 - MountPoints2\{2f96cba0-fe3f-11de-82b4-001d0fb69d27}\Shell\AutoRun\command - "" = E:\kmj.exe -- File not found

O33 - MountPoints2\{2f96cba0-fe3f-11de-82b4-001d0fb69d27}\Shell\open\Command - "" = E:\kmj.exe -- File not found

O33 - MountPoints2\{4397a235-e01f-11de-8224-f0f4ddb47590}\Shell - "" = AutoRun

O33 - MountPoints2\{4397a235-e01f-11de-8224-f0f4ddb47590}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{4397a238-e01f-11de-8224-f0f4ddb47590}\Shell - "" = AutoRun

O33 - MountPoints2\{4397a238-e01f-11de-8224-f0f4ddb47590}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{4761e6de-039e-11df-82c6-001d0fb69d27}\Shell - "" = AutoRun

O33 - MountPoints2\{4761e6de-039e-11df-82c6-001d0fb69d27}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{4761e6df-039e-11df-82c6-001d0fb69d27}\Shell - "" = AutoRun

O33 - MountPoints2\{4761e6df-039e-11df-82c6-001d0fb69d27}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{4761e6e0-039e-11df-82c6-001d0fb69d27}\Shell\AutoRun\command - "" = 8xcrbho6.exe

O33 - MountPoints2\{4761e6e0-039e-11df-82c6-001d0fb69d27}\Shell\open\Command - "" = 8xcrbho6.exe

O33 - MountPoints2\{5f68df30-e418-11de-8245-8b40bd9bdf0e}\Shell\AutoRun\command - "" = E:\npee.com -- File not found

O33 - MountPoints2\{5f68df30-e418-11de-8245-8b40bd9bdf0e}\Shell\open\Command - "" = E:\npee.com -- File not found

O33 - MountPoints2\{9a9897d2-e376-11de-823f-9761211e07ef}\Shell - "" = AutoRun

O33 - MountPoints2\{9a9897d2-e376-11de-823f-9761211e07ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{bf871b24-fd73-11de-82b0-001d0fb69d27}\Shell\AutoRun\command - "" = e9naq.exe

O33 - MountPoints2\{bf871b24-fd73-11de-82b0-001d0fb69d27}\Shell\open\Command - "" = e9naq.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-01-17 22:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks

[2010-01-17 22:06:19 | 00,000,000 | ---D | C] -- C:\Veoh

[2010-01-17 22:05:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Piotr\Moje dokumenty\Moje wideo

[2010-01-17 21:48:32 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Piotr\Pulpit\OTL.exe

[2010-01-15 14:02:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\The.Tournament.2009.DVDRip.XviD-MoH.Napisy PL

[2010-01-15 12:54:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\GLINA

[2010-01-15 12:46:43 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Piotr\UserData

[2010-01-11 01:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\torrent

[2010-01-11 00:24:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\Zdjęcia

[2010-01-11 00:24:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\The.Simpsons.Movie[2007]DvDrip.AC3[Eng]-aXXo

[2010-01-11 00:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\Sylwester 2009

[2010-01-09 20:50:13 | 00,140,288 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM78.DLL

[2010-01-09 20:50:09 | 00,090,112 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMCP78.exe

[2010-01-09 20:50:06 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ

[2010-01-08 12:37:09 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity

[2010-01-06 20:13:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\Tlen.pl

[2010-01-06 20:13:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl

[2010-01-06 20:13:19 | 00,000,000 | ---D | C] -- C:\Program Files\Tlen.pl

[2010-01-06 20:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\PsiData

[2010-01-06 19:57:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2010-01-06 19:57:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\OpenFM

[2010-01-06 19:55:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\cache

[2010-01-06 19:50:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\Gadu-Gadu 10

[2009-12-21 18:45:03 | 00,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy

[2009-12-21 18:19:02 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2009-12-21 18:18:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\uTorrent

[2009-12-21 18:05:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009-12-21 11:02:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2009-12-21 11:02:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2009-12-21 11:02:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2009-12-21 11:01:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2009-12-21 08:01:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\Mechanik i budowa maszyn

[2009-12-21 06:49:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\Rozliczenia

[2009-12-20 22:01:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\Unwand

[2009-12-20 21:34:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\Into the Wild[2007]DvDrip[Eng]-FXG

[2009-12-20 01:35:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009-12-19 20:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Moje dokumenty\My Received Files

[2009-12-19 20:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Moje dokumenty\BearShare

[2009-12-19 20:12:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\BearShare

[2009-12-19 20:12:14 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx

[2009-12-19 20:12:09 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare Applications

[2009-12-03 16:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-12-03 16:09:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-12-03 16:06:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2009-12-03 16:06:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-01-17 22:56:27 | 00,000,053 | RHS- | M] () -- C:\autorun.inf

[2010-01-17 22:55:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-01-17 22:55:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-01-17 22:54:24 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Piotr\NTUSER.DAT

[2010-01-17 22:54:24 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Piotr\ntuser.ini

[2010-01-17 22:40:38 | 20,480,0000 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Glina.2x01.part1.rar

[2010-01-17 22:06:24 | 00,001,184 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Veoh.com.lnk

[2010-01-17 21:48:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotr\Pulpit\OTL.exe

[2010-01-16 16:45:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-01-15 14:14:26 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-01-15 11:11:04 | 00,116,736 | RHS- | M] () -- C:\kmj.exe

[2010-01-14 12:50:26 | 00,013,275 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Próbe Baumanna stosuje sie do ujawnienia rozmieszczenia siarki w wyrobach stalowych.docx

[2010-01-14 11:49:53 | 00,017,819 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Żeliwa i stale - ściąga 2.docx

[2010-01-13 16:26:39 | 00,017,453 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Żeliwa i stale - ściąga.docx

[2010-01-13 13:10:01 | 00,011,195 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\TABELA - sprawko z mametu.docx

[2010-01-09 21:24:24 | 03,685,771 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Lista.fpl

[2010-01-08 12:37:11 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Audacity.lnk

[2010-01-07 11:50:52 | 00,000,740 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-01-06 20:13:24 | 00,000,649 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Komunikator Tlen.pl.lnk

[2010-01-06 18:02:48 | 00,359,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys

[2009-12-21 18:45:03 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\xp-AntiSpy.lnk

[2009-12-21 18:19:02 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk

[2009-12-21 18:05:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\HijackThis.lnk

[2009-12-21 11:42:14 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-12-21 06:15:53 | 06,375,932 | -H-- | M] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-12-19 20:12:25 | 00,000,915 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\BearShare.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-01-17 22:06:24 | 00,001,184 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Veoh.com.lnk

[2010-01-17 21:51:12 | 20,480,0000 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Glina.2x01.part1.rar

[2010-01-17 20:07:29 | 00,116,736 | RHS- | C] () -- C:\kmj.exe

[2010-01-14 12:50:26 | 00,013,275 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Próbe Baumanna stosuje sie do ujawnienia rozmieszczenia siarki w wyrobach stalowych.docx

[2010-01-14 11:23:43 | 00,017,819 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Żeliwa i stale - ściąga 2.docx

[2010-01-13 15:57:19 | 00,017,453 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Żeliwa i stale - ściąga.docx

[2010-01-13 13:10:01 | 00,011,195 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\TABELA - sprawko z mametu.docx

[2010-01-11 00:24:23 | 00,000,053 | RHS- | C] () -- C:\autorun.inf

[2010-01-09 20:50:13 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL

[2010-01-08 12:37:11 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Audacity.lnk

[2010-01-06 20:13:24 | 00,000,649 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Komunikator Tlen.pl.lnk

[2009-12-21 18:45:03 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\xp-AntiSpy.lnk

[2009-12-21 18:19:02 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk

[2009-12-21 18:05:35 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\HijackThis.lnk

[2009-12-19 20:12:48 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\Piotr\Dane aplikacji\Smiley.ico

[2009-12-19 20:12:25 | 00,000,915 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\BearShare.lnk

[2009-12-13 21:16:39 | 00,000,090 | ---- | C] () -- C:\WINDOWS\WA.INI

[2009-12-10 13:00:54 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-12-03 21:40:29 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009-12-03 16:20:01 | 00,062,976 | ---- | C] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005-10-15 12:15:20 | 01,979,392 | ---- | C] () -- C:\WINDOWS\System32\s3gcil_csr.dll

[2005-10-15 12:15:18 | 02,796,544 | ---- | C] () -- C:\WINDOWS\System32\s3gcil_inv.dll

[2004-08-03 23:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004-07-17 10:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

< End of report >

OTL Extras logfile created on: 2010-01-17 22:55:37 - Run 1

OTL Extras logfile created on: 2010-01-17 22:55:37 - Run 1

OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Piotr\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


447,00 Mb Total Physical Memory | 79,00 Mb Available Physical Memory | 18,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18,68 Gb Total Space | 1,36 Gb Free Space | 7,26% Space Free | Partition Type: NTFS

Drive D: | 130,36 Gb Total Space | 3,41 Gb Free Space | 2,61% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: 5F27D83343B544B

Current User Name: Piotr

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"23320:TCP" = 23320:TCP:*:Enabled:BitComet 23320 TCP

"23320:UDP" = 23320:UDP:*:Enabled:BitComet 23320 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- File not found

"C:\Program Files\Psi\Psi.exe" = C:\Program Files\Psi\Psi.exe:*:Enabled:Psi -- File not found

"C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl -- (o2.pl Sp. z o.o.)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audacity_is1" = Audacity 1.2.6

"avast!" = avast! Antivirus

"BearShare" = BearShare

"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01

"foobar2000" = foobar2000 v0.9.6.9

"GOM Player" = GOM Player

"HijackThis" = HijackThis 2.0.2

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)

"NapiProjekt_is1" = NapiProjekt 1.0.6.7

"PLAY ONLINE" = PLAY ONLINE

"RealAlt_is1" = Real Alternative 2.0.1 Lite

"Tlen.pl" = Tlen.pl

"uTorrent" = µTorrent

"Veoh Web Player Beta" = Veoh Web Player

"VIA/S3G DeltaChrome IGP Win2K/XP/Server2003 Display" = VIA/S3G Display Driver

"WinRAR archiver" = Archiwizator WinRAR

"xp-AntiSpy" = xp-AntiSpy 3.97-3


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[Application Events]

Error - 2009-12-14 07:31:17 | Computer Name = 5F27D83343B544B | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd wa.exe, wersja 3.0.0.0, moduł powodujący

 błąd wa.exe, wersja 3.0.0.0, adres błędu 0x000614b2.


Error - 2009-12-16 12:07:11 | Computer Name = 5F27D83343B544B | Source = MsiInstaller | ID = 11704

Description = Produkt: Adobe Reader 9.2 - Polish -- Błąd 1704.Instalacja dla Microsoft

 Office Enterprise 2007 aktualnie jest zawieszona. Aby kontynuować, należy cofnąć

 zmiany naniesione przez tę instalację. Czy chcesz cofnąć te zmiany?


Error - 2009-12-17 09:47:37 | Computer Name = 5F27D83343B544B | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.2180, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-12-21 03:45:42 | Computer Name = 5F27D83343B544B | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca AcroRd32.exe, wersja 9.2.0.124, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-12-21 06:41:04 | Computer Name = 5F27D83343B544B | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca AcroRd32.exe, wersja 9.2.0.124, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-01-09 15:53:52 | Computer Name = 5F27D83343B544B | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.2180, moduł

 powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00018fea.


Error - 2010-01-17 17:07:54 | Computer Name = 5F27D83343B544B | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca veohwebplayer.exe, wersja 1.1.9.1188, moduł

 zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-01-17 17:10:06 | Computer Name = 5F27D83343B544B | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.2180, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-01-17 17:12:23 | Computer Name = 5F27D83343B544B | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.2180, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-01-17 17:40:24 | Computer Name = 5F27D83343B544B | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.2180, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


[System Events]

Error - 2010-01-14 13:59:20 | Computer Name = 5F27D83343B544B | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

 DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi

 próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,

 wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)


Error - 2010-01-14 13:59:20 | Computer Name = 5F27D83343B544B | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

 z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

   Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego

 czasu. 


Error - 2010-01-14 13:59:21 | Computer Name = 5F27D83343B544B | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

 DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi

 próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,

 wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)


Error - 2010-01-14 13:59:21 | Computer Name = 5F27D83343B544B | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

 z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

   Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego

 czasu. 


Error - 2010-01-14 13:59:32 | Computer Name = 5F27D83343B544B | Source = System Error | ID = 1003

Description = Kod błędu 1000007e, parametr 1 c0000005, parametr 2 f720b569, parametr

 3 f7a0d8ec, parametr 4 f7a0d5e8.



< End of report >

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:00:42, on 2010-01-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dziekanat.wip.pw.edu.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe

O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Piotr\USTAWI~1\Temp\herss.exe

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


--

End of file - 4221 bytes

Z góry dziękuję za pomoc.

#2

Zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.

#3

Log z usuwania

http://wklej.org/id/264789/

Nowy log

http://www.nopaste.pl/kx5

#4

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.

Przed kliknięciem Run Scan wklejasz w OTL taki tekst:

#5

Z usuwania

http://wklej.org/id/264885/

Nowy

http://www.nopaste.pl/ky9

#6

Jest już czysto.

W OTL kliknij CleanUp.

Jeśli korzystasz z Przywracania Systemu, to wyłącz i włącz je na wszystkich dyskach. Instrukcja XP.

Wykonaj pełny skan Dr.Web CureIt.

Gdy będą wirusy, pokaż raport.

Wyczyść rejestr i dysk CCleaner oraz wyłącz nim zbędniki z autostartu (Narzędzia -> Autostart).

No i zaktualizuj system do stanu Service Pack 3.

#7

Serdecznie dziękuję za pomoc.

Pozdrawiam.

Dodane 07.02.2010 (N) 19:33

Witam,

pojawiły się nowe problemy z systemem, poniżej podaję loga z otl i zwracam się z prośbą o pomoc.

http://www.nopaste.pl/lx5

http://www.nopaste.pl/lx7

#8

Po takim czasie to zwykło się zakładać nowe wątki…

Masz źle ustawionego OTL-a, zmień ustawienia na takie: http://wstaw.org/h/e3ab261bd93/

Wyłącz i włącz Przywracanie Systemu na wszystkich dyskach. Instrukcja XP.

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.

Usuń infekcje z pendrive lub kart pamięci za pomocą Flash Disinfector lub Panda USB Vaccine.

Lub format.

#9

Fix

http://www.nopaste.pl/lxa

Nowy skan

http://www.nopaste.pl/lxb

#10

Wykonaj:

W OTL wklej:

Run FIx , potem kliknij CleanUp , bo nic więcej nie ma.

Wykonaj pełny skan Dr.Web CureIt.

Gdy będą wirusy, pokaż raport.

Wyczyść rejestr i dysk CCleaner oraz wyłącz nim zbędniki z autostartu (Narzędzia -> Autostart).

#11

Wszystko jest już git.

Dzięki i pozdrawiam.