Aktualizacje na programosy.pl: NTLite Free PortableNTLite Freen-Track StudioSoftPerfect WiFi GuardVidyard GoVideoK7 UltimateSecurityChromiumKaspersky Rescue DiskVim  

  • Ogłoszenie:

Mój komputer działa tylko przez eksploruj.

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Mój komputer działa tylko przez eksploruj.

Postprzez Piotrek05 12 Wrz 2009, 19:20

reklama
Elo. Nie wiem czy daję w dobrym dziale ale mam nadzieję że tak. Jak nie to proszę o przeniesienie. Mam problem z kompem. Otóż ostatnio ściągnąłem Photoshopa i zacząłem instalację. Widziałem że była już końcówka więc siedziałem w necie. Nagle zaczął się wyłączać komputer. Myślałem że uruchamia się ponownie po instalacji. Jednak po restarcie nic nie mogłem zrobić. Po prostu gdy chciałem np. włączyć Neostradę nie włączała się lub komp się zacinał. Mój komputer nie miał ikonki i da się go włączyć poprzez eksploruj. Potem uruchomiłem go w trybie awaryjnym i zrobiłem żeby przy restarcie systemu avast przeskanował kompa. Trochę to trwało jednak efekty nie trwały długo. Moja siostra przez jakiś czas korzystała normalnie z komputera ale mój komputer dalej nie działał. Teraz też nie mogę do mojego komputera wejść tylko przez eksploruj. Wiem że wirusy są w plikach systemowych typu explorer.exe i inne. Piszę bo chcę się dowiedzieć czy jest jakieś inne wyjście niż format? Nic z tymi wirusami nie da się zrobić bo one są "fabrycznie" tylko do odczytu i nie da się zmienić. Z góry dzięki za odpowiedzi.
Ostatnio edytowany przez Piotrek05, 12 Wrz 2009, 19:30, edytowano w sumie 1 raz
Piotrek05
~user
 
Posty: 37
Dołączenie: 06 Lut 2008, 20:19


Góra

Problem z komputerem.

Postprzez Andziorka 12 Wrz 2009, 19:23

Daj loga z OTL: jak-generujemy-loga-z-rsita-i-otl-vt95026.html
Mamy łańcuchy w głowach, nie na tętnicach.
Awatar użytkownika
Andziorka
~user
 
Posty: 584
Dołączenie: 07 Wrz 2009, 22:01
Pochwały: 71


Góra

Mój komputer działa tylko przez eksploruj.

Postprzez Piotrek05 12 Wrz 2009, 19:46

Kod: Zaznacz wszystko
OTL logfile created on: 2009-09-12 19:44:23 - Run 1
OTL by OldTimer - Version 3.0.11.0     Folder = D:\Piotrek
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,48 Mb Total Physical Memory | 289,91 Mb Available Physical Memory | 37,77% Memory free
1,83 Gb Paging File | 1,42 Gb Available in Paging File | 77,71% Paging File free
Paging file location(s): d:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 9,76 Gb Total Space | 0,68 Gb Free Space | 6,94% Space Free | Partition Type: FAT32
Drive D: | 32,38 Gb Total Space | 1,19 Gb Free Space | 3,69% Space Free | Partition Type: FAT32
Drive E: | 32,36 Gb Total Space | 13,43 Gb Free Space | 41,49% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: W-DY4I9NVWMOI0A
Current User Name: r
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2004-08-04 00:44:30 | 00,506,368 | ---- | M] () -- D:\WINDOWS\System32\winlogon.exe
PRC - [2009-02-09 12:10:46 | 00,113,152 | ---- | M] () -- D:\WINDOWS\System32\services.exe
PRC - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2009-08-17 17:58:56 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\aswUpdSv.exe
PRC - [2009-08-17 18:07:18 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashServ.exe
PRC - [2004-08-04 00:44:20 | 01,036,288 | ---- | M] () -- D:\WINDOWS\Explorer.EXE
PRC - [2008-11-10 18:35:36 | 00,587,776 | -H-- | M] (FileZilla Project) -- D:\Piotrek\Xampp\filezillaftp\filezillaserver.exe
PRC - [2007-05-15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003-06-20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2004-10-29 16:50:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe
PRC - [2004-09-29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe
PRC - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- D:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe
PRC - [2009-08-17 18:07:02 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashMaiSv.exe
PRC - [2009-08-17 18:04:22 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashWebSv.exe
PRC - [2009-08-17 23:19:16 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Piotrek\Firefox\firefox.exe
PRC - [2009-09-12 19:31:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\Piotrek\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found --  -- (Apache2.2 [Auto | Stopped])
SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-08-17 17:58:56 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009-08-17 18:07:18 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009-08-17 18:07:02 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009-08-17 18:04:22 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-02-09 12:10:46 | 00,113,152 | ---- | M] () -- D:\WINDOWS\System32\services.exe -- (Eventlog [Auto | Running])
SRV - [2008-11-10 18:35:36 | 00,587,776 | -H-- | M] (FileZilla Project) -- D:\Piotrek\Xampp\filezillaftp\filezillaserver.exe -- (FileZilla Server [Auto | Running])
SRV - [2009-08-28 11:07:14 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe -- (HidServ [Disabled | Stopped])
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007-05-15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003-06-20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007-04-13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (Netlogon [On_Demand | Stopped])
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-05-08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
SRV - [2004-10-29 16:50:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009-02-09 12:10:46 | 00,113,152 | ---- | M] () -- D:\WINDOWS\System32\services.exe -- (PlugPlay [Auto | Running])
SRV - [2004-09-29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (PolicyAgent [On_Demand | Stopped])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (ProtectedStorage [Auto | Running])
SRV - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- D:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (SamSs [Auto | Running])
SRV - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Neostrada TP\SearchPageURL.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://nasza-klasa.pl"
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-16 15:58:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-29 21:49:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: D:\Piotrek\Firefox\components [2009-04-21 15:05:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: D:\Piotrek\Firefox\plugins [2009-04-21 15:05:58 | 00,000,000 | ---D | M]

[2009-04-26 10:42:36 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Extensions
[2009-04-26 10:42:36 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-26 10:42:36 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Firefox\Profiles\i1mc3pa2.default\extensions
[2009-08-10 14:13:00 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Firefox\Profiles\i1mc3pa2.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009-09-05 10:42:08 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Firefox\Profiles\i1mc3pa2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

O1 HOSTS File: (742 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [1] c:\avmon.com File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] D:\Program Files\Avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WooCnxMon] D:\Program Files\Neostrada TP\CnxMon.exe ()
O4 - HKLM..\Run: [WOOTASKBARICON] D:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D)
O4 - HKLM..\Run: [WOOWATCH] D:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D)
O4 - HKCU..\RunOnce: [^SetupICWDesktop]  File not found
O4 - Startup: D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://D:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe ()
O21 - SSODL: QNpelAaTzW - {7C6E35BE-D6C4-9F14-9A27-91DC87CD1DB1} - D:\WINDOWS\System32\gca.dll File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O27 - HKLM IFEO\ctfmon.exe: Debugger - D:\WINDOWS\System32\ctfmon_oq.exe ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-25 10:09:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{4f2b15d0-4372-11de-a1e5-000e50e2c766}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{4f2b15d0-4372-11de-a1e5-000e50e2c766}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{4f2b15d0-4372-11de-a1e5-000e50e2c766}\Shell\open\Command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{e9546c65-328e-11de-a1ae-000e50e2c766}\Shell\AutoRun\command - "" = G:\uo10sn.cmd -- File not found
O33 - MountPoints2\{e9546c65-328e-11de-a1ae-000e50e2c766}\Shell\open\Command - "" = G:\uo10sn.cmd -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]

[1 D:\*.tmp files]
[2009-09-12 19:44:13 | 00,000,000 | ---D | C] -- D:\_OTL
[2009-09-10 20:51:46 | 00,000,000 | -HSD | C] -- D:\FOUND.000
[2009-09-10 20:01:20 | 00,000,010 | ---- | C] () -- D:\WINDOWS\System32\kr_done1
[2009-09-10 19:56:22 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Media
[2009-08-31 12:18:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\r\Ustawienia lokalne\Dane aplikacji\Ares
[2009-08-31 12:18:29 | 00,000,479 | ---- | C] () -- D:\Documents and Settings\r\Pulpit\Ares.lnk
[2009-08-31 12:18:25 | 00,000,000 | ---D | C] -- D:\Piotreks

[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]

[1 D:\*.tmp files]
[2009-09-12 19:01:18 | 00,001,437 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS\Pulpit\Neostrada TP.lnk
[2009-09-12 18:58:10 | 00,017,145 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2009-09-12 18:58:10 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009-09-12 18:57:56 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009-09-12 18:48:08 | 04,841,708 | -H-- | M] () -- D:\Documents and Settings\r\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-09-10 20:42:36 | 00,075,824 | ---- | M] () -- D:\Documents and Settings\r\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-09-10 20:35:54 | 02,143,784 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2009-09-10 20:01:22 | 00,000,010 | ---- | M] () -- D:\WINDOWS\System32\kr_done1
[2009-09-10 20:00:02 | 00,000,358 | ---- | M] () -- D:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2009-09-10 14:30:12 | 00,000,666 | ---- | M] () -- D:\WINDOWS\win.ini
[2009-09-10 14:30:12 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009-09-09 14:23:48 | 00,001,355 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2009-08-31 12:18:30 | 00,000,479 | ---- | M] () -- D:\Documents and Settings\r\Pulpit\Ares.lnk

[color=#E56717]========== LOP Check ==========[/color]

[2009-04-25 09:59:56 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji
[2009-04-25 11:55:26 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ahead
[2009-05-10 21:56:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\CyberLink
[2009-08-12 18:53:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Lite
[2009-08-28 12:33:34 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\FLEXnet
[2009-06-26 10:41:38 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton
[2009-04-25 21:19:40 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\NortonInstaller
[2009-04-25 20:41:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
[2009-04-25 09:59:56 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\r\Dane aplikacji
[2009-05-17 10:53:40 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Ahead
[2009-05-13 19:03:30 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Crystal Player
[2009-05-10 21:56:22 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\CyberLink
[2009-08-12 18:47:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\DAEMON Tools Lite
[2009-08-12 19:18:50 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\DAEMON Tools Pro
[2009-07-05 11:10:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Dev-Cpp
[2009-08-25 11:44:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Download Manager
[2009-04-26 10:35:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Gadu-Gadu
[2009-05-31 21:47:08 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\gtk-2.0
[2009-04-25 11:48:10 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\InterTrust
[2009-04-27 20:15:30 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Notepad++
[2009-05-17 10:48:22 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Remere's Map Editor
[2009-05-17 11:13:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Tibia
[2009-05-22 16:11:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Ventrilo
[2001-10-30 14:00:00 | 00,000,065 | RH-- | M] () -- D:\WINDOWS\Tasks\desktop.ini
[2009-09-12 18:58:10 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\Tasks\SA.DAT
[2009-09-10 20:00:02 | 00,000,358 | ---- | M] () -- D:\WINDOWS\Tasks\HPpromotions journeysoftware.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
Piotrek05
~user
 
Posty: 37
Dołączenie: 06 Lut 2008, 20:19


Góra

Mój komputer działa tylko przez eksploruj.

Postprzez Andziorka 12 Wrz 2009, 21:41

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

:Processes
explorer.exe

:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [1] c:\avmon.com File not found
O4 - HKCU..\RunOnce: [^SetupICWDesktop] File not found
O16 - DPF: DirectAnimation Java Classes file://D:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O21 - SSODL: QNpelAaTzW - {7C6E35BE-D6C4-9F14-9A27-91DC87CD1DB1} - D:\WINDOWS\System32\gca.dll File not found
O33 - MountPoints2\{4f2b15d0-4372-11de-a1e5-000e50e2c766}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{4f2b15d0-4372-11de-a1e5-000e50e2c766}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{4f2b15d0-4372-11de-a1e5-000e50e2c766}\Shell\open\Command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{e9546c65-328e-11de-a1ae-000e50e2c766}\Shell\AutoRun\command - "" = G:\uo10sn.cmd -- File not found
O33 - MountPoints2\{e9546c65-328e-11de-a1ae-000e50e2c766}\Shell\open\Command - "" = G:\uo10sn.cmd -- File not found

:Files
D:\FOUND.000

:Commands
[emptytemp]
[start explorer]
[Reboot]

Daj loga, który powstanie po usuwaniu.

Autor postu otrzymał pochwałę
Mamy łańcuchy w głowach, nie na tętnicach.
Awatar użytkownika
Andziorka
~user
 
Posty: 584
Dołączenie: 07 Wrz 2009, 22:01
Pochwały: 71


Góra

Mój komputer działa tylko przez eksploruj.

Postprzez Piotrek05 13 Wrz 2009, 11:03

Kod: Zaznacz wszystko
OTL logfile created on: 2009-09-13 10:53:48 - Run 2
OTL by OldTimer - Version 3.0.11.0     Folder = D:\Piotrek
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,48 Mb Total Physical Memory | 396,78 Mb Available Physical Memory | 51,70% Memory free
1,83 Gb Paging File | 1,44 Gb Available in Paging File | 78,84% Paging File free
Paging file location(s): d:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 9,76 Gb Total Space | 0,68 Gb Free Space | 6,94% Space Free | Partition Type: FAT32
Drive D: | 32,38 Gb Total Space | 1,03 Gb Free Space | 3,19% Space Free | Partition Type: FAT32
Drive E: | 32,36 Gb Total Space | 13,43 Gb Free Space | 41,49% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: W-DY4I9NVWMOI0A
Current User Name: r
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2004-08-04 00:44:30 | 00,506,368 | ---- | M] () -- D:\WINDOWS\System32\winlogon.exe
PRC - [2009-02-09 12:10:46 | 00,113,152 | ---- | M] () -- D:\WINDOWS\System32\services.exe
PRC - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe
PRC - [2009-08-17 17:58:56 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\aswUpdSv.exe
PRC - [2009-08-17 18:07:18 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashServ.exe
PRC - [2004-08-04 00:44:20 | 01,036,288 | ---- | M] () -- D:\WINDOWS\Explorer.EXE
PRC - [2007-04-16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\SOUNDMAN.EXE
PRC - [2003-10-16 18:07:10 | 00,024,576 | ---- | M] () -- D:\Program Files\Neostrada TP\CnxMon.exe
PRC - [2004-01-26 11:38:38 | 00,866,816 | ---- | M] (THOMSON Telecom Belgium) -- D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
PRC - [2003-10-16 18:07:12 | 00,053,248 | ---- | M] (France Télécom R&D) -- D:\Program Files\Neostrada TP\TaskBarIcon.exe
PRC - [2005-05-11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009-08-17 18:07:24 | 00,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashDisp.exe
PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005-05-11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008-11-10 18:35:36 | 00,587,776 | -H-- | M] (FileZilla Project) -- D:\Piotrek\Xampp\filezillaftp\filezillaserver.exe
PRC - [2007-05-15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003-06-20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005-05-12 00:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004-10-29 16:50:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe
PRC - [2004-09-29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe
PRC - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- D:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe
PRC - [2005-05-11 23:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2009-08-17 18:07:02 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashMaiSv.exe
PRC - [2009-08-17 18:04:22 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashWebSv.exe
PRC - [2003-10-16 18:07:12 | 00,626,688 | ---- | M] (France Télécom R&D) -- D:\Program Files\Neostrada TP\NeostradaTP.exe
PRC - [2003-10-16 18:07:10 | 00,200,704 | ---- | M] (France Télécom R&D) -- D:\Program Files\Neostrada TP\ComComp.exe
PRC - [2003-10-16 18:07:12 | 00,020,480 | ---- | M] (France Télécom R&D) -- D:\Program Files\Neostrada TP\Watch.exe
PRC - [2009-08-17 23:19:16 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Piotrek\Firefox\firefox.exe
PRC - [2004-08-04 00:44:20 | 00,010,752 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dumprep.exe
PRC - [2009-09-13 10:39:02 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\Piotrek\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found --  -- (Apache2.2 [Auto | Stopped])
SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-08-17 17:58:56 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009-08-17 18:07:18 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009-08-17 18:07:02 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009-08-17 18:04:22 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-02-09 12:10:46 | 00,113,152 | ---- | M] () -- D:\WINDOWS\System32\services.exe -- (Eventlog [Auto | Running])
SRV - [2008-11-10 18:35:36 | 00,587,776 | -H-- | M] (FileZilla Project) -- D:\Piotrek\Xampp\filezillaftp\filezillaserver.exe -- (FileZilla Server [Auto | Running])
SRV - [2009-08-28 11:07:14 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004-08-04 00:44:28 | 00,017,408 | ---- | M] () -- D:\WINDOWS\System32\svchost.exe -- (HidServ [Disabled | Stopped])
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007-05-15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003-06-20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007-04-13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (Netlogon [On_Demand | Stopped])
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-05-08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
SRV - [2004-10-29 16:50:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009-02-09 12:10:46 | 00,113,152 | ---- | M] () -- D:\WINDOWS\System32\services.exe -- (PlugPlay [Auto | Running])
SRV - [2004-09-29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (PolicyAgent [On_Demand | Stopped])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (ProtectedStorage [Auto | Running])
SRV - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- D:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2004-08-04 00:44:22 | 00,014,848 | ---- | M] () -- D:\WINDOWS\System32\lsass.exe -- (SamSs [Auto | Running])
SRV - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Neostrada TP\SearchPageURL.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://nasza-klasa.pl"
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-16 15:58:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-29 21:49:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: D:\Piotrek\Firefox\components [2009-04-21 15:05:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: D:\Piotrek\Firefox\plugins [2009-04-21 15:05:58 | 00,000,000 | ---D | M]

[2009-04-26 10:42:36 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Extensions
[2009-04-26 10:42:36 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-26 10:42:36 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Firefox\Profiles\i1mc3pa2.default\extensions
[2009-08-10 14:13:00 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Firefox\Profiles\i1mc3pa2.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009-09-05 10:42:08 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\mozilla\Firefox\Profiles\i1mc3pa2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

O1 HOSTS File: (742 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [1] c:\avmon.com File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] D:\Program Files\Avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WooCnxMon] D:\Program Files\Neostrada TP\CnxMon.exe ()
O4 - HKLM..\Run: [WOOTASKBARICON] D:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D)
O4 - HKLM..\Run: [WOOWATCH] D:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D)
O4 - Startup: D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://D:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe ()
O21 - SSODL: QNpelAaTzW - {7C6E35BE-D6C4-9F14-9A27-91DC87CD1DB1} - D:\WINDOWS\System32\gca.dll File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O27 - HKLM IFEO\ctfmon.exe: Debugger - D:\WINDOWS\System32\ctfmon_oq.exe ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-25 10:09:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{4f2b15d0-4372-11de-a1e5-000e50e2c766}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{4f2b15d0-4372-11de-a1e5-000e50e2c766}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{4f2b15d0-4372-11de-a1e5-000e50e2c766}\Shell\open\Command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{e9546c65-328e-11de-a1ae-000e50e2c766}\Shell\AutoRun\command - "" = G:\uo10sn.cmd -- File not found
O33 - MountPoints2\{e9546c65-328e-11de-a1ae-000e50e2c766}\Shell\open\Command - "" = G:\uo10sn.cmd -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]

[1 D:\*.tmp files]
[2009-09-12 19:44:13 | 00,000,000 | ---D | C] -- D:\_OTL
[2009-09-10 20:51:46 | 00,000,000 | -HSD | C] -- D:\FOUND.000
[2009-09-10 20:01:20 | 00,000,010 | ---- | C] () -- D:\WINDOWS\System32\kr_done1
[2009-09-10 19:56:22 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Media
[2009-08-31 12:18:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\r\Ustawienia lokalne\Dane aplikacji\Ares
[2009-08-31 12:18:29 | 00,000,479 | ---- | C] () -- D:\Documents and Settings\r\Pulpit\Ares.lnk
[2009-08-31 12:18:25 | 00,000,000 | ---D | C] -- D:\Piotreks

[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]

[1 D:\*.tmp files]
[2009-09-13 10:46:24 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009-09-13 10:46:22 | 00,017,145 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2009-09-13 10:46:12 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009-09-12 20:00:02 | 00,000,358 | ---- | M] () -- D:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2009-09-12 19:01:18 | 00,001,437 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS\Pulpit\Neostrada TP.lnk
[2009-09-12 18:48:08 | 04,841,708 | -H-- | M] () -- D:\Documents and Settings\r\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-09-10 20:42:36 | 00,075,824 | ---- | M] () -- D:\Documents and Settings\r\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-09-10 20:35:54 | 02,143,784 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2009-09-10 20:01:22 | 00,000,010 | ---- | M] () -- D:\WINDOWS\System32\kr_done1
[2009-09-10 14:30:12 | 00,000,666 | ---- | M] () -- D:\WINDOWS\win.ini
[2009-09-10 14:30:12 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009-09-09 14:23:48 | 00,001,355 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2009-08-31 12:18:30 | 00,000,479 | ---- | M] () -- D:\Documents and Settings\r\Pulpit\Ares.lnk

[color=#E56717]========== LOP Check ==========[/color]

[2009-04-25 09:59:56 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji
[2009-04-25 11:55:26 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ahead
[2009-05-10 21:56:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\CyberLink
[2009-08-12 18:53:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Lite
[2009-08-28 12:33:34 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\FLEXnet
[2009-06-26 10:41:38 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton
[2009-04-25 21:19:40 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\NortonInstaller
[2009-04-25 20:41:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
[2009-04-25 09:59:56 | 00,000,000 | RH-D | M] -- D:\Documents and Settings\r\Dane aplikacji
[2009-05-17 10:53:40 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Ahead
[2009-05-13 19:03:30 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Crystal Player
[2009-05-10 21:56:22 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\CyberLink
[2009-08-12 18:47:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\DAEMON Tools Lite
[2009-08-12 19:18:50 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\DAEMON Tools Pro
[2009-07-05 11:10:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Dev-Cpp
[2009-08-25 11:44:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Download Manager
[2009-04-26 10:35:46 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Gadu-Gadu
[2009-05-31 21:47:08 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\gtk-2.0
[2009-04-25 11:48:10 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\InterTrust
[2009-04-27 20:15:30 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Notepad++
[2009-05-17 10:48:22 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Remere's Map Editor
[2009-05-17 11:13:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Tibia
[2009-05-22 16:11:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\r\Dane aplikacji\Ventrilo
[2001-10-30 14:00:00 | 00,000,065 | RH-- | M] () -- D:\WINDOWS\Tasks\desktop.ini
[2009-09-13 10:46:24 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\Tasks\SA.DAT
[2009-09-12 20:00:02 | 00,000,358 | ---- | M] () -- D:\WINDOWS\Tasks\HPpromotions journeysoftware.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
Piotrek05
~user
 
Posty: 37
Dołączenie: 06 Lut 2008, 20:19


Góra

Mój komputer działa tylko przez eksploruj.

Postprzez Andziorka 13 Wrz 2009, 12:45

I jak teraz, poprawiło się?
Mamy łańcuchy w głowach, nie na tętnicach.
Awatar użytkownika
Andziorka
~user
 
Posty: 584
Dołączenie: 07 Wrz 2009, 22:01
Pochwały: 71


Góra

Mój komputer działa tylko przez eksploruj.

Postprzez Piotrek05 13 Wrz 2009, 17:41

Tak. Wszystko jest ok tylko avast dalej pokazuje że wykrył trojana w pliku winlog.exe. Da się to jakoś unieszkodliwić?
Piotrek05
~user
 
Posty: 37
Dołączenie: 06 Lut 2008, 20:19


Góra

Mój komputer działa tylko przez eksploruj.

Postprzez Andziorka 13 Wrz 2009, 18:00

Usun zainfekowany plik winlogon.exe
włóż płytę z Windowsem
nastepnie wypakuj go z plyty,
wejdź w start, uruchom, wpisz: cmd i wpisz:
expand x:\i386\winlogon.ex_ C:\WINDOWS\system32\winlogon.exe
gdzie X to literka napędu
reset i zobacz czy nadal wykrywa
Mamy łańcuchy w głowach, nie na tętnicach.
Awatar użytkownika
Andziorka
~user
 
Posty: 584
Dołączenie: 07 Wrz 2009, 22:01
Pochwały: 71


Góra

Mój komputer działa tylko przez eksploruj.

Postprzez Piotrek05 14 Wrz 2009, 17:04

Dobra obejdzie się bez tego bo nie mam chyba płyty z Windowsem aktualnie w domu. Dziękuje temat do zamknięcia.

Dodano 17.09.2009 19:11:59:
Umpfh napisał(a):Usun zainfekowany plik winlogon.exe
włóż płytę z Windowsem
nastepnie wypakuj go z plyty,
wejdź w start, uruchom, wpisz: cmd i wpisz:
expand x:\i386\winlogon.ex_ C:\WINDOWS\system32\winlogon.exe
gdzie X to literka napędu
reset i zobacz czy nadal wykrywa

Jednak postanowiłem tak zrobić. Wypakowałem ten folder i386 do folderu(nie bezpośrednio na dysk), wcześniej usunąłem zainfekowany plik. Wszystko wpisuje dobrze ale wyskakuje błąd:
Nie można otworzyć pliku wejściowego d:\piotrek\i386\winlog.ex_.
A zawsze jest tak w tym okienku że na początku jest "D:\Documents and Setting\nazwa użytkownika>" ??
Piotrek05
~user
 
Posty: 37
Dołączenie: 06 Lut 2008, 20:19


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 12 gości

Powered by phpBB © Group
Forum Programosy.pl