Wirus XP Antispyware 2012 blokuje wszystko co może

Zainstalował się wirus XP Antispyware 2012. Nie można wejść na strony przez Explorera jedynie przez Firefoxa. Nie działa tez “msconfig”. Odinstalowałem Power ISO ale z “dodaj usuń programy” natomiast tego SPTDinst nie mogę już uruchomić. Jest źle i jeszcze do tej pory tak źle nie miałem :(. Wklejam logi z OTL i proszę o pomoc. Co mam zrobić w sytuacji gdy wiele programów przez ten Wirus nie chce się uruchamiać np Hijacthis. Jeszcze niczym go nie skanowałem ale słyszałem że restartuje kompa przy próbie wykrycia.

OTL logfile created on: 2012-01-14 12:51:27 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Art\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,50 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 60,09% Memory free

3,35 Gb Paging File | 2,93 Gb Available in Paging File | 87,39% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 198,80 Gb Free Space | 85,37% Space Free | Partition Type: NTFS


Computer Name: ART-E4E8E5E42D7 | User Name: Art | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-01-14 12:50:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Moje dokumenty\Pobieranie\OTL.com

PRC - [2012-01-14 12:36:31 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012-01-12 16:22:48 | 000,275,456 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe

PRC - [2011-04-27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010-07-20 10:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2010-06-22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2010-06-14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

PRC - [2009-11-09 04:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2009-10-27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005-11-30 10:47:52 | 000,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido anti-malware\ewidoctrl.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2012-01-14 12:36:31 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll

MOD - [2010-12-17 16:19:38 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2009-11-03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2007-05-08 01:59:08 | 000,137,216 | ---- | M] () -- C:\WINDOWS\system32\OemSpi.dll

MOD - [2001-10-28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011-04-27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2011-02-11 17:42:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010-06-14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2005-11-30 10:47:52 | 000,013,888 | ---- | M] (ewido networks) [Auto | Running] -- C:\Program Files\ewido anti-malware\ewidoctrl.exe -- (ewido security suite control)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2012-01-14 12:24:38 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B90E4536-89EE-455E-9C73-B9C0831DCAB1}\MpKsl268fe7e4.sys -- (MpKsl268fe7e4)

DRV - [2010-02-26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010-02-26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010-02-26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010-02-26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009-11-09 04:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009-11-03 12:39:04 | 005,940,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007-11-21 17:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)

DRV - [2007-10-10 19:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)

DRV - [2006-08-07 12:30:52 | 000,162,176 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)

DRV - [2005-12-08 04:54:52 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2005-12-08 04:54:44 | 000,142,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2005-03-04 04:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005-01-07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-776561741-706699826-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKU\S-1-5-21-776561741-706699826-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-706699826-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 3

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: codiprog@fbplus.plugin:1.8

FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-09-01 11:18:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-14 12:36:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-14 12:36:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-09-01 11:18:21 | 000,000,000 | ---D | M]


[2011-03-02 09:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Extensions

[2012-01-14 12:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions

[2010-04-28 10:34:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011-08-08 18:42:53 | 000,000,000 | ---D | M] ("Face Cool Smileys (FB Plus)") -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions\codiprog@fbplus.plugin

[2011-03-09 14:31:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2011-03-01 19:59:00 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Art\Dane aplikacji\Mozilla\Firefox\Profiles\9mqwi7h4.default\extensions\firefox@tvunetworks.com

[2012-01-14 12:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009-12-28 11:43:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010-09-01 11:18:19 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION

[2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-21-776561741-706699826-725345543-1004..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKU\S-1-5-21-776561741-706699826-725345543-1004..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-706699826-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C409D791-30C1-4BE6-9ABE-88D1194F069D}: DhcpNameServer = 62.179.1.63 62.179.1.62

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-12-22 12:58:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-776561741-706699826-725345543-1004\...exe [@ = kD] -- "C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe" -a "%1" %* (?????????? ??????????)


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-01-12 16:22:48 | 000,275,456 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe

[2012-01-07 13:13:06 | 000,000,000 | ---D | C] -- C:\6ab991cf6e042dada3dede

[2012-01-03 13:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\PITy

[2012-01-03 13:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PITy

[2012-01-03 13:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PITy

[2012-01-03 13:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\Infonetax

[2012-01-03 13:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Infonetax

[2012-01-03 13:26:20 | 000,000,000 | ---D | C] -- C:\Infonetax

[2011-12-23 09:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Menu Start\Programy\ING Sidoma 8

[2009-12-30 14:47:55 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-01-14 12:29:29 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012-01-14 12:27:45 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{92FBEB16-4D65-4D3F-9D9A-255368609878}.job

[2012-01-14 12:24:45 | 000,010,964 | -HS- | M] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\of4fh85sio42715cd0i54o0x377l1m862626w4k4n5uoy

[2012-01-14 12:24:45 | 000,010,964 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\of4fh85sio42715cd0i54o0x377l1m862626w4k4n5uoy

[2012-01-14 12:24:42 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012-01-14 12:24:41 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012-01-14 12:24:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-01-12 16:22:48 | 000,275,456 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe

[2012-01-12 16:11:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012-01-12 12:01:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012-01-08 10:55:03 | 000,491,072 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2012-01-08 10:55:03 | 000,433,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012-01-08 10:55:03 | 000,084,268 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2012-01-08 10:55:03 | 000,067,920 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012-01-03 13:39:38 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Art\Pulpit\PITy roczne.lnk

[2012-01-03 13:33:14 | 000,003,845 | ---- | M] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\unins000.dat

[2012-01-03 13:32:14 | 000,723,981 | ---- | M] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\unins000.exe

[2012-01-03 13:26:24 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PIT-OPP 2011.lnk

[2011-12-30 20:54:54 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2011-12-23 09:50:21 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\Art\Pulpit\ING SidomaOnLine 8.lnk

[2011-12-23 00:30:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-01-12 16:22:48 | 000,010,964 | -HS- | C] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\of4fh85sio42715cd0i54o0x377l1m862626w4k4n5uoy

[2012-01-12 16:22:48 | 000,010,964 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\of4fh85sio42715cd0i54o0x377l1m862626w4k4n5uoy

[2012-01-03 13:39:38 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Art\Pulpit\PITy roczne.lnk

[2012-01-03 13:31:40 | 000,723,981 | ---- | C] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\unins000.exe

[2012-01-03 13:31:40 | 000,003,845 | ---- | C] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\unins000.dat

[2012-01-03 13:26:24 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PIT-OPP 2011.lnk

[2011-12-30 20:54:54 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2011-12-19 16:13:19 | 000,000,458 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{92FBEB16-4D65-4D3F-9D9A-255368609878}.job

[2011-03-14 10:59:04 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll

[2010-03-10 13:54:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2010-01-15 18:51:46 | 000,240,640 | ---- | C] () -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-01-11 21:44:29 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-01-08 10:55:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009-12-31 13:32:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-12-30 14:51:19 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\AudioDrv.ini

[2009-12-30 14:47:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2009-12-30 14:47:54 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll

[2009-12-22 13:45:53 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-12-22 13:44:50 | 001,489,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-12-22 12:59:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009-12-22 12:55:52 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006-12-22 02:55:46 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini

[2006-08-23 11:47:00 | 000,008,251 | R--- | C] () -- C:\WINDOWS\sfsyn.ini

[2005-03-08 07:17:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2004-08-04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004-08-04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004-08-04 13:00:00 | 000,491,072 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat

[2004-08-04 13:00:00 | 000,433,144 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004-08-04 13:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat

[2004-08-04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004-08-04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004-08-04 13:00:00 | 000,084,268 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat

[2004-08-04 13:00:00 | 000,067,920 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004-08-04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004-08-04 13:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat

[2004-08-04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004-08-04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004-08-04 13:00:00 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004-08-04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004-08-04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat


< End of report >

OTL Extras logfile created on: 2012-01-14 12:51:27 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Art\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,50 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 60,09% Memory free

3,35 Gb Paging File | 2,93 Gb Available in Paging File | 87,39% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 198,80 Gb Free Space | 85,37% Space Free | Partition Type: NTFS


Computer Name: ART-E4E8E5E42D7 | User Name: Art | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*


[HKEY_USERS\S-1-5-21-776561741-706699826-725345543-1004\SOFTWARE\Classes\]

.exe [@ = Awo] -- C:\Documents and Settings\Art\Ustawienia lokalne\Dane aplikacji\miw.exe (?????????? ??????????)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[color=#E56717]========== System Restore Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2


[color=#E56717]========== Firewall Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (sms-express.com)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)

"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()

"C:\Program Files\Sti\SterlingTraderPro\Base.exe" = C:\Program Files\Sti\SterlingTraderPro\Base.exe:*:Enabled:Base -- ()

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.20

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack

"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FOREX DoAkcji - Platforma Transakcyjna

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{670A2206-F20A-490C-8C13-25EA88BF8E53}_is1" = e-pity 2010

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine

"{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C9DDCAA-91E1-4DAA-BC65-68BD80546B98}}_is1" = PIT-OPP 2011

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9590C850-8A55-43DB-A413-DFF6E5636570}" = PC Connectivity Solution

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0E7EBCC-6F38-4534-AC3E-183EFDA135F0}" = Nokia Ovi Suite

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver

"{F9EBCE70-48D4-4176-9358-52FF05DBF4CB}" = Sterling Trader Pro

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"05B59228C7E1C21DFBE89260F879BD95880548D8" = Pakiet sterowników systemu Windows - Nokia Modem (10/05/2009 4.2)

"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.4)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"ALLPlayer_is1" = ALLPlayer V4.X

"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Pakiet sterowników systemu Windows - Nokia Modem (03/05/2008 3.7)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Pakiet sterowników systemu Windows - Nokia Modem (03/13/2008 6.86.0.1)

"eMule" = eMule

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"ewidoantimalware" = ewido anti-malware

"FOREX DoAkcji - Platforma Transakcyjna" = FOREX DoAkcji - Platforma Transakcyjna

"Gadu-Gadu" = Gadu-Gadu 6.1

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NeroMultiInstaller!UninstallKey" = Nero Suite

"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12

"Nokia Ovi Suite" = Nokia Ovi Suite

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA Drivers" = NVIDIA Drivers

"PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.0

"PITy 2009_is1" = PITy 2009 dla Windows kompilacja:1.1.2.0

"PITy 2011_is1" = PITy 2011

"Pity Format 2010_is1" = Pity Format 2010

"PokerStars" = PokerStars

"PowerISO" = PowerISO

"RealAlt_is1" = Real Alternative 2.0.2

"Revo Uninstaller" = Revo Uninstaller 1.91

"Rozliczenie Roczne Rzeczpospolitej 2009" = Rozliczenie Roczne Rzeczpospolitej 2009

"Soulseek2" = SoulSeek 157 NS 13e

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9


[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]


[HKEY_USERS\S-1-5-21-776561741-706699826-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ING SidomaOnLine 8" = ING SidomaOnLine 8


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[Application Events]

Error - 2011-12-13 06:07:18 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł 

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-12-14 15:42:57 | Computer Name = ART-E4E8E5E42D7 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł

 powodujący błąd mshtml.dll, wersja 8.0.6001.19154, adres błędu 0x00067a38.


Error - 2011-12-15 04:52:42 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł 

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-12-15 04:52:53 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1001

Description = Pakiet błędów 1180947459.


Error - 2011-12-21 09:20:24 | Computer Name = ART-E4E8E5E42D7 | Source = SecurityCenter | ID = 1802

Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend

 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.


Error - 2011-12-23 19:13:25 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł 

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-12-30 08:10:43 | Computer Name = ART-E4E8E5E42D7 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł

 powodujący błąd mshtml.dll, wersja 8.0.6001.19170, adres błędu 0x00067978.


Error - 2012-01-07 16:31:01 | Computer Name = ART-E4E8E5E42D7 | Source = MsiInstaller | ID = 11704

Description = Produkt: Microsoft .NET Framework 3.5 SP1 -- Error 1704.Instalacja

 Microsoft .NET Framework 2.0 Service Pack 2 jest w tej chwili wstrzymana. Przed

 kontynuacją musisz cofnąć zmiany dokonane przez tę instalację. Chcesz cofnąć zmiany?


Error - 2012-01-10 06:28:56 | Computer Name = ART-E4E8E5E42D7 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł 

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2012-01-14 07:34:30 | Computer Name = ART-E4E8E5E42D7 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 

3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

 P8 NIL, P9 NIL, P10 NIL.


[System Events]

Error - 2011-12-21 09:20:24 | Computer Name = ART-E4E8E5E42D7 | Source = DCOM | ID = 10010

Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się

 w modelu DCOM w wymaganym czasie.


Error - 2012-01-14 07:34:30 | Computer Name = ART-E4E8E5E42D7 | Source = Microsoft Antimalware | ID = 2001

Description = Program %%860 napotkał błąd podczas próby aktualizacji podpisów. Nowa

 wersja podpisu: Poprzednia wersja podpisu: 1.117.2670.0 Źródło aktualizacji: %%859


	Etap

 aktualizacji %%852 Ścieżka źródła: Default URL Typ podpisu: %%800 Typ aktualizacji:

 %%803 Użytkownik: ZARZĄDZANIE NT\SYSTEM Bieżąca wersja aparatu: Poprzednia wersja

 aparatu: 1.1.7903.0 Kod błędu: 0x80070424 Opis błędu: Określona usługa nie istnieje

 jako usługa zainstalowana. 



< End of report >

Dzięki za pomoc i pozdrawiam

Pobierz I przeskanuj http://www.dobreprogramy.pl/Malwarebyte … 13117.html

Co znajdzie usuń

potem nowy log OTL

zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html

:slight_smile:

Niestety mogę go ściągnąć a po naciśnięciu Uruchom nic się nie dziej… mam problem z uruchamianiem wszystkiego co ściągne, wyskakuje mi ostrzeżenie tego wirusa że trzeba wykupic oprogramowanie… czasem nic nie wyskakuje.

Spróbuj w trybie awaryjnym.

Witam

Pisze z zaswiatow, czyli Wirus zablokowal mi strony i jakikolwiek adres nie wpisze to wyskakuje mi info ze jest duze niebezpieczenstwo i nie laczy mnie ze strona. Pisze teraz z telefonu wiec chyba tym razem lipa.

Sciagnalem ten malware i w trybie awaryjnym go przeskanowalem, cos pokasowal ale dalej ani rusz. Nie moge juz wstawic logow z OTLa bo nie moge sie polaczyc kompem z netem. Posiedze troche w telefonie wiec jak ktos jest i wie jak doradzic to popatrze. Tylko chyba zadnych wiekszych instrukcji nie przekopiuje bo nie mam jak :slight_smile: