Problem z Virusem "naruszenie prawa polskiego"


(Finchmotorsltd) #1

Witam

Prosze o pomoc mam problem z wyzej wymienionym virusem.

korzystajac z instrukcji zamiescilem zamieszczam . najpierw OTL:

OTL logfile created on: 2012-08-27 20:32:59 - Run 1

OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 82,20% Memory free

3,78 Gb Paging File | 3,60 Gb Available in Paging File | 95,22% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 88,51 Gb Free Space | 90,63% Space Free | Partition Type: NTFS

Computer Name: KOMPUTER | User Name: User | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-27 20:31:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

PRC - [2008-06-27 05:36:58 | 001,424,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - 2010-11-15 21:02:34 | 000,300,544 | ---- | M -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL

========== Services (SafeList) ==========

SRV - [2009-12-02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009-12-02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009-02-11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2009-12-02 22:23:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)

DRV - [2009-12-02 22:23:52 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)

DRV - [2009-12-02 22:23:50 | 000,211,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)

DRV - [2009-12-02 22:23:46 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)

DRV - [2009-08-25 20:38:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009-06-18 14:48:12 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2009-06-18 14:48:06 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2009-05-11 08:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2009-04-15 12:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2009-04-07 22:04:00 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2009-03-09 07:32:00 | 000,805,888 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)

DRV - [2008-06-16 03:28:36 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU..\SearchScopes,DefaultScope = {8D56A549-FE92-4298-93E8-ED128455328C}

IE - HKCU..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU..\SearchScopes{098CB807-852E-4C3B-8D61-C1FC03AEC6C4}: "URL" = http://rover.ebay.com/rover/1/710-61977 ... 4?satitle={searchTerms}

IE - HKCU..\SearchScopes{657D7DB1-AE60-4427-A9ED-A91585F31CCF}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKCU..\SearchScopes{8D56A549-FE92-4298-93E8-ED128455328C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU..\SearchScopes{E02388FB-49E6-4311-8072-8581BBE48B8D}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

O1 HOSTS File: ([2008-06-16 03:28:36 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)

O4 - HKLM..\Run: [sMBHelper] C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4481\SMBHelper.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} http://86.150.228.30/webrec.cab (SurveillanceCtrl Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{D92A39A1-31AF-41F6-9F97-D8270DE4CB10}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - 2011-01-08 17:41:44 | 000,000,000 | ---- | M - C:\AUTOEXEC.BAT -- [NTFS]

O33 - MountPoints2{3eb004f4-1b45-11e0-b0fa-ad5720742c08}\Shell - "" = AutoRun

O33 - MountPoints2{3eb004f4-1b45-11e0-b0fa-ad5720742c08}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2{3eb004f7-1b45-11e0-b0fa-94aa47d3ebc3}\Shell - "" = AutoRun

O33 - MountPoints2{3eb004f7-1b45-11e0-b0fa-94aa47d3ebc3}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2{49a17e46-1b5d-11e0-b0ff-ccb0dadafe6c}\Shell - "" = AutoRun

O33 - MountPoints2{49a17e46-1b5d-11e0-b0ff-ccb0dadafe6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2{b4881fde-70a9-11e0-b1b0-001e101fc4ba}\Shell - "" = AutoRun

O33 - MountPoints2{b4881fde-70a9-11e0-b1b0-001e101fc4ba}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-27 20:31:16 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

[2012-08-27 20:24:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2012-08-27 20:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Malwarebytes

[2012-08-27 20:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware

[2012-08-27 20:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2012-08-27 20:22:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012-08-27 20:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012-08-27 20:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner

[2012-08-27 20:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012-08-27 19:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\hellomoto

[2012-08-25 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\123

[2012-08-25 17:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\mercedes 123 long

[2012-08-22 19:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\bmw 635

[2012-08-19 22:11:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2012-08-19 22:11:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2012-08-27 20:31:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

2012-08-27 20:31:19 | 000,353,214 | ---- | M -- C:\WINDOWS\System32\perfh015.dat

2012-08-27 20:31:19 | 000,309,538 | ---- | M -- C:\WINDOWS\System32\perfh009.dat

2012-08-27 20:31:19 | 000,048,084 | ---- | M -- C:\WINDOWS\System32\perfc015.dat

2012-08-27 20:31:19 | 000,038,908 | ---- | M -- C:\WINDOWS\System32\perfc009.dat

2012-08-27 20:26:59 | 000,002,048 | --S- | M -- C:\WINDOWS\bootstat.dat

2012-08-27 20:25:25 | 000,087,112 | ---- | M -- C:\WINDOWS\System32\FNTCACHE.DAT

2012-08-27 20:22:24 | 000,000,784 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

2012-08-27 20:16:05 | 000,023,328 | ---- | M -- C:\Documents and Settings\User\Moje dokumenty\cc_20120827_201554.reg

2012-08-27 20:14:40 | 000,000,682 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

2012-08-27 17:41:34 | 000,002,265 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

2012-08-27 11:34:00 | 000,481,481 | ---- | M -- C:\Documents and Settings\User\Pulpit\PrintPdfBoardingCard.pdf

2012-08-19 14:36:10 | 000,002,184 | ---- | M -- C:\WINDOWS\System32\wpa.dbl

[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files Created - No Company Name ==========

2012-08-27 20:22:24 | 000,000,784 | ---- | C -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

2012-08-27 20:15:57 | 000,023,328 | ---- | C -- C:\Documents and Settings\User\Moje dokumenty\cc_20120827_201554.reg

2012-08-27 20:14:40 | 000,000,682 | ---- | C -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

2012-08-27 11:34:00 | 000,481,481 | ---- | C -- C:\Documents and Settings\User\Pulpit\PrintPdfBoardingCard.pdf

2011-01-09 10:33:11 | 000,000,122 | ---- | C -- C:\Documents and Settings\User.ewanapi_cookie

2011-01-08 18:43:26 | 000,014,713 | ---- | C -- C:\WINDOWS\System32\RaCoInst.dat

2011-01-08 18:35:18 | 000,004,293 | ---- | C -- C:\WINDOWS\ODBCINST.INI

2011-01-08 18:33:51 | 000,087,112 | ---- | C -- C:\WINDOWS\System32\FNTCACHE.DAT

2011-01-08 18:27:53 | 000,113,264 | ---- | C -- C:\WINDOWS\FixUVC.exe

2011-01-08 18:19:38 | 000,000,008 | RHS- | C -- C:\WINDOWS\System32\Desktop_.ini

2011-01-08 17:56:48 | 000,982,196 | R--- | C -- C:\WINDOWS\System32\igkrng500.bin

2011-01-08 17:56:48 | 000,417,344 | R--- | C -- C:\WINDOWS\System32\igcompkrng500.bin

2011-01-08 17:42:40 | 000,002,048 | --S- | C -- C:\WINDOWS\bootstat.dat

2011-01-08 17:39:01 | 000,021,856 | ---- | C -- C:\WINDOWS\System32\emptyregdb.dat

< End of report >

OTL Extras logfile created on: 2012-08-27 20:32:59 - Run 1

OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 82,20% Memory free

3,78 Gb Paging File | 3,60 Gb Available in Paging File | 95,22% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 88,51 Gb Free Space | 90,63% Space Free | Partition Type: NTFS

Computer Name: KOMPUTER | User Name: User | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- Reg Error: Key error.

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver Installation Program

"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Driver

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software

"{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}" = Skype™ 5.1

"{AC76BA86-7AD7-1045-7B44-AA0000000001}" = Adobe Reader X - Polish

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.160.210

"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN Installation Program for XP v1.4.0.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"F01807101EBDFA763D74F1891D2AA31593E493C5" = Pakiet sterowników systemu Windows - Intel (NETw5x32) net (09/15/2009 13.0.0.107)

"HDMI" = Intel® Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Q-Typing 1.3_is1" = Q-Typing 1.3

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 6" = TeamViewer 6

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[Application Events]

Error - 2012-08-27 13:34:56 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-08-27 13:34:56 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-08-27 13:36:55 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-08-27 13:36:57 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-08-27 13:49:25 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-08-27 13:49:25 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-08-27 13:51:45 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-08-27 13:51:46 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-08-27 14:25:52 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-08-27 14:25:53 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

[System Events]

Error - 2012-07-13 01:42:35 | Computer Name = KOMPUTER | Source = iaStor | ID = 262153

Description = Urządzenie \Device\Ide\iaStor0 nie odpowiedziało w ramach ustalonego

limitu czasu.

Error - 2012-07-17 04:13:39 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2012-07-21 07:18:15 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2012-07-21 15:28:22 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2012-07-22 04:23:38 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2012-07-22 05:04:07 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2012-07-22 06:19:51 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2012-07-23 15:40:57 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2012-07-26 04:52:26 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2012-08-01 02:49:13 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

< End of report >

Z gory dziekuje za pomoc


(adam9870) #2

Uruchom OTL. W okno Własne opcje skanowana / skrypt wklej:

Kliknij Wykonaj skrypt. Zgódź się na ponowne uruchomienie (restart).

Użyj AdwCleaner (opcja Delete).

Przeskanuj Malwarebytes.

Po wszystkim pokazujesz nowy log Skanuj, raport z usuwania OTL i raport z AdwCleaner.


(Finchmotorsltd) #3

Witam

Wielkie dzieki za blyskawiczna bezbledna pomoc! !!

wszystko wydaje sie dzialac poprawnie.

przepraszam za wklejanie calego txtu ale cos chyba nie potrafie poprawnie,

zrobilem skan AdwCleaner ale niestety gdzies mi zniknal

skan z OTL ponizej

OTL logfile created on: 2012-08-28 00:30:51 - Run 2

OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,93 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 67,49% Memory free

3,78 Gb Paging File | 3,34 Gb Available in Paging File | 88,28% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 88,53 Gb Free Space | 90,66% Space Free | Partition Type: NTFS

Computer Name: KOMPUTER | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-27 20:31:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

PRC - [2010-11-15 21:02:24 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

PRC - [2009-12-02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009-12-02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2009-09-24 14:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.EXE

PRC - [2009-06-20 11:16:06 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2009-06-20 11:16:06 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2009-02-11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008-06-27 05:36:58 | 001,424,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - 2011-11-02 00:26:32 | 000,087,912 | ---- | M -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - 2011-11-02 00:26:12 | 001,242,472 | ---- | M -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - 2009-06-20 11:15:04 | 002,854,976 | ---- | M -- C:\WINDOWS\system32\btwicons.dll

MOD - 2009-06-20 11:13:06 | 000,069,697 | ---- | M -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - 2008-06-16 03:28:36 | 000,014,336 | ---- | M -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - [2009-12-02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009-12-02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009-02-11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2009-12-02 22:23:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)

DRV - [2009-12-02 22:23:52 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)

DRV - [2009-12-02 22:23:50 | 000,211,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)

DRV - [2009-12-02 22:23:46 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)

DRV - [2009-08-25 20:38:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009-06-18 14:48:12 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2009-06-18 14:48:06 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2009-05-11 08:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2009-04-15 12:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2009-04-07 22:04:00 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2009-03-09 07:32:00 | 000,805,888 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)

DRV - [2008-06-16 03:28:36 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU..\SearchScopes,DefaultScope = {8D56A549-FE92-4298-93E8-ED128455328C}

IE - HKCU..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}src=IE-SearchBoxForm=IE8SRC

IE - HKCU..\SearchScopes{8D56A549-FE92-4298-93E8-ED128455328C}: "URL" = http://www.google.com/search?q={searchTerms}rls=com.microsoft:{language}ie={inputEncoding}oe={outputEncoding}startIndex={startIndex?}startPage={startPage}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

O1 HOSTS File: ([2008-06-16 03:28:36 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Wyślij do urządzenia Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} http://86.150.228.30/webrec.cab (SurveillanceCtrl Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{D92A39A1-31AF-41F6-9F97-D8270DE4CB10}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - 2011-01-08 17:41:44 | 000,000,000 | ---- | M - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-28 00:29:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2012-08-27 21:04:50 | 000,000,000 | ---D | C] -- C:_OTL

[2012-08-27 20:31:16 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

[2012-08-27 20:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Malwarebytes

[2012-08-27 20:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware

[2012-08-27 20:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2012-08-27 20:22:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012-08-27 20:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012-08-27 20:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner

[2012-08-27 20:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012-08-25 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\123

[2012-08-25 17:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\mercedes 123 long

[2012-08-22 19:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\bmw 635

[2012-08-19 22:11:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2012-08-19 22:11:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

2012-08-28 00:29:54 | 000,002,048 | --S- | M -- C:\WINDOWS\bootstat.dat

2012-08-27 21:19:12 | 000,002,265 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

2012-08-27 21:07:33 | 000,353,796 | ---- | M -- C:\WINDOWS\System32\perfh015.dat

2012-08-27 21:07:33 | 000,309,872 | ---- | M -- C:\WINDOWS\System32\perfh009.dat

2012-08-27 21:07:33 | 000,048,502 | ---- | M -- C:\WINDOWS\System32\perfc015.dat

2012-08-27 21:07:33 | 000,039,242 | ---- | M -- C:\WINDOWS\System32\perfc009.dat

[2012-08-27 20:31:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

2012-08-27 20:25:25 | 000,087,112 | ---- | M -- C:\WINDOWS\System32\FNTCACHE.DAT

2012-08-27 20:22:24 | 000,000,784 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

2012-08-27 20:16:05 | 000,023,328 | ---- | M -- C:\Documents and Settings\User\Moje dokumenty\cc_20120827_201554.reg

2012-08-27 20:14:40 | 000,000,682 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

2012-08-27 11:34:00 | 000,481,481 | ---- | M -- C:\Documents and Settings\User\Pulpit\PrintPdfBoardingCard.pdf

2012-08-19 14:36:10 | 000,002,184 | ---- | M -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

2012-08-27 20:22:24 | 000,000,784 | ---- | C -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

2012-08-27 20:15:57 | 000,023,328 | ---- | C -- C:\Documents and Settings\User\Moje dokumenty\cc_20120827_201554.reg

2012-08-27 20:14:40 | 000,000,682 | ---- | C -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

2012-08-27 11:34:00 | 000,481,481 | ---- | C -- C:\Documents and Settings\User\Pulpit\PrintPdfBoardingCard.pdf

2011-01-09 10:33:11 | 000,000,122 | ---- | C -- C:\Documents and Settings\User.ewanapi_cookie

2011-01-08 18:43:26 | 000,014,713 | ---- | C -- C:\WINDOWS\System32\RaCoInst.dat

2011-01-08 18:35:18 | 000,004,293 | ---- | C -- C:\WINDOWS\ODBCINST.INI

2011-01-08 18:33:51 | 000,087,112 | ---- | C -- C:\WINDOWS\System32\FNTCACHE.DAT

2011-01-08 18:27:53 | 000,113,264 | ---- | C -- C:\WINDOWS\FixUVC.exe

2011-01-08 18:19:38 | 000,000,008 | RHS- | C -- C:\WINDOWS\System32\Desktop_.ini

2011-01-08 17:56:48 | 000,982,196 | R--- | C -- C:\WINDOWS\System32\igkrng500.bin

2011-01-08 17:56:48 | 000,417,344 | R--- | C -- C:\WINDOWS\System32\igcompkrng500.bin

2011-01-08 17:42:40 | 000,002,048 | --S- | C -- C:\WINDOWS\bootstat.dat

2011-01-08 17:39:01 | 000,021,856 | ---- | C -- C:\WINDOWS\System32\emptyregdb.dat

End of report


(adam9870) #4

Uruchom OTL. W okno Własne opcje skanowana / skrypt wklej:

Kliknij Wykonaj skrypt. Zgódź się na ponowne uruchomienie (restart).

Finalizacja

  1. Uruchom OTL i kliknij Sprzątanie, aby usunąć OTL wraz z jego kwarantanną.

  2. [Czyszczenie folderów przywracania systemu](http://www.fixitpc.pl/topic/5-dezynfekcja-kroki-finalizujace-temat/page p 50#entry50)

  3. Użyj SecurityCheck i zaktualizuj programy oznaczone jako "Out of date!". To jedna z metod zapobiegania podobnym infekcjom w przyszłości. Szkodliwe oprogramowanie może dostać się do komputera przez luki w starych wersjach programów podczas gdy nowsze wersje programów posiadają załatane luki, które są obecne w starszych wersjach tychże.

W razie problemów z samodzielnym przejrzeniem raportu z SecurityCheck, przedstaw go proszę na forum, to pomyślimy razem. Już teraz widzę nieaktualną Java 6 Update 23. Odinstaluj Javę. Zainstaluj Javę w najnowszej wersji. Jeżeli nie przypominasz sobie, abyś instalował Yahoo! Software Update to go również odinstaluj.

  1. Masz zainstalowanego CClanera, możesz przeczyścić nim system.

  2. Zobacz na wpisy 07 w Twoim logu. Chcę upewnić się, że sam to ustawiałeś?

Dziękuję.

Pozdrawiam.


(Finchmotorsltd) #5

Witam

Ponownie zrobilem wszysko jak kazano.

Ponize ostatni log z OTL

za wszystko bardzo dziekuje


(adam9870) #6

Nie wkleiłeś loga, ale nie musisz go wklejać. Po prostu zrób wszystko, o czym piszę w poprzedniej wiadomości, od pkt. 1 do 4. Jest ok, blokady systemu nie ma, możesz uruchomić Windows normalnie. Nie ma za co. Pozdrawiam.


(Agatonster) #7

masakrer ,

Wklejanie logów na forum - przeczytaj i zastosuj się do Tematu

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.