Wirus XP Antispyware 2012 blokuje wszystko co może


(Highway1) #1

Zainstalował się wirus XP Antispyware 2012. Nie można wejść na strony przez Explorera jedynie przez Firefoxa. Nie działa tez "msconfig". Odinstalowałem Power ISO ale z "dodaj usuń programy" natomiast tego SPTDinst nie mogę już uruchomić. Jest źle i jeszcze do tej pory tak źle nie miałem :(. Wklejam logi z OTL i proszę o pomoc. Co mam zrobić w sytuacji gdy wiele programów przez ten Wirus nie chce się uruchamiać np Hijacthis. Jeszcze niczym go nie skanowałem ale słyszałem że restartuje kompa przy próbie wykrycia.

OTL logfile created on: 2012-01-14 12:51:27 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Art\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,50 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 60,09% Memory free

3,35 Gb Paging File | 2,93 Gb Available in Paging File | 87,39% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 198,80 Gb Free Space | 85,37% Space Free | Partition Type: NTFS


Computer Name: ART-E4E8E5E42D7 | User Name: Art | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-01-14 12:50:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Moje dokumenty\Pobieranie\OTL.com

PRC - [2012-01-14 12:36:31 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012-01-12 16:22:48 | 000,275,456 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe

PRC - [2011-04-27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010-07-20 10:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2010-06-22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2010-06-14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

PRC - [2009-11-09 04:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2009-10-27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005-11-30 10:47:52 | 000,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido anti-malware\ewidoctrl.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2012-01-14 12:36:31 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll

MOD - [2010-12-17 16:19:38 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2009-11-03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2007-05-08 01:59:08 | 000,137,216 | ---- | M] () -- C:\WINDOWS\system32\OemSpi.dll

MOD - [2001-10-28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011-04-27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2011-02-11 17:42:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010-06-14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2005-11-30 10:47:52 | 000,013,888 | ---- | M] (ewido networks) [Auto | Running] -- C:\Program Files\ewido anti-malware\ewidoctrl.exe -- (ewido security suite control)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2012-01-14 12:24:38 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B90E4536-89EE-455E-9C73-B9C0831DCAB1}\MpKsl268fe7e4.sys -- (MpKsl268fe7e4)

DRV - [2010-02-26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010-02-26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010-02-26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010-02-26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009-11-09 04:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009-11-03 12:39:04 | 005,940,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007-11-21 17:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)

DRV - [2007-10-10 19:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)

DRV - [2006-08-07 12:30:52 | 000,162,176 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)

DRV - [2005-12-08 04:54:52 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2005-12-08 04:54:44 | 000,142,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2005-03-04 04:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005-01-07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-776561741-706699826-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKU\S-1-5-21-776561741-706699826-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-706699826-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 3

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: codiprog@fbplus.plugin:1.8

FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-09-01 11:18:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-14 12:36:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-14 12:36:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-09-01 11:18:21 | 000,000,000 | ---D | M]


[2011-03-02 09:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Extensions

[2012-01-14 12:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions

[2010-04-28 10:34:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011-08-08 18:42:53 | 000,000,000 | ---D | M] ("Face Cool Smileys (FB Plus)") -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions\codiprog@fbplus.plugin

[2011-03-09 14:31:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2011-03-01 19:59:00 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions\firefox@tvunetworks.com

[2012-01-14 12:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009-12-28 11:43:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010-09-01 11:18:19 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION

[2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-21-776561741-706699826-725345543-1004..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKU\S-1-5-21-776561741-706699826-725345543-1004..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-706699826-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C409D791-30C1-4BE6-9ABE-88D1194F069D}: DhcpNameServer = 62.179.1.63 62.179.1.62

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-12-22 12:58:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-776561741-706699826-725345543-1004\...exe [@ = kD] -- "C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe" -a "%1" %* (?????????? ??????????)


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-01-12 16:22:48 | 000,275,456 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe

[2012-01-07 13:13:06 | 000,000,000 | ---D | C] -- C:\6ab991cf6e042dada3dede

[2012-01-03 13:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\PITy

[2012-01-03 13:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PITy

[2012-01-03 13:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PITy

[2012-01-03 13:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\Infonetax

[2012-01-03 13:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Infonetax

[2012-01-03 13:26:20 | 000,000,000 | ---D | C] -- C:\Infonetax

[2011-12-23 09:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Menu Start\Programy\ING Sidoma 8

[2009-12-30 14:47:55 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-01-14 12:29:29 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012-01-14 12:27:45 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{92FBEB16-4D65-4D3F-9D9A-255368609878}.job

[2012-01-14 12:24:45 | 000,010,964 | -HS- | M] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\of4fh85sio42715cd0i54o0x377l1m862626w4k4n5uoy

[2012-01-14 12:24:45 | 000,010,964 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\of4fh85sio42715cd0i54o0x377l1m862626w4k4n5uoy

[2012-01-14 12:24:42 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012-01-14 12:24:41 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012-01-14 12:24:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-01-12 16:22:48 | 000,275,456 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe

[2012-01-12 16:11:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012-01-12 12:01:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012-01-08 10:55:03 | 000,491,072 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2012-01-08 10:55:03 | 000,433,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012-01-08 10:55:03 | 000,084,268 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2012-01-08 10:55:03 | 000,067,920 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012-01-03 13:39:38 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Art\Pulpit\PITy roczne.lnk

[2012-01-03 13:33:14 | 000,003,845 | ---- | M] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\unins000.dat

[2012-01-03 13:32:14 | 000,723,981 | ---- | M] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\unins000.exe

[2012-01-03 13:26:24 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PIT-OPP 2011.lnk

[2011-12-30 20:54:54 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2011-12-23 09:50:21 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\Art\Pulpit\ING SidomaOnLine 8.lnk

[2011-12-23 00:30:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-01-12 16:22:48 | 000,010,964 | -HS- | C] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\of4fh85sio42715cd0i54o0x377l1m862626w4k4n5uoy

[2012-01-12 16:22:48 | 000,010,964 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\of4fh85sio42715cd0i54o0x377l1m862626w4k4n5uoy

[2012-01-03 13:39:38 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Art\Pulpit\PITy roczne.lnk

[2012-01-03 13:31:40 | 000,723,981 | ---- | C] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\unins000.exe

[2012-01-03 13:31:40 | 000,003,845 | ---- | C] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\unins000.dat

[2012-01-03 13:26:24 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PIT-OPP 2011.lnk

[2011-12-30 20:54:54 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2011-12-19 16:13:19 | 000,000,458 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{92FBEB16-4D65-4D3F-9D9A-255368609878}.job

[2011-03-14 10:59:04 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll

[2010-03-10 13:54:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2010-01-15 18:51:46 | 000,240,640 | ---- | C] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-01-11 21:44:29 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-01-08 10:55:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009-12-31 13:32:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-12-30 14:51:19 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\AudioDrv.ini

[2009-12-30 14:47:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2009-12-30 14:47:54 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll

[2009-12-22 13:45:53 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-12-22 13:44:50 | 001,489,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-12-22 12:59:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009-12-22 12:55:52 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006-12-22 02:55:46 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini

[2006-08-23 11:47:00 | 000,008,251 | R--- | C] () -- C:\WINDOWS\sfsyn.ini

[2005-03-08 07:17:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2004-08-04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004-08-04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004-08-04 13:00:00 | 000,491,072 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat

[2004-08-04 13:00:00 | 000,433,144 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004-08-04 13:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat

[2004-08-04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004-08-04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004-08-04 13:00:00 | 000,084,268 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat

[2004-08-04 13:00:00 | 000,067,920 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004-08-04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004-08-04 13:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat

[2004-08-04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004-08-04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004-08-04 13:00:00 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004-08-04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004-08-04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat


< End of report >

OTL Extras logfile created on: 2012-01-14 12:51:27 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Art\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,50 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 60,09% Memory free

3,35 Gb Paging File | 2,93 Gb Available in Paging File | 87,39% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 198,80 Gb Free Space | 85,37% Space Free | Partition Type: NTFS


Computer Name: ART-E4E8E5E42D7 | User Name: Art | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*


[HKEY_USERS\S-1-5-21-776561741-706699826-725345543-1004\SOFTWARE\Classes\]

.exe [@ = Awo] -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe (?????????? ??????????)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[color=#E56717]========== System Restore Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2


[color=#E56717]========== Firewall Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (sms-express.com)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)

"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()

"C:\Program Files\Sti\SterlingTraderPro\Base.exe" = C:\Program Files\Sti\SterlingTraderPro\Base.exe:*:Enabled:Base -- ()

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.20

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack

"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FOREX DoAkcji - Platforma Transakcyjna

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{670A2206-F20A-490C-8C13-25EA88BF8E53}_is1" = e-pity 2010

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine

"{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C9DDCAA-91E1-4DAA-BC65-68BD80546B98}}_is1" = PIT-OPP 2011

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9590C850-8A55-43DB-A413-DFF6E5636570}" = PC Connectivity Solution

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0E7EBCC-6F38-4534-AC3E-183EFDA135F0}" = Nokia Ovi Suite

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver

"{F9EBCE70-48D4-4176-9358-52FF05DBF4CB}" = Sterling Trader Pro

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"05B59228C7E1C21DFBE89260F879BD95880548D8" = Pakiet sterowników systemu Windows - Nokia Modem (10/05/2009 4.2)

"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.4)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"ALLPlayer_is1" = ALLPlayer V4.X

"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Pakiet sterowników systemu Windows - Nokia Modem (03/05/2008 3.7)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Pakiet sterowników systemu Windows - Nokia Modem (03/13/2008 6.86.0.1)

"eMule" = eMule

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"ewidoantimalware" = ewido anti-malware

"FOREX DoAkcji - Platforma Transakcyjna" = FOREX DoAkcji - Platforma Transakcyjna

"Gadu-Gadu" = Gadu-Gadu 6.1

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NeroMultiInstaller!UninstallKey" = Nero Suite

"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12

"Nokia Ovi Suite" = Nokia Ovi Suite

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA Drivers" = NVIDIA Drivers

"PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.0

"PITy 2009_is1" = PITy 2009 dla Windows kompilacja:1.1.2.0

"PITy 2011_is1" = PITy 2011

"Pity Format 2010_is1" = Pity Format 2010

"PokerStars" = PokerStars

"PowerISO" = PowerISO

"RealAlt_is1" = Real Alternative 2.0.2

"Revo Uninstaller" = Revo Uninstaller 1.91

"Rozliczenie Roczne Rzeczpospolitej 2009" = Rozliczenie Roczne Rzeczpospolitej 2009

"Soulseek2" = SoulSeek 157 NS 13e

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9


[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]


[HKEY_USERS\S-1-5-21-776561741-706699826-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ING SidomaOnLine 8" = ING SidomaOnLine 8


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[Application Events]

Error - 2011-12-13 06:07:18 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł 

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-12-14 15:42:57 | Computer Name = ART-E4E8E5E42D7 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł

 powodujący błąd mshtml.dll, wersja 8.0.6001.19154, adres błędu 0x00067a38.


Error - 2011-12-15 04:52:42 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł 

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-12-15 04:52:53 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1001

Description = Pakiet błędów 1180947459.


Error - 2011-12-21 09:20:24 | Computer Name = ART-E4E8E5E42D7 | Source = SecurityCenter | ID = 1802

Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend

 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.


Error - 2011-12-23 19:13:25 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł 

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-12-30 08:10:43 | Computer Name = ART-E4E8E5E42D7 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł

 powodujący błąd mshtml.dll, wersja 8.0.6001.19170, adres błędu 0x00067978.


Error - 2012-01-07 16:31:01 | Computer Name = ART-E4E8E5E42D7 | Source = MsiInstaller | ID = 11704

Description = Produkt: Microsoft .NET Framework 3.5 SP1 -- Error 1704.Instalacja

 Microsoft .NET Framework 2.0 Service Pack 2 jest w tej chwili wstrzymana. Przed

 kontynuacją musisz cofnąć zmiany dokonane przez tę instalację. Chcesz cofnąć zmiany?


Error - 2012-01-10 06:28:56 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł 

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2012-01-14 07:34:30 | Computer Name = ART-E4E8E5E42D7 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 

3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

 P8 NIL, P9 NIL, P10 NIL.


[System Events]

Error - 2011-12-21 09:20:24 | Computer Name = ART-E4E8E5E42D7 | Source = DCOM | ID = 10010

Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się

 w modelu DCOM w wymaganym czasie.


Error - 2012-01-14 07:34:30 | Computer Name = ART-E4E8E5E42D7 | Source = Microsoft Antimalware | ID = 2001

Description = Program %%860 napotkał błąd podczas próby aktualizacji podpisów. Nowa

 wersja podpisu: Poprzednia wersja podpisu: 1.117.2670.0 Źródło aktualizacji: %%859


	Etap

 aktualizacji %%852 Ścieżka źródła: Default URL Typ podpisu: %%800 Typ aktualizacji:

 %%803 Użytkownik: ZARZĄDZANIE NT\SYSTEM Bieżąca wersja aparatu: Poprzednia wersja

 aparatu: 1.1.7903.0 Kod błędu: 0x80070424 Opis błędu: Określona usługa nie istnieje

 jako usługa zainstalowana. 



< End of report >

Dzięki za pomoc i pozdrawiam


(Leon$) #2

Pobierz I przeskanuj http://www.dobreprogramy.pl/Malwarebyte ... 13117.html

Co znajdzie usuń

potem nowy log OTL

zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html

:slight_smile:


(Highway1) #3

Niestety mogę go ściągnąć a po naciśnięciu Uruchom nic się nie dziej... mam problem z uruchamianiem wszystkiego co ściągne, wyskakuje mi ostrzeżenie tego wirusa że trzeba wykupic oprogramowanie... czasem nic nie wyskakuje.


(Acorus) #4

Spróbuj w trybie awaryjnym.


(Highway1) #5

Witam

Pisze z zaswiatow, czyli Wirus zablokowal mi strony i jakikolwiek adres nie wpisze to wyskakuje mi info ze jest duze niebezpieczenstwo i nie laczy mnie ze strona. Pisze teraz z telefonu wiec chyba tym razem lipa.

Sciagnalem ten malware i w trybie awaryjnym go przeskanowalem, cos pokasowal ale dalej ani rusz. Nie moge juz wstawic logow z OTLa bo nie moge sie polaczyc kompem z netem. Posiedze troche w telefonie wiec jak ktos jest i wie jak doradzic to popatrze. Tylko chyba zadnych wiekszych instrukcji nie przekopiuje bo nie mam jak :slight_smile: