halicja77 Opublikowano 16 Lipca 2012 Zgłoś Udostępnij Opublikowano 16 Lipca 2012 Proszę o pomoc w odblokowaniu ukash. Z góry dziękuję ! OTL.Txt Extras.Txt Odnośnik do komentarza
Landuss Opublikowano 16 Lipca 2012 Zgłoś Udostępnij Opublikowano 16 Lipca 2012 1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :OTL DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://home.sweetim.com/?st=1&crg=3.1010000&barid={206FCF7C-8BB6-4820-8343-8BACD6D50C20}" O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ORAHSSSessionManager] "C:\Program Files\Livebox\SessionManager\SessionManager.exe" File not found O4 - HKLM..\Run: [vbqperkeyvpgssy] C:\Documents and Settings\All Users\Dane aplikacji\vbqperke.exe (Brother) O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe File not found O4 - HKCU..\Run: [PCSpeedUp] "C:\Program Files\Przyspiesz Komputer\PCSpeedUp.exe" File not found O4 - HKCU..\Run: [vbqperkeyvpgssy] C:\Documents and Settings\All Users\Dane aplikacji\vbqperke.exe (Brother) O4 - HKLM..\RunOnceEx: [] File not found :Files C:\Documents and Settings\1\0.1913853890736521.exe C:\Documents and Settings\All Users\Dane aplikacji\scvtxcip.exe C:\Documents and Settings\All Users\Dane aplikacji\qokxmesmyqifdot C:\Documents and Settings\All Users\Dane aplikacji\xggofjqruhrkylb :Services ADILOADER :Commands [emptytemp] Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. 2. Przez Panel sterowania odinstaluj przestarzały program Spybot - Search & Destroy 4. Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL Odnośnik do komentarza
halicja77 Opublikowano 17 Lipca 2012 Autor Zgłoś Udostępnij Opublikowano 17 Lipca 2012 Nowy OTL OTL.Txt Odnośnik do komentarza
Landuss Opublikowano 17 Lipca 2012 Zgłoś Udostępnij Opublikowano 17 Lipca 2012 Infekcja poprawnie usunięta. Przejdź do finalizacji tematu: 1. Użyj opcji Sprzątanie z OTL. 2. Opróżnij folder przywracania systemu: KLIK 3. Zaktualizuj wymienione programy do najnowszych wersji: "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 21 "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish Szczegóły aktualizacyjne: KLIK 4. Dla bezpieczeństwa zmień hasła logowania do serwisów w sieci. Odnośnik do komentarza
halicja77 Opublikowano 17 Lipca 2012 Autor Zgłoś Udostępnij Opublikowano 17 Lipca 2012 Wielkie gratulacje wiedzy oraz podziekowania za pomoc ! Wszystko w jak największym porządku. Pozdrawiam ! HAlicja Odnośnik do komentarza
halicja77 Opublikowano 2 Września 2012 Autor Zgłoś Udostępnij Opublikowano 2 Września 2012 Ponownie komputer zablokowany ukash. W załaczeniu plik otl. OTL.Txt Odnośnik do komentarza
Landuss Opublikowano 2 Września 2012 Zgłoś Udostępnij Opublikowano 2 Września 2012 Zabrakło drugiego loga z OTL - extras. Nie miałaś zaznaczonej opcji Rejestr - skan dodatkowy na "Użyj filtrowania". Dostarcz ten log w kolejnym poście. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :OTL O4 - HKCU..\Run: [yduidzvujbjfuhc] C:\WINDOWS\yduidzvu.exe (Labtec) :Files C:\Documents and Settings\All Users\Dane aplikacji\hqiopopgjmoojfx C:\Documents and Settings\All Users\Dane aplikacji\kysxmvxtfvrhwql C:\Documents and Settings\All Users\Dane aplikacji\yduidzvu.exe :Commands [emptytemp] Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL Odnośnik do komentarza
halicja77 Opublikowano 2 Września 2012 Autor Zgłoś Udostępnij Opublikowano 2 Września 2012 Nawy OTL OTL logfile created on: 2012-09-02 16:19:07 - Run 6 OTL by OldTimer - Version 3.2.59.1 Folder = G:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,03% Memory free 3,85 Gb Paging File | 3,54 Gb Available in Paging File | 92,08% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 6,23 Gb Free Space | 15,95% Space Free | Partition Type: NTFS Drive D: | 58,59 Gb Total Space | 58,44 Gb Free Space | 99,73% Space Free | Partition Type: NTFS Drive E: | 135,23 Gb Total Space | 134,93 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Drive F: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,26 Gb Total Space | 0,65 Gb Free Space | 8,99% Space Free | Partition Type: FAT32 Computer Name: P-E33D123679EF4 | User Name: 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-09-02 13:17:44 | 000,598,528 | ---- | M] (OldTimer Tools) -- G:\OTL (1).exe PRC - [2009-04-29 11:02:01 | 000,270,336 | R--- | M] (LG Electronics) -- C:\Documents and Settings\1\Bluebirds\BlueBirds.exe PRC - [2009-04-08 08:45:10 | 000,114,440 | ---- | M] (Unizeto Technologies SA) -- C:\Program Files\Unizeto\proCertum CardManager\cryptoCertumScanner.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-06-01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007-06-01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2005-12-07 11:46:48 | 000,237,568 | ---- | M] (ComArch S.A.) -- C:\Program Files\Serwer wydruków graficznych dla CDN Klasyka\RpWinKla.exe PRC - [2004-12-28 19:02:40 | 000,770,048 | ---- | M] (sms-express.com) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2004-12-20 20:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2003-12-13 15:28:04 | 000,630,915 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2003-12-05 09:58:36 | 000,314,424 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe PRC - [2003-06-08 17:48:18 | 000,016,432 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe PRC - [2003-02-04 08:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE PRC - [2001-10-29 22:29:59 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe ========== Modules (No Company Name) ========== MOD - [2012-04-04 07:54:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL MOD - [2008-04-14 19:20:37 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006-05-14 06:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll MOD - [2004-12-26 20:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2004-12-20 20:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe MOD - [2004-01-05 19:16:28 | 000,015,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu\update.dll MOD - [2003-12-13 15:35:30 | 000,245,904 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCameraCenter.syx MOD - [2003-12-13 15:33:32 | 000,200,844 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDLaunchSysX.syx MOD - [2003-12-13 15:14:48 | 000,356,495 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnLine.dll MOD - [2003-12-13 15:11:24 | 000,278,666 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\cameratodos.syx MOD - [2003-12-13 15:06:52 | 000,311,428 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll MOD - [2003-12-13 15:05:46 | 001,126,533 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2003-12-13 14:59:42 | 000,454,804 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistacameraUploadSysx.syx MOD - [2003-12-13 14:56:26 | 000,389,257 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.dll MOD - [2003-12-13 14:55:00 | 000,970,892 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.dll MOD - [2003-12-13 14:53:50 | 000,061,574 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2003-12-13 14:51:34 | 000,295,053 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2003-12-13 14:44:26 | 000,102,527 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll MOD - [2003-12-13 14:35:12 | 000,569,484 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.dll MOD - [2003-12-13 14:16:54 | 000,229,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2003-12-13 14:07:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistacameraUploadSysx.dll MOD - [2003-12-13 14:04:54 | 000,356,479 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2003-12-13 13:45:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadCamBack.dll MOD - [2003-12-13 13:38:40 | 000,028,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameratodosCamBack.dll MOD - [2003-12-13 13:25:30 | 000,036,864 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2003-11-24 09:39:46 | 000,036,864 | ---- | M] () -- C:\Program Files\Gadu-Gadu\Crypto.dll MOD - [2003-06-23 09:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libeay32.dll MOD - [2003-06-23 09:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ssleay32.dll MOD - [2003-06-08 19:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll MOD - [2003-06-08 17:48:18 | 000,016,432 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe MOD - [2003-06-08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll MOD - [2003-06-08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll MOD - [2003-02-04 08:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE MOD - [2002-03-13 07:57:08 | 000,094,208 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\FrExt.dll MOD - [2002-03-13 07:56:04 | 000,049,152 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\clntutil.dll MOD - [2002-03-13 07:54:24 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\bwfiles.dll MOD - [2000-07-07 18:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ggwhook.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-08-15 16:43:42 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2009-03-04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2003-12-05 09:58:36 | 000,314,424 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS) SRV - [2003-02-04 08:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2009-07-14 13:18:40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-07-25 14:09:24 | 000,845,184 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2008-04-13 20:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf) DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008-02-14 08:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt) DRV - [2006-11-22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006-11-22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb) DRV - [2006-11-22 10:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp) DRV - [2006-03-24 19:14:00 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR) DRV - [2006-03-01 19:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2004-08-11 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003-12-05 10:00:14 | 000,148,529 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit) DRV - [2003-12-05 09:48:34 | 000,068,182 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP) DRV - [2003-12-05 09:40:20 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DCCAM) DRV - [2003-11-16 19:50:06 | 000,038,737 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K) DRV - [2003-09-30 18:00:08 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint) DRV - [2003-09-30 17:59:14 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps) DRV - [2003-09-23 11:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2001-10-26 16:49:48 | 000,077,696 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati.sys -- (ati) DRV - [2000-11-28 21:47:16 | 000,004,256 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\USERPORT.SYS -- (UserPort) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-23 12:15:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-23 12:15:44 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://home.sweetim.com/?crg=3.1010000&st=12&barid={206FCF7C-8BB6-4820-8343-8BACD6D50C20} CHR - homepage: http://home.sweetim.com/?crg=3.1010000&st=12&barid={206FCF7C-8BB6-4820-8343-8BACD6D50C20} CHR - Extension: No name found = C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: No name found = C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O4 - HKLM..\Run: [AutoRegisterCerts] C:\Program Files\Unizeto\proCertum CardManager\cryptoCertumScanner.exe (Unizeto Technologies SA) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [bluebirds] C:\Documents and Settings\1\Bluebirds\BlueBirds.exe (LG Electronics) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (sms-express.com) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Serwer wydruków graficznych dla CDN Klasyka.lnk = C:\Program Files\Serwer wydruków graficznych dla CDN Klasyka\RpWinKla.exe (ComArch S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0220E2B6-FDD2-4C8D-8E09-DB441D682873}: DhcpNameServer = 192.168.1.1 0.0.0.0 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-07-03 16:28:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-04-29 11:02:01 | 000,000,055 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{126e9b79-67ec-11de-b569-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{126e9b79-67ec-11de-b569-806d6172696f}\Shell\AutoRun\command - "" = F:\BlueBirds.exe -- [2009-04-29 11:02:01 | 000,270,336 | R--- | M] (LG Electronics) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\BlueBirds.exe -- [2009-04-29 11:02:01 | 000,270,336 | R--- | M] (LG Electronics) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012-08-27 17:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe ========== Files - Modified Within 30 Days ========== [2012-09-02 16:21:28 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{158C4438-BE6F-4017-9D65-F7706302C1F7}.job [2012-09-02 16:16:28 | 000,013,766 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-09-02 16:16:16 | 000,205,398 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012-09-02 16:16:13 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-09-02 16:16:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-09-02 13:28:42 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\1\Pulpit\Microsoft Office Word 2007.lnk [2012-09-01 16:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-09-01 16:37:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-08-27 17:38:17 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2012-08-15 10:43:07 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-08-15 10:19:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-08-14 17:09:37 | 000,002,651 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT ========== Files Created - No Company Name ========== [2012-08-27 17:38:17 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk [2012-08-27 17:38:17 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2012-06-14 09:59:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-04-18 19:57:07 | 000,707,504 | ---- | C] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\unins000.exe [2012-04-18 19:57:07 | 000,011,761 | ---- | C] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\unins000.msg [2012-04-18 19:57:07 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\unins000.dat [2011-07-13 14:16:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2010-09-20 20:09:38 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-03 08:57:37 | 000,000,085 | ---- | C] () -- C:\Documents and Settings\1\default.pls ========== LOP Check ========== [2009-07-08 17:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Dane aplikacji\Canneverbe_Limited [2009-08-07 12:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Dane aplikacji\Nokia [2009-07-05 16:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Dane aplikacji\OpenOffice.org [2009-08-07 13:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Dane aplikacji\PC Suite [2009-07-05 17:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Dane aplikacji\Simple Star [2011-10-10 08:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Dane aplikacji\Unizeto [2012-08-14 17:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2009-07-03 17:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2011-06-30 19:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iK28601MiMlE28601 [2009-08-07 21:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-08-26 10:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2009-08-07 12:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2012-09-02 16:21:28 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{158C4438-BE6F-4017-9D65-F7706302C1F7}.job ========== Purity Check ========== < End of report > Odnośnik do komentarza
Landuss Opublikowano 3 Września 2012 Zgłoś Udostępnij Opublikowano 3 Września 2012 (edytowane) A gdzie ten drugi log, o którym pisałem? Zabrakło drugiego loga z OTL - extras. Nie miałaś zaznaczonej opcji Rejestr - skan dodatkowy na "Użyj filtrowania". Dostarcz ten log w kolejnym poście. Edytowane 1 Października 2012 przez picasso 2.10.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi