Weelsof tryb awaryjny nie działa

[wojtekll]

Witam mam problem ze znanym już Weelsof-em mianowicie nie mogę uruchomić trybu awaryjnego i odpalić odpowiednich programów (podczas uruchamiania w trybie awaryjnym komputer restartuje się) przy normalnym uruchamianiu pojawia się znany obrazek "komputer został zablokowany" (raz udało mi się przed pojawieniem się planszy uruchomic combofix-a ale nie naprawił systemu. Czy da się bez robienia systremu ożywić kompa?

 

 

OTL logfile created on: 7/17/2012 4:50:12 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Dodatek Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29.28 Gb Total Space | 3.80 Gb Free Space | 12.99% Space Free | Partition Type: FAT32

Drive D: | 119.75 Gb Total Space | 91.57 Gb Free Space | 76.46% Space Free | Partition Type: NTFS

Drive E: | 7.45 Gb Total Space | 0.87 Gb Free Space | 11.69% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet006

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand] -- -- (ipod service)

SRV - File not found [Disabled] -- -- (HidServ)

SRV - File not found [On_Demand] -- -- (AppMgmt)

SRV - [2012/07/17 14:42:20 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)

SRV - [2012/07/12 15:57:00 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/25 06:44:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2010/09/10 12:05:58 | 001,098,312 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2010/08/26 01:28:54 | 001,330,792 | ---- | M] () [Auto] -- C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe -- (AVKWCtl)

SRV - [2010/08/26 00:52:00 | 000,340,552 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)

SRV - [2010/07/20 13:27:24 | 000,410,696 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe -- (AVKService)

SRV - [2010/07/19 01:00:38 | 000,948,808 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)

SRV - [2010/07/19 00:43:06 | 001,553,248 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe -- (GDFwSvc)

SRV - [2010/07/19 00:30:22 | 000,906,824 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)

SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2003/04/07 21:21:46 | 000,065,795 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - File not found [Kernel | System] -- -- (843a0ff7)

DRV - [2012/07/17 12:39:46 | 000,051,400 | ---- | M] (G Data Software AG) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)

DRV - [2010/10/20 10:44:58 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)

DRV - [2010/10/20 10:36:48 | 000,062,024 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV - [2010/10/20 10:36:48 | 000,038,600 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)

DRV - [2010/10/20 10:36:48 | 000,033,480 | ---- | M] (G Data Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)

DRV - [2010/10/20 10:21:36 | 000,029,640 | ---- | M] (G Data Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)

DRV - [2008/01/16 15:40:16 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2007/05/15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)

DRV - [2006/09/12 12:27:00 | 004,381,184 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/08/14 14:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006/03/24 18:14:00 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)

DRV - [2004/12/24 17:58:02 | 000,010,368 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)

DRV - [2001/10/26 16:50:00 | 000,070,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atiragem.sys -- (atirage)

DRV - [2001/08/17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

DRV - [1999/05/19 10:09:08 | 000,003,608 | R--- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\port_nt.sys -- (port_nt)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = "http://www.google.com/ie"

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\komputer1_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = "http://www.google.com"

IE - HKU\komputer1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = "http://www.triomen-hurt.pl/"

IE - HKU\komputer1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.triomen-hurt.pl/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@apple.com/itunes,version=:

FF - HKLM\Software\MozillaPlugins\@apple.com/itunes,version=1.0: File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\komputer1\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\komputer1\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 14:28:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 12:56:02 | 000,000,000 | ---D | M]

 

[2010/11/18 12:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\komputer1\Dane aplikacji\mozilla\Extensions

[2010/11/18 12:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\komputer1\Dane aplikacji\mozilla\Firefox\Profiles\1nix9w2t.default\extensions

[2010/11/18 12:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2012/06/25 06:44:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/06/25 06:44:06 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[2012/06/25 06:44:06 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012/06/25 06:44:06 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012/06/25 06:44:06 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012/06/25 06:44:06 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012/06/25 06:44:06 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

 

O1 HOSTS File: ([2009/07/03 08:36:08 | 000,316,727 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 10868 more lines...

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)

O3 - HKU\komputer1_ON_C\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LGODDFU] File not found

O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)

O4 - HKLM..\Run: [systemcpl] C:\Documents and Settings\komputer1\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3666\systemcpl.exe ()

O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\komputer1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\komputer1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab" (QuickTime Object)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} "http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296037271562" (WUWebControl Class)

O16 - DPF: {6714928B-F4BF-4E44-82EF-BB036DBD9213} "http://192.168.1.60/TLNetDvr.CAB" (TLNetDvr Control)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} "https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab" (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab" (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} "http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab" (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab" (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab" (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} "http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" (Shockwave Flash Object)

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} "http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab" (IWinAmpActiveX Class)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/10/08 08:56:02 | 000,000,045 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2010/10/08 08:56:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/07/18 14:31:08 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\komputer1\Pulpit\HitmanPro36.exe

[2012/07/18 11:18:54 | 004,579,127 | R--- | C] (Swearware) -- C:\Documents and Settings\komputer1\Pulpit\ComboFix.exe

[2012/07/17 15:02:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tmp0000251d

[2012/07/17 14:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HitmanPro

[2012/07/17 14:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2012/07/17 14:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro

[2012/07/17 14:41:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tmp00001565

[2012/07/17 14:09:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/07/17 14:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tmp00007c2d

[2012/07/17 13:18:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tmp00005627

[2012/07/17 12:57:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/07/17 12:57:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/07/17 12:57:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/07/17 12:57:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/07/17 12:55:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tmp00004427

[2012/07/17 12:48:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/17 12:48:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tmp00003e7d

[2012/07/17 12:47:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2012/07/17 12:39:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tmp00003813

[2012/07/17 12:38:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2012/07/17 12:38:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2012/07/17 12:36:45 | 000,000,000 | -HSD | C] -- C:\Recycled

[2012/07/17 06:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\komputer1\Dane aplikacji\hellomoto

[2012/06/22 11:45:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\OTL.exe

[2012/06/22 11:45:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\komputer1\Pulpit\OTL.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/07/18 14:31:42 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\komputer1\Pulpit\HitmanPro36.exe

[2012/07/18 11:19:24 | 004,579,127 | R--- | M] (Swearware) -- C:\Documents and Settings\komputer1\Pulpit\ComboFix.exe

[2012/07/18 06:10:02 | 000,000,390 | ---- | M] () -- C:\WINDOWS\lgfwup.ini

[2012/07/17 15:38:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/07/17 15:02:10 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/17 15:02:08 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter.job

[2012/07/17 14:42:20 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HitmanPro.lnk

[2012/07/17 14:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\HitmanPro

[2012/07/17 12:57:14 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/17 12:39:46 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys

[2012/07/17 12:33:00 | 000,000,245 | RHS- | M] () -- C:\boot.ini

[2012/07/17 11:54:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/07/17 07:53:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/07/16 07:15:02 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-746137067-839522115-1004Core1cd5e5a58cdf494.job

[2012/07/12 15:56:44 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/07/12 15:56:42 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/07/12 05:58:56 | 000,002,252 | ---- | M] () -- C:\Documents and Settings\komputer1\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/07/04 13:41:48 | 000,855,168 | ---- | M] () -- C:\Documents and Settings\komputer1\Pulpit\miraculum.pdf

[2012/07/04 12:54:16 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml

[2012/07/04 12:28:26 | 000,865,454 | ---- | M] () -- C:\Documents and Settings\komputer1\Pulpit\miraculum1.pdf

[2012/07/03 13:45:58 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\komputer1\Pulpit\Skrót do efektywność.ods.lnk

[2012/07/03 13:31:00 | 003,575,338 | ---- | M] () -- C:\Documents and Settings\komputer1\Pulpit\glob.jpg

[2012/07/03 05:54:14 | 2138,390,528 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2012/06/28 08:53:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/07/17 14:42:18 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HitmanPro.lnk

[2012/07/17 12:57:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/07/17 12:57:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/07/17 12:57:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/07/17 12:57:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/07/17 12:57:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/07/10 07:10:39 | 000,001,096 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-746137067-839522115-1004Core1cd5e5a58cdf494.job

[2012/07/04 13:41:32 | 000,855,168 | ---- | C] () -- C:\Documents and Settings\komputer1\Pulpit\miraculum.pdf

[2012/07/04 12:28:12 | 000,865,454 | ---- | C] () -- C:\Documents and Settings\komputer1\Pulpit\miraculum1.pdf

[2012/07/03 13:45:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\komputer1\Pulpit\Skrót do efektywność.ods.lnk

[2011/05/11 10:22:32 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\komputer1\.javafx_ping_sent

[2011/05/11 10:22:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\komputer1\.javafx_eula_accepted

[2011/01/04 12:15:43 | 000,098,564 | ---- | C] () -- C:\WINDOWS\System32\TLDvrLng.ini

[2010/11/18 12:56:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/10/08 08:20:31 | 000,003,608 | R--- | C] () -- C:\WINDOWS\System32\drivers\port_nt.sys

[2010/09/07 17:25:42 | 000,047,024 | ---- | C] () -- C:\WINDOWS\System32\avcdec.dll

[2009/08/07 09:59:14 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp

[2009/08/07 09:59:14 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp

[2009/06/30 06:31:26 | 000,316,727 | R--- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak

[2009/06/30 06:31:26 | 000,002,609 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak

[2009/06/30 06:31:26 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak

[2009/06/03 10:31:23 | 000,001,010 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2009/01/08 14:15:32 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\usbr38.dll

[2009/01/08 14:12:25 | 000,000,292 | ---- | C] () -- C:\WINDOWS\acpr.ini

[2009/01/08 14:11:55 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\Acpr.ini

[2008/12/31 11:20:21 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe

[2008/12/12 10:11:13 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\komputer1\.plugin140.trace

[2008/12/12 10:10:49 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll

[2008/12/11 11:04:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/11/17 14:43:12 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat

[2008/04/15 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/15 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/15 12:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat

[2008/04/15 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/15 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/15 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/15 12:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat

[2008/04/15 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/15 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/15 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/15 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/01/28 15:00:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/01/28 15:00:24 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\komputer1\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/22 13:40:14 | 000,000,390 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2008/01/21 13:01:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2008/01/16 15:30:56 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat

[2008/01/16 15:30:56 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat

[2008/01/07 09:35:33 | 000,307,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2008/01/07 09:23:29 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\komputer1\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2008/01/07 09:13:58 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/01/07 08:16:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/01/07 08:14:19 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2008/01/07 08:12:19 | 000,004,694 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008/01/07 08:12:17 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008/01/05 20:47:57 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/01/05 20:47:02 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/01/05 14:12:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/01/05 14:08:19 | 000,023,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006/03/02 12:00:00 | 000,503,698 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat

[2006/03/02 12:00:00 | 000,444,528 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/03/02 12:00:00 | 000,090,202 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat

[2006/03/02 12:00:00 | 000,072,152 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/03/02 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/04/08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2003/04/07 21:21:58 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

 

========== LOP Check ==========

 

[2008/12/11 10:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\komputer1\Dane aplikacji\ipla

[2009/03/09 13:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\komputer1\Dane aplikacji\Orbit

[2009/03/09 13:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\komputer1\Dane aplikacji\GrabPro

[2009/06/29 13:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\komputer1\Dane aplikacji\uTorrent

[2009/12/04 12:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\komputer1\Dane aplikacji\OpenOffice.org

[2011/04/28 09:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\komputer1\Dane aplikacji\IrfanView

[2012/07/17 06:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\komputer1\Dane aplikacji\hellomoto

[2008/12/11 10:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla

[2009/04/20 09:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA

[2009/06/17 06:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/06/29 14:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fighters

[2010/03/18 10:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ashampoo

[2012/07/17 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro

[2008/12/22 08:59:52 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200494422.job

[2010/04/07 09:36:42 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A7817212-DFAE-4CEB-8963-4AB8E59C1A98}.job

[2012/07/17 15:02:08 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter.job

 

========== Purity Check ==========

 

 

< End of report >

[picasso]

Logi proszę dołączaj przez zalączniki forum i nie stosuj tagu CODE do obramowań raportów.

 

1. Z poziomu OTLPE uruchom OTL i w sekcji Custom Scans/Fixes wklej:

 

:OTL
SRV - File not found [On_Demand] -- -- (ipod service)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (843a0ff7)
O3 - HKU\komputer1_ON_C\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LGODDFU] File not found
O4 - HKLM..\Run: [systemcpl] C:\Documents and Settings\komputer1\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3666\systemcpl.exe ()
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} "http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab" (Reg Error: Key error.)
 
:Files
C:\Documents and Settings\komputer1\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3666
C:\Documents and Settings\komputer1\Dane aplikacji\hellomoto
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak
C:\WINDOWS\System32\tmp*
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Run Fix. Skrypt zostanie przetworzony i na dysku C pojawi się log z usuwania. System zostanie odblokowany.

 

2. Zresetuj plik HOSTS do postaci domyślnej za pomocą automatycznego narzędzia Fix-it z artykułu: KB972034.

 

3. Zrób tradycyjne logi z OTL z opcji Skanuj. Dołącz log z usuwania OTL z punktu 1.

 

 

 

.

[wojtekll]

poniżej Log

po fix.txt

[picasso]

Skrypt prawidłowo wykonany, Windows już jest odblokowany. A gdzie główne logi OTL zrobione już z poziomu Windows:

 

3. Zrób tradycyjne logi z OTL z opcji Skanuj.

[wojtekll]

już jest

pozdrawiam i dziękuję za pomoc

OTL.Txt

[picasso]

To nie jest kompletny OTL, brakuje pliku Extras, opcja "Rejestr - skan dodatkowy" nie została ustawiona na "Użyj filtrowania". Dołącz brakujący plik.

Edytowane 18 Sierpnia 2012 przez picasso
18.08.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso