ipkis Opublikowano 28 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 28 Sierpnia 2012 W załączeniu logi, bardzo proszę o pomoc... OTL.Txt Extras.Txt Odnośnik do komentarza
picasso Opublikowano 28 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 28 Sierpnia 2012 1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :OTL O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found. O4 - HKCU..\Run: [puedzqokiudssyv] C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\puedzqok.exe () [2012-08-18 09:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\uryflxieijwtfoo [2012-08-18 09:35:08 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\xdcweiktuapeqhc [2012-08-18 09:34:09 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\ms.exe DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vbtenum.sys -- (BTHidEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\huadio.tmp -- (autorun) :Commands [emptytemp] Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Klik w Wykonaj skrypt. System zostanie zrestartowany (i odblokowany), otworzy się log z wynikami usuwania. 2. Zrób nowy log OTL z opcji Skanuj (już bez Extras). . Odnośnik do komentarza
ipkis Opublikowano 28 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 28 Sierpnia 2012 Wielkie dzięki OTL logfile created on: 2012-08-28 14:42:41 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = E:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 375,45 Mb Total Physical Memory | 191,00 Mb Available Physical Memory | 50,87% Memory free 906,27 Mb Paging File | 767,61 Mb Available in Paging File | 84,70% Paging File free Paging file location(s): C:\pagefile.sys 564 1128 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,64 Gb Total Space | 1,71 Gb Free Space | 9,20% Space Free | Partition Type: NTFS Drive E: | 3,94 Gb Total Space | 3,67 Gb Free Space | 93,13% Space Free | Partition Type: FAT32 Computer Name: T-7BAE0B8712B64 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-08-28 12:48:04 | 000,598,528 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2012-07-05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012-02-03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2009-03-10 22:18:14 | 000,455,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\KB905474\wgasetup.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-01-26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe PRC - [2003-10-16 18:07:12 | 000,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe PRC - [2003-10-16 18:07:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe PRC - [2002-06-26 18:05:44 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2004-11-19 10:48:00 | 000,860,160 | ---- | M] () -- C:\Program Files\Neostrada TP\ResourceStyle.dll MOD - [2003-10-16 18:07:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe MOD - [2002-05-26 23:44:50 | 000,122,880 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-07-05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-02-03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2002-06-26 18:05:44 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2004-10-11 19:22:02 | 000,211,712 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2004-10-11 19:18:58 | 000,022,016 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2003-12-08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) DRV - [2003-12-08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alawar.pl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-07 14:40:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-12 10:41:17 | 000,000,000 | ---D | M] [2008-10-07 14:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Dane aplikacji\Mozilla\Extensions [2008-10-07 14:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Dane aplikacji\Mozilla\Firefox\Profiles\4n4e0u4t.default\extensions [2008-10-07 14:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-09-07 14:40:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-05-12 10:41:06 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-05-12 10:41:06 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-05-12 10:41:06 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-05-12 10:41:06 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-05-12 10:41:06 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-05-12 10:41:06 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2008-10-07 14:57:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe () O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D) O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\mswsock32.dll File not found O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182627474406 (WUWebControl Class) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (NVDESK32.DLL) - File not found O20 - AppInit_DLLs: (yypujo.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-04-06 09:10:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012-08-23 14:23:53 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012-08-14 17:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012-08-10 20:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Ustawienia lokalne\Dane aplikacji\Sun [2012-08-10 20:57:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2012-08-10 20:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Sun [2012-08-10 20:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012-08-10 20:54:34 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012-08-10 20:54:33 | 000,687,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012-08-10 20:54:30 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012-08-10 20:54:29 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012-08-10 20:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012-08-10 20:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Dane aplikacji\Oracle [2012-08-10 20:49:47 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012-08-10 20:49:47 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012-08-10 20:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Dane aplikacji\Sun ========== Files - Modified Within 30 Days ========== [2012-08-28 14:49:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012-08-28 14:42:04 | 000,013,770 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-08-28 14:42:00 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-08-28 14:41:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-08-28 14:41:50 | 393,756,672 | -HS- | M] () -- C:\hiberfil.sys [2012-08-28 14:36:24 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Pulpit\OTL.fix [2012-08-23 10:53:27 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-08-17 20:29:02 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2012-08-17 17:40:38 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job [2012-08-16 08:26:45 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-08-16 07:37:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-08-10 20:48:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012-08-10 20:48:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe ========== Files Created - No Company Name ========== [2012-08-28 14:41:50 | 393,756,672 | -HS- | C] () -- C:\hiberfil.sys [2012-08-28 14:36:23 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Pulpit\OTL.fix [2012-05-03 22:14:33 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2007-07-23 11:55:54 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\.plugin140_03.trace [2007-06-23 23:59:16 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-06-09 17:56:18 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\NTUSER.bak ========== LOP Check ========== [2007-11-10 22:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Dane aplikacji\Gadu-Gadu [2012-08-10 20:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Dane aplikacji\Oracle [2012-03-06 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Dane aplikacji\Registry Mechanic [2007-10-01 11:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.T-7BAE0B8712B64\Dane aplikacji\Wildfire [2010-09-06 19:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AlawarWrapper [2012-08-14 16:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Bluetooth [2012-08-10 19:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP [2012-08-17 20:29:02 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job [2012-08-28 14:49:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:D1B5B4F1 < End of report > Odnośnik do komentarza
picasso Opublikowano 28 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 28 Sierpnia 2012 Jeszcze korekty i skan potwierdzający: 1. Otwórz Notatnik i wklej w nim: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG > Uruchom ten plik 2. Start > Uruchom > cmd i wpisz komendę netsh winsock reset. Zatwierdź restart komputera. skorygowane w poście #6 3. W OTL uruchom Sprzątanie. Przez SHIFT+DEL skasuj z dysku folder C:\Kaspersky Rescue Disk 10.0. 4. Zainstaluj Malwarebytes Anti-Malware i zrób pełny skan. Przedstaw raport, jeśli coś zostanie wykryte. . Odnośnik do komentarza
ipkis Opublikowano 28 Sierpnia 2012 Autor Zgłoś Udostępnij Opublikowano 28 Sierpnia 2012 Zrobione bez kroku 4. Programu nie da się wgrać. Podczas kopiowania plików wyskakuje błąd "Parametr jest niepoprawny" przy opcji ignoruj, kolejne pliki wywalają taki sam błąd. Odnośnik do komentarza
picasso Opublikowano 28 Sierpnia 2012 Zgłoś Udostępnij Opublikowano 28 Sierpnia 2012 (edytowane) Poprawka do punktu 2. Ślepota, moja. To jest NameSpace. Zaimportuj plik REG z gotową fabryczną strukturą zgodną z XP: KLIK. Podczas kopiowania plików wyskakuje błąd "Parametr jest niepoprawny" przy opcji ignoruj, kolejne pliki wywalają taki sam błąd. Instalator na pewno pobrany w całości? I może dodaj zaległy log z GMER. . Edytowane 29 Września 2012 przez picasso 29.09.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi