Ukash zablokowany komputer

halicja77 · 10 Listopada 2012

Ponownie zablokowany komputer. Proszę o pomoc.

Z góry dziękuję. Halicja

Landuss · 11 Listopada 2012

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

:OTL
O4 - HKCU..\Run: [uryfemi] C:\Documents and Settings\1\Dane aplikacji\Ymocat\syar.exe ()
 
:Files
C:\Documents and Settings\1\Dane aplikacji\Unizeto
C:\Documents and Settings\1\Dane aplikacji\Ymocat
C:\Documents and Settings\1\Dane aplikacji\Hiiwar
C:\Documents and Settings\1\Dane aplikacji\Hoisdy
C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe
C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
C:\Documents and Settings\1\Menu Start\Programy\Autostart\ctfmon.lnk
 
:Commands
[emptytemp]

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez extras)

halicja77 · 11 Listopada 2012

Nowy OTL:

OTL logfile created on: 2012-11-11 10:30:47 - Run 2

OTL by OldTimer - Version 3.2.60.0 Folder = G:\

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,11% Memory free

3,85 Gb Paging File | 3,49 Gb Available in Paging File | 90,70% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39,06 Gb Total Space | 6,48 Gb Free Space | 16,58% Space Free | Partition Type: NTFS

Drive D: | 58,59 Gb Total Space | 58,43 Gb Free Space | 99,73% Space Free | Partition Type: NTFS

Drive E: | 135,23 Gb Total Space | 134,93 Gb Free Space | 99,78% Space Free | Partition Type: NTFS

Drive F: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 7,26 Gb Total Space | 0,53 Gb Free Space | 7,36% Space Free | Partition Type: FAT32

Computer Name: P-E33D123679EF4 | User Name: 1 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-20 09:26:24 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012-09-04 20:14:56 | 000,599,040 | ---- | M] (OldTimer Tools) -- G:\OTL.exe

PRC - [2012-07-27 21:51:36 | 000,035,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

PRC - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe

PRC - [2012-06-25 13:42:30 | 000,133,928 | ---- | M] (Unizeto Technologies SA) -- C:\Program Files\Unizeto\proCertum CardManager\cryptoCertumScanner.exe

PRC - [2009-04-29 10:02:01 | 000,270,336 | R--- | M] (LG Electronics) -- C:\Documents and Settings\1\Bluebirds\BlueBirds.exe

PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-06-01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007-06-01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2005-12-07 10:46:48 | 000,237,568 | ---- | M] (ComArch S.A.) -- C:\Program Files\Serwer wydruków graficznych dla CDN Klasyka\RpWinKla.exe

PRC - [2004-12-28 18:02:40 | 000,770,048 | ---- | M] (sms-express.com) -- C:\Program Files\Gadu-Gadu\gg.exe

PRC - [2004-12-20 19:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2003-12-13 14:28:04 | 000,630,915 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

PRC - [2003-12-05 08:58:36 | 000,314,424 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe

PRC - [2003-06-08 16:48:18 | 000,016,432 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

PRC - [2003-02-04 07:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE

PRC - [2001-10-29 21:29:59 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

========== Modules (No Company Name) ==========

MOD - [2012-07-27 21:51:56 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL

MOD - [2006-05-14 05:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll

MOD - [2004-12-26 19:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2004-12-20 19:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

MOD - [2004-01-05 18:16:28 | 000,015,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu\update.dll

MOD - [2003-12-13 14:35:30 | 000,245,904 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCameraCenter.syx

MOD - [2003-12-13 14:33:32 | 000,200,844 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDLaunchSysX.syx

MOD - [2003-12-13 14:14:48 | 000,356,495 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnLine.dll

MOD - [2003-12-13 14:11:24 | 000,278,666 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\cameratodos.syx

MOD - [2003-12-13 14:06:52 | 000,311,428 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll

MOD - [2003-12-13 14:05:46 | 001,126,533 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll

MOD - [2003-12-13 13:59:42 | 000,454,804 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistacameraUploadSysx.syx

MOD - [2003-12-13 13:56:26 | 000,389,257 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.dll

MOD - [2003-12-13 13:55:00 | 000,970,892 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.dll

MOD - [2003-12-13 13:53:50 | 000,061,574 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll

MOD - [2003-12-13 13:51:34 | 000,295,053 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll

MOD - [2003-12-13 13:44:26 | 000,102,527 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll

MOD - [2003-12-13 13:35:12 | 000,569,484 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.dll

MOD - [2003-12-13 13:16:54 | 000,229,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll

MOD - [2003-12-13 13:07:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistacameraUploadSysx.dll

MOD - [2003-12-13 13:04:54 | 000,356,479 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll

MOD - [2003-12-13 12:45:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadCamBack.dll

MOD - [2003-12-13 12:38:40 | 000,028,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameratodosCamBack.dll

MOD - [2003-12-13 12:25:30 | 000,036,864 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll

MOD - [2003-11-24 08:39:46 | 000,036,864 | ---- | M] () -- C:\Program Files\Gadu-Gadu\Crypto.dll

MOD - [2003-06-23 08:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libeay32.dll

MOD - [2003-06-23 08:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ssleay32.dll

MOD - [2003-06-08 18:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll

MOD - [2003-06-08 16:48:18 | 000,016,432 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

MOD - [2003-06-08 16:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll

MOD - [2003-06-08 16:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll

MOD - [2003-02-04 07:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE

MOD - [2002-03-13 06:57:08 | 000,094,208 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\FrExt.dll

MOD - [2002-03-13 06:56:04 | 000,049,152 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\clntutil.dll

MOD - [2002-03-13 06:54:24 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\bwfiles.dll

MOD - [2000-07-07 17:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ggwhook.dll

========== Services (SafeList) ==========

SRV - [2012-10-08 19:43:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-09-20 09:26:24 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2009-03-04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2003-12-05 08:58:36 | 000,314,424 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)

SRV - [2003-02-04 07:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012-06-28 04:32:02 | 000,016,512 | R--- | M] (Corechip Semiconductor, Inc. Co Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RD9700.sys -- (RD9700)

DRV - [2009-07-14 12:18:40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)

DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008-07-25 13:09:24 | 000,845,184 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008-04-13 19:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)

DRV - [2008-03-25 04:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008-03-25 04:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2008-02-14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2006-11-22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

DRV - [2006-11-22 09:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)

DRV - [2006-11-22 09:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)

DRV - [2006-03-24 18:14:00 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)

DRV - [2006-03-01 18:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)

DRV - [2004-08-11 17:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2003-12-05 09:00:14 | 000,148,529 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)

DRV - [2003-12-05 08:48:34 | 000,068,182 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)

DRV - [2003-12-05 08:40:20 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DCCAM)

DRV - [2003-11-16 18:50:06 | 000,038,737 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)

DRV - [2003-09-30 17:00:08 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)

DRV - [2003-09-30 16:59:14 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)

DRV - [2003-09-23 10:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)

DRV - [2001-10-26 15:49:48 | 000,077,696 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati.sys -- (ati)

DRV - [2000-11-28 20:47:16 | 000,004,256 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\USERPORT.SYS -- (UserPort)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source}"

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = "http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = "http://www.google.com/ie"

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = "http://www.google.com"

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://onet.pl/"

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = "http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_en"

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-23 11:15:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-23 11:15:44 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\22.0.1229.94\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\22.0.1229.94\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [AutoRegisterCerts] C:\Program Files\Unizeto\proCertum CardManager\cryptoCertumScanner.exe (Unizeto Technologies SA)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)

O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [bluebirds] C:\Documents and Settings\1\Bluebirds\BlueBirds.exe (LG Electronics)

O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (sms-express.com)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Serwer wydruków graficznych dla CDN Klasyka.lnk = C:\Program Files\Serwer wydruków graficznych dla CDN Klasyka\RpWinKla.exe (ComArch S.A.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab"

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab"

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab"

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0220E2B6-FDD2-4C8D-8E09-DB441D682873}: DhcpNameServer = 192.168.1.1 0.0.0.0

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-07-03 15:28:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009-04-29 10:02:01 | 000,000,055 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{126e9b79-67ec-11de-b569-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{126e9b79-67ec-11de-b569-806d6172696f}\Shell\AutoRun\command - "" = F:\BlueBirds.exe -- [2009-04-29 10:02:01 | 000,270,336 | R--- | M] (LG Electronics)

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\BlueBirds.exe -- [2009-04-29 10:02:01 | 000,270,336 | R--- | M] (LG Electronics)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-10 09:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2012-11-10 09:11:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012-11-10 09:09:50 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\1\Pulpit\SpyHunter-Installer.exe

[2012-11-06 19:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Pliki udostepnione

[2012-11-05 16:34:30 | 000,000,000 | ---D | C] -- C:\PL99

[2012-10-31 16:46:55 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll

[2012-10-29 14:13:07 | 000,016,512 | R--- | C] (Corechip Semiconductor, Inc. Co Ltd.) -- C:\WINDOWS\System32\drivers\RD9700.sys

========== Files - Modified Within 30 Days ==========

[2012-11-11 10:33:01 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1275210071-682003330-1003UA.job

[2012-11-11 10:30:02 | 000,000,509 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2012-11-11 10:30:00 | 000,205,398 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012-11-11 10:29:57 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012-11-11 10:29:52 | 000,013,766 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-11-11 10:29:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-11-11 10:28:25 | 000,490,628 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2012-11-11 10:28:25 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012-11-11 10:28:25 | 000,083,880 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2012-11-11 10:28:25 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012-11-11 10:28:25 | 000,000,239 | -HS- | M] () -- C:\boot.ini

[2012-11-11 09:09:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012-11-11 09:08:03 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012-11-10 20:12:40 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{158C4438-BE6F-4017-9D65-F7706302C1F7}.job

[2012-11-10 11:55:06 | 000,541,569 | ---- | M] () -- C:\Documents and Settings\1\Pulpit\AdwCleaner.exe

[2012-11-10 09:09:00 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\1\Pulpit\SpyHunter-Installer.exe

[2012-11-09 23:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012-11-09 23:42:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012-11-09 21:36:00 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\1\Pulpit\Google Chrome.lnk

[2012-11-09 12:33:00 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1275210071-682003330-1003Core.job

[2012-11-06 16:27:53 | 000,024,064 | ---- | M] () -- C:\WINDOWS\autoload.exe

[2012-10-24 12:17:32 | 000,040,240 | ---- | M] () -- C:\Documents and Settings\1\Moje dokumenty\HapońskiMA36.pit

[2012-10-15 19:03:39 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\1\Pulpit\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2012-11-10 11:55:37 | 000,541,569 | ---- | C] () -- C:\Documents and Settings\1\Pulpit\AdwCleaner.exe

[2012-11-06 16:27:53 | 000,024,064 | ---- | C] () -- C:\WINDOWS\autoload.exe

[2012-06-14 08:59:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012-04-18 18:57:07 | 000,707,504 | ---- | C] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\unins000.exe

[2012-04-18 18:57:07 | 000,011,761 | ---- | C] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\unins000.msg

[2012-04-18 18:57:07 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\unins000.dat

[2011-07-13 13:16:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2010-09-20 19:09:38 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-11-03 07:57:37 | 000,000,085 | ---- | C] () -- C:\Documents and Settings\1\default.pls

< End of report >

Landuss · 11 Listopada 2012

Infekcja poprawnie usunięta. Standard na koniec:

1. Użyj opcji Sprzątanie z OTL.

2. Opróżnij przywracanie systemu: KLIK

3. Dla bezpieczeństwa zmień hasła logowania do serwisów w sieci.

halicja77 · 11 Listopada 2012

Wielkie podziekowania za pomoc !!!

halicja77 · 15 Listopada 2012

Kolejny komputer zablokowany. Bardzo proszę o pomoc.

OTL.Txt

Extras.Txt

Landuss · 15 Listopada 2012

Musisz zachować więcej ostrożności w sieci bo za szybko tutaj wracasz. Dopiero ten system oglądałem kilka dni temu zainfekowany tym samym.

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

:Files
C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe
C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
C:\Documents and Settings\1\Menu Start\Programy\Autostart\ctfmon.lnk
 
:Commands
[emptytemp]

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez extras)

halicja77 · 15 Listopada 2012

Nowy OTL:

OTL logfile created on: 2012-11-15 10:11:30 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = G:\

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,55% Memory free

3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,55% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39,06 Gb Total Space | 9,28 Gb Free Space | 23,75% Space Free | Partition Type: NTFS

Drive D: | 58,59 Gb Total Space | 58,44 Gb Free Space | 99,73% Space Free | Partition Type: NTFS