Witam, mam problem z wirusem Ukash, w załączniku logi OTL, proszę o pomoc
Extras: http://wklej.to/qUcEy
Masz zainstalowanego Avasta z 2005 roku.
Odinstaluj Akamai NetSession Interface Service i Akamai NetSession Interface.
Do okna Własne opcje skanowania / skrypt wklej:
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Dzięki bardzo z pomoc!
Raport z usuwania:
All processes killed
========== OTL ==========
Service MSICDSetup stopped successfully!
Service MSICDSetup deleted successfully!
File I:\CDriver.sys not found.
Service mcdbus stopped successfully!
Service mcdbus deleted successfully!
File system32\DRIVERS\mcdbus.sys not found.
Service Machnm32 stopped successfully!
Service Machnm32 deleted successfully!
File C:\WINDOWS\system32\Machnm32.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tipniouoptbstpl deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockIES not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockOCTuner not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mingblgfvtplwry not found.
C:\WINDOWS\mingblgf.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tipniouoptbstpl not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
C:\AdwCleaner[S1].txt moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\xftmpkinvouqftb folder moved successfully.
File C:\WINDOWS\mingblgf.exe not found.
C:\Documents and Settings\All Users\Dane aplikacji\mingblgf.exe moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ynxvmdkatddzscx moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 142383 bytes
->Opera cache emptied: 11839015 bytes
->Flash cache emptied: 670 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jul
->Temp folder emptied: 180905 bytes
->Temporary Internet Files folder emptied: 279610 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 7105504 bytes
->Flash cache emptied: 716 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 19,00 mb
OTL by OldTimer - Version 3.2.58.1 log created on 08262012_004156
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL:
OTL logfile created on: 2012-08-26 00:43:34 - Run 3
OTL by OldTimer - Version 3.2.58.1 Folder = D:\D\Instalki
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,56 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 86,81% Memory free
5,40 Gb Paging File | 5,13 Gb Available in Paging File | 94,91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 46,00 Gb Free Space | 23,55% Space Free | Partition Type: NTFS
Drive D: | 270,44 Gb Total Space | 147,86 Gb Free Space | 54,67% Space Free | Partition Type: NTFS
Drive F: | 27,95 Gb Total Space | 2,24 Gb Free Space | 8,03% Space Free | Partition Type: NTFS
Computer Name: JUL-2312D2AD8FE | User Name: jul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012-08-25 18:00:31 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2012-08-25 15:00:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\D\Instalki\OTL.exe
PRC - [2012-05-26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\jul\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe
PRC - [2012-02-10 16:54:47 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011-01-17 19:50:30 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 19:50:30 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-06 22:25:58 | 001,392,728 | ---- | M] (GoldSolution Software, Inc.) -- C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
PRC - [2007-10-22 09:45:26 | 000,094,208 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
PRC - [2007-06-06 08:00:00 | 001,074,896 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2007-04-09 14:23:11 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2006-03-09 16:35:20 | 000,049,152 | ---- | M] ( ) -- C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
PRC - [2006-03-09 13:23:56 | 000,040,960 | ---- | M] (Autodesk Inc) -- C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2005-12-18 15:18:56 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2005-04-19 20:51:07 | 000,098,352 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2005-04-19 20:51:03 | 000,090,160 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2005-04-19 20:39:30 | 000,053,248 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2001-10-26 19:29:52 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012-05-15 09:36:06 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012-02-19 13:18:55 | 000,237,568 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012-02-19 13:18:54 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_pl_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2012-02-19 13:16:34 | 003,379,200 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_08b57e89\mscorlib.dll
MOD - [2012-02-19 13:16:20 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d64fdb76\system.xml.dll
MOD - [2012-02-19 13:16:10 | 003,014,656 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ecfc9c10\system.windows.forms.dll
MOD - [2012-02-19 13:15:59 | 001,953,792 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_216f2837\system.dll
MOD - [2012-02-19 13:15:51 | 001,224,704 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012-02-19 13:15:50 | 001,257,472 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012-02-19 13:15:49 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2012-02-19 13:15:47 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2012-02-19 13:15:46 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2012-02-19 13:15:45 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012-02-19 13:15:43 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll
MOD - [2007-10-22 09:45:26 | 000,094,208 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
MOD - [2007-10-22 09:45:04 | 000,028,160 | ---- | M] () -- C:\WINDOWS\system32\sspdfpmd.dll
MOD - [2005-04-19 20:51:07 | 000,098,352 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
MOD - [2005-04-19 20:51:03 | 000,090,160 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
MOD - [2005-04-19 20:39:30 | 000,053,248 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
MOD - [2005-01-07 17:40:58 | 000,075,776 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\unacev2.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2012-08-25 18:00:31 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012-05-15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-04-22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-02-19 13:27:31 | 000,072,704 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011-12-30 17:35:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-12-17 01:09:02 | 000,461,928 | ---- | M] (GoldSolution Software, Inc.) [Auto | Running] -- C:\Program Files\PC Auto Shutdown\ShutdownService.exe -- (PCAutoShutdown_Service)
SRV - [2006-03-09 16:35:20 | 000,049,152 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)
SRV - [2006-03-09 13:23:56 | 000,040,960 | ---- | M] (Autodesk Inc) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2005-04-19 20:51:03 | 000,090,160 | ---- | M] () [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2005-04-19 20:50:46 | 000,237,616 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2005-04-19 20:50:39 | 000,360,496 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2005-04-19 20:39:30 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-08-25 23:44:12 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV - [2012-04-22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012-04-18 19:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011-12-24 03:26:28 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011-10-04 13:03:48 | 000,367,560 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2011-08-10 14:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2010-06-11 15:37:04 | 000,013,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2010-02-09 09:53:28 | 000,023,304 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioLegacyKeyboard_DFU.sys -- (MADFULEGACYKEYBOARD)
DRV - [2010-02-09 09:53:24 | 000,167,304 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioLegacyKeyboard.sys -- (MAUSBLEGACYKEYBOARD)
DRV - [2009-07-28 10:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-04-09 14:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005-05-25 05:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32)
DRV - [2005-05-09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005-04-19 20:56:59 | 000,019,552 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2005-04-19 20:49:56 | 000,083,840 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2005-04-19 20:48:34 | 000,016,176 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2005-04-19 20:48:17 | 000,036,016 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2001-08-17 22:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001-08-17 22:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001-08-17 22:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001-08-17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [1999-12-17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2012-08-26 00:42:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe ()
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PC Auto Shutdown] C:\Program Files\PC Auto Shutdown\AutoShutdown.exe (GoldSolution Software, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SmartSoft PDF Printer (demo) Agent] C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe ()
O4 - HKLM..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\jul\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [ASRockIES] File not found
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [mingblgfvtplwry] C:\WINDOWS\mingblgf.exe File not found
O4 - HKCU..\Run: [tipniouoptbstpl] C:\Documents and Settings\All Users\Dane aplikacji\tipniouo.exe File not found
O4 - Startup: C:\Documents and Settings\jul\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F639210D-432D-4F87-8F7C-317DDB2E7C50}: DhcpNameServer = 62.179.1.62 62.179.1.63
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-06-03 18:13:55 | 000,000,000 | ---D | M] - C:\Autodesk -- [NTFS]
O32 - AutoRun File - [2011-12-23 09:14:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]
O32 - AutoRun File - [2011-07-03 15:04:16 | 000,000,000 | ---D | M] - F:\Autodesk inventor professional 11Pl -- [NTFS]
O32 - AutoRun File - [2011-03-06 00:39:15 | 000,000,000 | ---D | M] - F:\AUTODESK.INVENTOR.SERIES.V10-MAGNiTUDE -- [NTFS]
O32 - AutoRun File - [2008-06-11 12:09:50 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [NTFS]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012-08-25 18:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HitmanPro
[2012-08-25 17:59:51 | 000,135,016 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\LnkProtect.dll
[2012-08-25 17:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012-08-25 17:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro
[2012-08-14 17:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nero
[2012-08-14 17:14:53 | 000,125,184 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
[2012-08-14 17:14:53 | 000,005,504 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2012-08-14 17:14:34 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2012-08-14 17:14:34 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2012-08-14 17:14:34 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2012-08-14 17:14:34 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2012-08-14 17:14:34 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2012-08-14 17:14:33 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2012-08-14 17:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2012-08-14 17:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2012-08-12 16:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jul\Pulpit\OCR_zadanie
[2012-08-09 17:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy
[2012-08-09 17:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jul\Menu Start\Programy\xp-AntiSpy
[2012-08-07 17:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\M-Audio
[2012-08-07 17:10:46 | 000,023,304 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\MAudioLegacyKeyboard_DFU.sys
[2012-08-07 17:10:20 | 000,167,304 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\MAudioLegacyKeyboard.sys
[2012-08-07 17:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2012-08-06 16:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Addictive Drums
[2012-08-06 16:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jul\Moje dokumenty\Addictive Drums
[2012-07-29 20:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jul\Moje dokumenty\NFS Carbon
[2012-07-29 19:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Electronic Arts
[2012-07-29 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012-07-29 19:02:44 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2012-07-29 19:02:43 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2012-07-29 19:02:43 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2012-07-29 19:02:29 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2012-07-29 19:02:29 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2012-07-29 19:02:29 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2012-07-29 19:02:28 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2012-07-29 19:02:28 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2012-07-29 19:02:27 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2012-07-29 19:02:26 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012-08-26 00:48:00 | 000,583,288 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-08-26 00:48:00 | 000,520,374 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-08-26 00:48:00 | 000,117,566 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-08-26 00:48:00 | 000,095,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-08-26 00:43:17 | 000,004,742 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012-08-26 00:42:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-26 00:42:29 | 3824,242,688 | -HS- | M] () -- C:\hiberfil.sys
[2012-08-26 00:42:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-08-26 00:33:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-08-25 23:44:12 | 000,027,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012-08-25 18:03:17 | 000,000,476 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2012-08-25 18:00:31 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HitmanPro.lnk
[2012-08-25 18:00:05 | 000,135,016 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\LnkProtect.dll
[2012-08-25 14:58:15 | 002,105,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-08-22 12:16:49 | 000,002,393 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012-08-20 15:24:08 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2012-08-20 15:24:08 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2012-08-20 15:24:08 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2012-08-20 15:24:08 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2012-08-20 15:24:08 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2012-08-20 15:24:08 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2012-08-20 15:24:08 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2012-08-20 15:24:08 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2012-08-20 15:24:08 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2012-08-20 15:24:08 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2012-08-20 15:24:08 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2012-08-20 08:34:35 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-08-19 13:43:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-08-12 15:40:57 | 002,212,897 | ---- | M] () -- C:\Documents and Settings\jul\Pulpit\OCR_zadanie.zip
[2012-08-07 06:43:57 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\jul\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-02 20:36:50 | 002,972,686 | ---- | M] () -- C:\Documents and Settings\jul\Pulpit\White Zombie scratch.wav
[2012-08-02 20:34:40 | 002,972,686 | ---- | M] () -- C:\Documents and Settings\jul\Pulpit\White Zombie - I'.wav
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012-08-26 00:42:29 | 3824,242,688 | -HS- | C] () -- C:\hiberfil.sys
[2012-08-25 18:03:17 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2012-08-25 18:00:32 | 000,027,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012-08-25 18:00:31 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HitmanPro.lnk
[2012-08-15 01:07:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012-08-12 15:40:57 | 002,212,897 | ---- | C] () -- C:\Documents and Settings\jul\Pulpit\OCR_zadanie.zip
[2012-08-07 17:10:46 | 000,003,469 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioLegacyKeyboardFirmware.bin
[2012-08-07 17:10:46 | 000,002,078 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAudioCypressBootstrapper.bin
[2012-08-02 20:35:47 | 002,972,686 | ---- | C] () -- C:\Documents and Settings\jul\Pulpit\White Zombie scratch.wav
[2012-08-02 20:34:06 | 002,972,686 | ---- | C] () -- C:\Documents and Settings\jul\Pulpit\White Zombie - I'.wav
[2012-06-16 16:20:44 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2012-06-16 16:20:44 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2012-06-16 16:20:44 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2012-06-16 16:20:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012-06-16 16:20:43 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2012-05-25 15:29:29 | 000,156,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-05-08 16:19:49 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2012-04-12 09:35:40 | 000,862,966 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1214440339-1757981266-1417001333-1003-0.dat
[2012-04-12 09:35:39 | 000,277,182 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2012-03-13 18:34:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012-03-05 21:11:11 | 000,000,135 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2012-02-19 15:08:43 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2012-02-19 13:30:37 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2012-01-31 13:54:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\jul\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2012-01-10 20:08:26 | 009,862,262 | ---- | C] () -- C:\Documents and Settings\jul\Skrypt_calosc.pdf
[2012-01-03 20:50:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\sspdfpmd.dll
[2012-01-03 19:54:19 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2011-12-28 03:28:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011-12-28 03:28:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011-12-28 03:28:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011-12-28 03:28:56 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011-12-26 16:24:51 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011-12-24 05:01:56 | 000,002,393 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-12-24 04:41:47 | 000,371,712 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2011-12-24 03:40:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\rtvcvfw32.dll
[2011-12-24 03:40:28 | 001,075,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011-12-24 03:37:48 | 001,075,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011-12-24 03:37:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011-12-24 03:37:42 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011-12-24 02:51:04 | 000,004,742 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2011-12-23 14:22:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-12-23 14:06:17 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\jul\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-23 14:01:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-12-23 10:05:47 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-12-23 10:04:47 | 002,105,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-12-23 09:17:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-12-23 09:11:46 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-02-10 01:00:00 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
< End of report >Wklej i kliknij Wykonaj skrypt:
Odinstaluj starą wersję programu:
Java 6 Update 22
Adobe Reader 9.5.0
Później zainstaluj:
Uruchom OTL i kliknij Sprzątanie.
Wyłącz i ponownie włącz przywracanie systemu:
http://support.microsoft.com/kb/310405/pl
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date
Dysk przeskanuj Malwarebytes-AntiMalware.
Podczas instalacji odznacz Uruchom okres testowy Malwarebytes Anti-Malware PRO.