System - słaba wydajność, zamulanie i nie tylko.

**Posty:** 66 · przez **Desteran** 12 Mar 2012, 21:51

Witam. Mam problem z systemem i jego wydajnością, szybkością działania dysków twardych i napędów optycznych. Powodem zamulania i przycinania się np. kursora myszki, jest prawdopodobnie jakaś pozostałość po dawnej infekcji. Wszystko zaczęło się pod konieć 2005 r., bo właśnie wtedy ktoś (prawdopodobnie kilka osób), zhakował moje konto pocztowe. Na samym początku męczyłem się atakami sieciowymi. Firewall Kaspersky Anti Haker informował o ataku sieciowym typu Helkern. Jakiś czas później, już sam Kaspersky Anti-Virus v5.0 zaczął informować o ataku sieciowym o takiej nazwie:

Intrusion.Win.MySSQL.Worm.Helkern

Helkern musiał wpływać na Firewalla jeśli tylko był zainstalowany. Stosowanie jakiejkolwiek reguły typu Allow (np. dla Gadu Gadu) wcale nie pomagało. I tak po jakimś czasie listwa kontaktów GG robiła się szara, byłem niedostępny. A zmiana statusu na dostępny nie skutkowała. To samo ze stronami internetowymi. Nawet gdy ustawiałem regułe w zaporze sieciowej, że ma zezwalać na łączenie się IE 6.0 (lub innej przeglądarce), to i tak zadziało najwyżej jeden raz a potem już nie. Pomagało wyładowanie Firewalla z pamięci ale i tak nie całkiem. Często zdarzało się, ze pomogło odinstalowanie Firewalla.

Później było jeszcze coś innego: Invader (loader). Swego czasu pisałem do supportu Kaspersky ale nikt mi konkretnie nie pomógł. W sumie support w Kasperky zalecił dodanie Invadera do strefy zaufanej czy coś podobnego, co dla mnie było wręcz śmieszne żeby nie powiedzieć głupie.

To tyle historii.

Obecnie od wielu miesięcy system (Win Vista) mieli dyskiem zaraz po jego uruchomieniu. I to mieli tak strasznie, że dioda od dysku świeci się cały czas. Czasami czekam po 25 minut aż wszystko się uspokoi. Na poprzednim systemie czekałem nie raz po 45 minut albo i ponad godzinę, aż wszystko minie. Wydajność HDD woła o pomstę do nieba, tak jakby coś spowalniało pracę dysku twardego. Odkąd mam dysk SSD na system to jest lepiej, ale i tak jest to częściowa poprawa.

Konfig:

Intel C2D E8400 3.00 GHz LGA 775
Asus Maximus 2 Formula P45
6 GB RAM DDR2 Kingston Value RAM
OCZ 60 GB Vertex 3 SATAIII
Gigabyte GeForce 7600GT 256 MB DDR3
Tagan 580W U15 Easycon

Win Vista Home Premium SP2 x64

Proszę o pomoc i sprawdzenie logów. Jeśli trzeba będzie zrobić coś jeszcze proszę napisać. Kaspersky TDSSKiller nic nie wykrywa, Malwarebytes Anti-Malware jak miał coś znaleźć to znalazł dawno temu, ale w zupełnie innych plikach. KAV 2011 też - wszystko ok. Jednak zamulanie systemu i zapychanie pozostało po dziś dzień.

Dodano Dzisiaj, 21:17:

Kod: Zaznacz wszystko: OTL logfile created on: 2012-03-12 19:46:39 - Run 2 OTL by OldTimer - Version 3.2.36.3 Folder = D:\OTL v3.2.36.3 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 6,00 Gb Total Physical Memory | 3,77 Gb Available Physical Memory | 62,93% Memory free 12,20 Gb Paging File | 9,89 Gb Available in Paging File | 81,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,90 Gb Total Space | 21,27 Gb Free Space | 38,05% Space Free | Partition Type: NTFS Drive D: | 111,79 Gb Total Space | 16,70 Gb Free Space | 14,94% Space Free | Partition Type: NTFS Drive E: | 2328,64 Gb Total Space | 136,20 Gb Free Space | 5,85% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 74,41 Gb Free Space | 7,99% Space Free | Partition Type: NTFS Drive G: | 853,38 Gb Total Space | 58,31 Gb Free Space | 6,83% Space Free | Partition Type: NTFS Drive H: | 931,50 Gb Total Space | 27,31 Gb Free Space | 2,93% Space Free | Partition Type: NTFS Drive I: | 1397,26 Gb Total Space | 148,85 Gb Free Space | 10,65% Space Free | Partition Type: NTFS Drive O: | 78,12 Gb Total Space | 12,56 Gb Free Space | 16,08% Space Free | Partition Type: NTFS Computer Name: ZIFF-PC | User Name: ZIFF | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-03-12 19:43:07 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\OTL v3.2.36.3\OTL.exe PRC - [2011-05-25 08:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-04-18 19:01:28 | 000,328,206 | ---- | M] (Kadu Team) -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\kadu.exe PRC - [2010-12-11 08:57:04 | 000,102,400 | ---- | M] (Moonchild Productions) -- C:\Program Files (x86)\Pale Moon v3.6.13\palemoon.exe PRC - [2010-12-11 08:57:04 | 000,009,216 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Pale Moon v3.6.13\plugin-container.exe PRC - [2010-11-02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Anti-Virus 2011\avp.exe PRC - [2005-03-31 10:18:49 | 000,790,528 | ---- | M] (sms-express.com) -- C:\Program Files (x86)\Gadu-Gadu v6.1\gg.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-11-26 21:49:13 | 006,276,768 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011-04-18 19:00:12 | 000,328,268 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\anonymous_check.dll MOD - [2011-04-18 18:59:12 | 000,430,514 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\profiles_import.dll MOD - [2011-04-18 18:57:04 | 000,466,876 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\tabs.dll MOD - [2011-04-18 18:51:58 | 000,406,995 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\config_wizard.dll MOD - [2011-04-18 18:50:54 | 000,318,076 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\autoaway.dll MOD - [2011-04-18 18:50:30 | 000,425,640 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\encryption_ng_simlite.dll MOD - [2011-04-18 18:49:34 | 000,576,465 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\encryption_ng.dll MOD - [2011-04-18 18:47:48 | 000,455,707 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\history_migration.dll MOD - [2011-04-18 18:46:50 | 000,436,295 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\sql_history.dll MOD - [2011-04-18 18:46:26 | 000,262,861 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\idle.dll MOD - [2011-04-18 18:46:12 | 000,552,445 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\sms.dll MOD - [2011-04-18 18:44:26 | 000,742,837 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\history.dll MOD - [2011-04-18 18:42:46 | 000,266,231 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\qt4_sound.dll MOD - [2011-04-18 18:42:34 | 000,414,066 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\sound.dll MOD - [2011-04-18 18:40:20 | 000,586,090 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\hints.dll MOD - [2011-04-18 18:38:44 | 000,292,860 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\qt4_docking.dll MOD - [2011-04-18 18:38:30 | 000,349,662 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\docking.dll MOD - [2011-04-18 18:38:08 | 004,568,122 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\jabber_protocol.dll MOD - [2011-04-18 18:23:58 | 001,226,318 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\modules\gadu_protocol.dll MOD - [2011-04-18 18:18:12 | 005,550,334 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\kadu_core.dll MOD - [2011-03-14 22:13:48 | 000,215,546 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\libgadu.dll MOD - [2011-02-21 19:01:06 | 000,566,784 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\crypto\qca-ossl2.dll MOD - [2011-02-21 19:01:06 | 000,266,752 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\crypto\qca-gnupg2.dll MOD - [2011-02-21 19:00:42 | 000,043,008 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\libgcc_s_dw2-1.dll MOD - [2011-02-21 19:00:40 | 000,011,362 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\mingwm10.dll MOD - [2011-02-21 18:58:46 | 017,314,816 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\QtWebKit4.dll MOD - [2011-02-21 18:58:46 | 009,889,792 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\QtGui4.dll MOD - [2011-02-21 18:58:46 | 004,006,400 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\QtXmlPatterns4.dll MOD - [2011-02-21 18:58:46 | 002,543,616 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\QtCore4.dll MOD - [2011-02-21 18:58:46 | 002,176,000 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\QtScript4.dll MOD - [2011-02-21 18:58:46 | 001,149,440 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\QtNetwork4.dll MOD - [2011-02-21 18:58:46 | 000,478,720 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\sqldrivers\qsqlite4.dll MOD - [2011-02-21 18:58:46 | 000,399,360 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\QtXml4.dll MOD - [2011-02-21 18:58:46 | 000,378,880 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\imageformats\qtiff4.dll MOD - [2011-02-21 18:58:46 | 000,373,248 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\QtSvg4.dll MOD - [2011-02-21 18:58:46 | 000,351,744 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\imageformats\qmng4.dll MOD - [2011-02-21 18:58:46 | 000,344,576 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\phonon4.dll MOD - [2011-02-21 18:58:46 | 000,286,720 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\imageformats\qjpeg4.dll MOD - [2011-02-21 18:58:46 | 000,270,848 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\QtSql4.dll MOD - [2011-02-21 18:58:46 | 000,098,304 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\iconengines\qsvgicon4.dll MOD - [2011-02-21 18:58:46 | 000,083,456 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\imageformats\qico4.dll MOD - [2011-02-21 18:58:46 | 000,083,456 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\imageformats\qgif4.dll MOD - [2011-02-21 18:58:46 | 000,075,776 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\plugins\imageformats\qsvg4.dll MOD - [2011-02-08 20:38:30 | 000,197,962 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\libidn-11.dll MOD - [2010-12-11 08:57:03 | 001,032,192 | ---- | M] () -- C:\Program Files (x86)\Pale Moon v3.6.13\js3250.dll MOD - [2009-05-23 09:13:46 | 001,337,856 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\qca2.dll MOD - [2009-04-09 08:57:44 | 000,332,093 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\libssl32.dll MOD - [2009-04-09 08:57:42 | 001,546,584 | ---- | M] () -- G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\libeay32.dll MOD - [2007-04-09 08:42:00 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll MOD - [2007-03-27 13:11:30 | 000,105,472 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.dll MOD - [2007-03-15 11:09:00 | 000,067,072 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.dll MOD - [2005-03-31 16:07:49 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu v6.1\update.dll MOD - [2003-11-24 08:39:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu v6.1\Crypto.dll MOD - [2003-06-23 08:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu v6.1\LIBEAY32.dll MOD - [2003-06-23 08:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu v6.1\SSLEAY32.dll MOD - [2000-07-07 17:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu v6.1\ggwhook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2008-01-21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011-05-25 08:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010-11-02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Anti-Virus 2011\avp.exe -- (AVP) SRV - [2009-04-11 17:23:49 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-01-19 00:14:47 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF) DRV:[b]64bit:[/b] - [2010-06-09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2) DRV:[b]64bit:[/b] - [2010-06-09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1) DRV:[b]64bit:[/b] - [2010-04-22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6) DRV:[b]64bit:[/b] - [2009-11-02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt) DRV:[b]64bit:[/b] - [2008-01-21 03:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2007-06-13 08:55:56 | 001,272,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\P17.sys -- (P17) DRV:[b]64bit:[/b] - [2006-10-04 02:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:[b]64bit:[/b] - [2006-08-11 14:50:02 | 000,078,208 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV:[b]64bit:[/b] - [2006-07-05 13:48:19 | 000,077,688 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV:[b]64bit:[/b] - [2006-06-14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2011-12-10 19:33:44 | 000,006,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\HWACCESS.SYS -- (HWACCESS) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1398990507-2576251557-3704907528-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1398990507-2576251557-3704907528-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1398990507-2576251557-3704907528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2012-01-19 00:30:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2012-01-19 00:30:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox v3.6.13\components [2011-12-02 00:55:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox v3.6.13\plugins [2011-12-02 00:54:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 3.6.13\extensions\\Components: C:\Program Files (x86)\Pale Moon v3.6.13\components [2011-11-25 20:55:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Pale Moon v3.6.13\plugins [2011-11-26 22:04:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\NOD32 Antivirus\Mozilla Thunderbird [2011-11-25 20:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZIFF\AppData\Roaming\mozilla\Extensions [2011-12-02 00:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZIFF\AppData\Roaming\mozilla\Firefox\Profiles\ocssxits.default\extensions O1 HOSTS File: ([2006-09-18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe Reader v7.0.5\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1398990507-2576251557-3704907528-1000..\Run: [Gadu-Gadu] C:\Program Files (x86)\Gadu-Gadu v6.1\gg.exe (sms-express.com) O4 - HKU\S-1-5-21-1398990507-2576251557-3704907528-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKU\S-1-5-21-1398990507-2576251557-3704907528-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1398990507-2576251557-3704907528-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\ZIFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kadu.lnk = G:\Mr Megatec\Moje dokumenty\Kadu v0.9.1\kadu.exe (Kadu Team) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9:[b]64bit:[/b] - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:[b]64bit:[/b] - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.96.224.2 212.96.224.4 194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{461D4D80-312E-41F6-AFE6-1E616E20065C}: DhcpNameServer = 212.96.224.2 212.96.224.4 194.204.152.34 O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-03-10 01:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medal of Honor Allied Assault [2012-03-10 01:35:54 | 000,000,000 | ---D | C] -- C:\MOHAA [2012-03-08 18:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty 2 [2012-03-04 13:25:03 | 000,000,000 | ---D | C] -- C:\Troy [HD-Rip ITA ENG ~ 720p][HDitaly] [2012-02-25 22:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012-02-25 22:16:54 | 006,300,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012-02-25 22:16:54 | 003,040,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012-02-25 22:16:54 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012-02-25 22:16:54 | 000,739,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll [2012-02-25 22:16:54 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012-02-25 22:16:54 | 000,061,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012-02-25 22:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012-02-25 22:16:33 | 022,286,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012-02-25 22:16:33 | 018,583,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012-02-25 22:16:33 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012-02-25 22:16:33 | 015,223,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012-02-25 22:16:33 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012-02-25 22:16:33 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012-02-25 22:16:33 | 007,123,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012-02-25 22:16:33 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012-02-25 22:16:33 | 002,943,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012-02-25 22:16:33 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012-02-25 22:16:33 | 002,644,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012-02-25 22:16:33 | 002,335,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012-02-25 22:16:33 | 002,212,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012-02-25 22:16:33 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012-02-25 22:16:33 | 001,496,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll [2012-02-25 22:16:33 | 001,427,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll [2012-02-25 22:16:33 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012-02-25 22:16:33 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012-02-25 22:16:33 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2012-02-25 22:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012-02-25 22:14:35 | 000,000,000 | ---D | C] -- C:\NVIDIA ForceWare 275.33 Win Vista 7 64bit International WHQL [2012-02-13 17:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z v0.5.9 [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-03-12 19:48:16 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-03-12 19:48:16 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-03-12 11:31:48 | 000,009,216 | ---- | M] () -- C:\Users\ZIFF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-03-12 09:53:17 | 001,468,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-03-12 09:53:17 | 000,661,818 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-03-12 09:53:17 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-03-12 09:53:17 | 000,126,702 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-03-12 09:53:17 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-03-12 09:48:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-03-10 01:42:30 | 000,001,340 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault.lnk [2012-03-08 18:54:37 | 000,000,519 | ---- | M] () -- C:\Users\Public\Desktop\Call Of Duty 2.lnk [2012-03-08 18:54:29 | 000,000,261 | ---- | M] () -- C:\Windows\game.ini [2012-03-05 00:30:21 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012-03-02 12:41:50 | 000,000,747 | ---- | M] () -- C:\Users\ZIFF\Desktop\CPU-Z v1.60.lnk [2012-03-01 01:20:07 | 000,049,722 | ---- | M] () -- C:\Image_00.jpg [2012-02-28 18:52:37 | 000,000,754 | ---- | M] () -- C:\Users\ZIFF\Desktop\XnView v1.98.5.lnk [2012-02-25 22:15:27 | 000,000,680 | ---- | M] () -- C:\Users\ZIFF\AppData\Local\d3d9caps.dat [2012-02-25 22:12:39 | 000,000,732 | ---- | M] () -- C:\Users\ZIFF\AppData\Local\d3d9caps64.dat [2012-02-23 17:39:58 | 000,000,697 | ---- | M] () -- C:\Users\ZIFF\Desktop\Worms 2.lnk [2012-02-19 12:10:08 | 000,000,843 | ---- | M] () -- C:\Users\ZIFF\Desktop\VideoLAN Media Player v2.0.0.lnk [2012-02-17 21:06:59 | 000,000,701 | ---- | M] () -- C:\Users\ZIFF\Desktop\Quake 2.lnk [2012-02-14 22:11:31 | 000,000,796 | ---- | M] () -- C:\Users\ZIFF\Desktop\PC Wizard 2012 v2.0.lnk [2012-02-13 17:04:18 | 000,000,896 | ---- | M] () -- C:\Users\ZIFF\Desktop\GPU-Z v0.5.9.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-03-10 01:42:30 | 000,001,340 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault.lnk [2012-03-08 18:54:37 | 000,000,519 | ---- | C] () -- C:\Users\Public\Desktop\Call Of Duty 2.lnk [2012-03-08 18:54:29 | 000,000,261 | ---- | C] () -- C:\Windows\game.ini [2012-03-02 12:41:50 | 000,000,747 | ---- | C] () -- C:\Users\ZIFF\Desktop\CPU-Z v1.60.lnk [2012-03-01 01:20:07 | 000,049,722 | ---- | C] () -- C:\Image_00.jpg [2012-02-19 12:10:08 | 000,000,843 | ---- | C] () -- C:\Users\ZIFF\Desktop\VideoLAN Media Player v2.0.0.lnk [2012-02-17 12:21:49 | 000,000,680 | ---- | C] () -- C:\Users\ZIFF\AppData\Local\d3d9caps.dat [2012-02-17 12:21:24 | 000,000,732 | ---- | C] () -- C:\Users\ZIFF\AppData\Local\d3d9caps64.dat [2012-02-14 22:11:31 | 000,000,796 | ---- | C] () -- C:\Users\ZIFF\Desktop\PC Wizard 2012 v2.0.lnk [2012-02-13 17:04:18 | 000,000,896 | ---- | C] () -- C:\Users\ZIFF\Desktop\GPU-Z v0.5.9.lnk [2011-12-11 02:03:40 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat [2011-12-11 02:03:39 | 000,112,688 | ---- | C] () -- C:\Windows\SysWow64\shw32.dll [2011-12-10 19:33:44 | 000,006,808 | ---- | C] () -- C:\Windows\SysWow64\HWACCESS.SYS [2011-12-08 23:18:21 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011-11-26 23:17:47 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2011-11-26 23:17:47 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI [2011-11-25 23:54:10 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011-11-25 23:54:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-11-25 23:54:09 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011-11-25 23:54:09 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011-11-25 23:54:08 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011-11-25 22:30:14 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini [2011-11-25 22:30:14 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2011-11-25 22:30:13 | 000,105,472 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.dll [2011-11-25 22:30:13 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.dll [2011-11-25 20:55:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-11-25 20:26:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011-11-25 20:14:00 | 000,009,216 | ---- | C] () -- C:\Users\ZIFF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== LOP Check ==========[/color] [2011-11-28 13:23:42 | 000,000,000 | ---D | M] -- C:\Users\ZIFF\AppData\Roaming\BESTplayer [2011-12-02 20:48:35 | 000,000,000 | ---D | M] -- C:\Users\ZIFF\AppData\Roaming\HD Tune Pro [2012-01-21 00:50:04 | 000,000,000 | ---D | M] -- C:\Users\ZIFF\AppData\Roaming\IcoFX [2012-03-12 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\ZIFF\AppData\Roaming\Kadu [2011-11-25 20:55:41 | 000,000,000 | ---D | M] -- C:\Users\ZIFF\AppData\Roaming\Moonchild Productions [2012-03-10 15:29:40 | 000,000,000 | ---D | M] -- C:\Users\ZIFF\AppData\Roaming\uTorrent [2012-03-12 01:22:58 | 000,000,000 | ---D | M] -- C:\Users\ZIFF\AppData\Roaming\XnView [2012-03-12 02:09:47 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

Dodano Dzisiaj, 21:20:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-03-12 19:46:39 - Run 2 OTL by OldTimer - Version 3.2.36.3 Folder = D:\OTL v3.2.36.3 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 6,00 Gb Total Physical Memory | 3,77 Gb Available Physical Memory | 62,93% Memory free 12,20 Gb Paging File | 9,89 Gb Available in Paging File | 81,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,90 Gb Total Space | 21,27 Gb Free Space | 38,05% Space Free | Partition Type: NTFS Drive D: | 111,79 Gb Total Space | 16,70 Gb Free Space | 14,94% Space Free | Partition Type: NTFS Drive E: | 2328,64 Gb Total Space | 136,20 Gb Free Space | 5,85% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 74,41 Gb Free Space | 7,99% Space Free | Partition Type: NTFS Drive G: | 853,38 Gb Total Space | 58,31 Gb Free Space | 6,83% Space Free | Partition Type: NTFS Drive H: | 931,50 Gb Total Space | 27,31 Gb Free Space | 2,93% Space Free | Partition Type: NTFS Drive I: | 1397,26 Gb Total Space | 148,85 Gb Free Space | 10,65% Space Free | Partition Type: NTFS Drive O: | 78,12 Gb Total Space | 12,56 Gb Free Space | 16,08% Space Free | Partition Type: NTFS Computer Name: ZIFF-PC | User Name: ZIFF | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1398990507-2576251557-3704907528-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Pale Moon v3.6.13\palemoon.exe (Moonchild Productions) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Przeglądaj w XnView] -- "D:\Mr Megatec\Instalki\XnView v1.98.5\xnview.exe" "%1" (XnView, http://www.xnview.com) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp v5.60 Lite\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp v5.60 Lite\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp v5.60 Lite\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Przeglądaj w XnView] -- "D:\Mr Megatec\Instalki\XnView v1.98.5\xnview.exe" "%1" (XnView, http://www.xnview.com) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp v5.60 Lite\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp v5.60 Lite\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp v5.60 Lite\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 40 B5 B2 99 C4 BA C9 01 [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CE2A0D9-9F54-4455-B00F-4263A684777E}" = protocol=17 | dir=in | app=g:\games\sega rally\sega rally_sse1.exe | "{1816C7FF-D78E-47CD-BA58-C5EFB7FC3001}" = protocol=17 | dir=in | app=g:\games\sega rally\sega rally.exe | "{7BC766E2-2B8C-4D0E-9DAD-F4E5C6D7B7AF}" = protocol=6 | dir=in | app=g:\games\sega rally\sega rally_sse1.exe | "{7D5F3231-4382-4A52-8FD7-28CCA2F605CB}" = protocol=6 | dir=in | app=g:\games\sega rally\sega rally.exe | "{8A457542-BCAA-44B4-84F5-2DC7CA19E8A0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent v3.0\utorrent.exe | "{F8FCCA8D-943B-4716-87B1-41DCA7B239A1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent v3.0\utorrent.exe | "TCP Query User{20BEB5CE-4844-480D-900E-2FA09CDF3E30}C:\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\mohaa\mohaa.exe | "TCP Query User{8B46553E-BDAF-4C9F-95FA-4122F373AA2B}I:\data 1500\nowy folder\emule\emule.exe" = protocol=6 | dir=in | app=i:\data 1500\nowy folder\emule\emule.exe | "TCP Query User{D755BAEE-EEF2-4AA2-8806-95A9E60657D5}C:\program files (x86)\gadu-gadu v6.1\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu v6.1\gg.exe | "TCP Query User{F34D0145-2EB3-4C7E-AA3F-7B683AE5D681}D:\games\worms 2\frontend.exe" = protocol=6 | dir=in | app=d:\games\worms 2\frontend.exe | "UDP Query User{4EE3E5A6-A958-45B5-916F-5B2CFF340877}I:\data 1500\nowy folder\emule\emule.exe" = protocol=17 | dir=in | app=i:\data 1500\nowy folder\emule\emule.exe | "UDP Query User{573764A7-706B-4F78-B640-2E7CEC5FA1EB}C:\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\mohaa\mohaa.exe | "UDP Query User{5F2A7E86-92F0-4245-AF61-49F53CD12025}D:\games\worms 2\frontend.exe" = protocol=17 | dir=in | app=d:\games\worms 2\frontend.exe | "UDP Query User{F904AD38-9655-4D52-A94B-45A8519CBAC5}C:\program files (x86)\gadu-gadu v6.1\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu v6.1\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ""SubEdit-Player"" = "SubEdit-Player" "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault "{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{383D3D87-A730-4334-ABD9-4DBC652FDD67}" = SEGA Rally "{3B8D7840-BBED-11D8-88E4-0004769F25D1}" = ToCA Race Driver 2 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011 "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3 "{AC76BA86-7AD7-1045-7B44-A70500000002}" = Adobe Reader 7.0.5 - Polish "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{EF3E420F-2DCF-4C24-8E37-896801901045}" = Nero 7 Essentials "{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1" = GPU Caps Viewer 1.15.0 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AquaMark3" = AquaMark3 "aTube Catcher" = aTube Catcher "AudioCatalyst" = AudioCatalyst "AudioCS" = Creative Audio Console "Corel Applications" = Corel Applications "CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4 "DVD Identifier_is1" = DVD Identifier "Gadu-Gadu" = Gadu-Gadu 6.1 "HD Tune_is1" = HD Tune 2.55 "IcoFX_is1" = IcoFX 1.6.4 "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full) "MadOnion.com/3DMark2000" = MadOnion.com/3DMark2000 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.60.0.1800 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Pale Moon (3.6.13)" = Pale Moon (3.6.13) "SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch "SWIV 3D" = SWIV 3D "UltraISO_is1" = UltraISO Premium V9.36 "uTorrent" = µTorrent "Winamp" = Winamp "WinRAR archiver" = WinRAR archiver [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

**Posty:** 18165 · przez **wojtas** 12 Mar 2012, 22:44

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKU\S-1-5-21-1398990507-2576251557-3704907528-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

w logu nic nie widać...