Extras.Txt

C:\WINDOWS\TEMP\7za.exe jak się pozbyć robaka?

Wykonałem wszystko zgodnie z Twoimi zaleceniami. Dr. WEB nic nie wykrył, avast milczy, a przedtem piszczał po każdym odpaleniu systemu. Javę zaktualizowałem. Avast mam ustawiony na aktualizacje automatyczne i często aktualizuje bazę wirusów. To, że złapałem robala to moja wina bo Avast mnie ostrzegał przed wejściem na stronę ale zignorowałem ostrzeżenie. Dzięki za pomoc, przy okazji mam nowe narzędzie Dr. WEB on line. Dziękuję za pomoc i serdecznie pozdrawiam, miłego świątecznego dnia. Dodano po 26 : Już było dobrze, ale przeskanowałem jeszcze komputer avastem i znalazł mi to C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Windows Internet Name Service\wins.exe\ Dodano po 10 : proszę nowy log


OTL Extras logfile created on: 2010-11-01 14:49:34 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\galante\Pulpit\TATY
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 19,96 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 23,67 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 58,53 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 58,50 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
Drive G: | 58,59 Gb Total Space | 54,39 Gb Free Space | 92,82% Space Free | Partition Type: NTFS
Drive H: | 58,59 Gb Total Space | 54,47 Gb Free Space | 92,97% Space Free | Partition Type: NTFS
Drive I: | 58,59 Gb Total Space | 55,92 Gb Free Space | 95,43% Space Free | Partition Type: NTFS
Drive J: | 39,06 Gb Total Space | 39,00 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
Drive K: | 9,76 Gb Total Space | 9,67 Gb Free Space | 99,11% Space Free | Partition Type: NTFS
Drive L: | 9,77 Gb Total Space | 8,63 Gb Free Space | 88,32% Space Free | Partition Type: NTFS
Drive M: | 55,60 Gb Total Space | 42,30 Gb Free Space | 76,07% Space Free | Partition Type: NTFS

Computer Name: KUBUS | User Name: galante | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]

[HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\SOFTWARE\Classes\ & lt; extension & gt; ]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
exefile [open] -- " %1 " %*
htmlfile [edit] -- " D:\Microsoft Office\OFFICE11\msohtmed.exe " %1 (Microsoft Corporation)
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
" AntiVirusDisableNotify " = 0
" FirewallDisableNotify " = 0
" UpdatesDisableNotify " = 0
" AntiVirusOverride " = 0
" FirewallOverride " = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
" DisableSR " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
" Start " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
" Start " = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
" K:\SopCast\adv\SopAdver.exe " = K:\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
" K:\SopCast\SopCast.exe " = K:\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
" C:\Program Files\Java\jre6\bin\javaw.exe " = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
" D:\Gadu-Gadu 10\gg.exe " = D:\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
" D:\eMule\emule.exe " = D:\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
" K:\TVAnts\Tvants.exe " = K:\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
" C:\Documents and Settings\galante\Pulpit\Tvants.exe " = C:\Documents and Settings\galante\Pulpit\Tvants.exe:*:Enabled:TVAnts -- File not found


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {04F67CE9-C706-7C07-B882-4790D01C5A76} " = Catalyst Control Center Graphics Previews Common
" {11083C7A-D0D6-4DA4-8C3A-74B8389EC07B} " = ATI Catalyst Registration
" {18D10072035C4515918F7E37EAFAACFC} " = AutoUpdate
" {26A24AE4-039D-4CA4-87B4-2F83216015FF} " = Java(TM) 6 Update 22
" {350C9415-3D7C-4EE8-BAA9-00BCB3D54227} " = WebFldrs XP
" {4A03706F-666A-4037-7777-5F2748764D10} " = Java Auto Updater
" {5E3CB60D-627B-3B5C-2173-3EAB3397C9A1} " = Catalyst Control Center InstallProxy
" {63BF0B7D-DFB7-2A23-4212-E7C6D5196A46} " = ATI Stream SDK v2 Developer
" {716E0306-8318-4364-8B8F-0CC4E9376BAC} " = MSXML 4.0 SP2 Parser and SDK
" {7299052b-02a4-4627-81f2-1818da5d550d} " = Microsoft Visual C++ 2005 Redistributable
" {7B63B2922B174135AFC0E1377DD81EC2} " = DivX Codec
" {8279BD5B-F4B7-3B75-95F5-F1D2BB219C7F} " = ccc-utility
" {837b34e3-7c30-493c-8f6a-2b0f04e2912c} " = Microsoft Visual C++ 2005 Redistributable
" {8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3} " = The Lord of the Rings FREE Trial
" {90110415-6000-11D3-8CFE-0150048383C9} " = Microsoft Office Professional Edition 2003
" {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} " = Microsoft .NET Framework 3.0 Service Pack 2
" {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} " = Microsoft .NET Framework 2.0 Service Pack 2
" {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} " = Microsoft .NET Framework 3.5 SP1
" {D41FAAA9-8048-4906-86B2-9AADEA1FA0B7} " = SpeedTouch USB Software
" {DDA34038-89BD-4804-B0B8-DC48D5DFB463} " = Catalyst Control Center - Branding
" {E9AA8EB9-FCD1-4829-AE3C-F2D211C67F42} " = Internet Explorer
" {F12B55DE-186C-42CA-E9B4-9FA7B786D023} " = ccc-core-static
" {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} " = Realtek High Definition Audio Driver
" {F4731524-D4E9-2CCD-4471-5ABE373C3691} " = CCC Help English
" Adobe Flash Player ActiveX " = Adobe Flash Player 10 ActiveX
" Adobe Flash Player Plugin " = Adobe Flash Player 10 Plugin
" avast! " = avast! Antivirus
" ESET Online Scanner " = ESET Online Scanner v3
" Gadu-Gadu 10 " = Gadu-Gadu 10
" HijackThis " = HijackThis 2.0.2
" ie8 " = Windows Internet Explorer 8
" JDownloader " = JDownloader
" KLiteCodecPack_is1 " = K-Lite Codec Pack 6.2.0 (Basic)
" Microsoft .NET Framework 3.5 SP1 " = Microsoft .NET Framework 3.5 SP1
" Mozilla Firefox (3.6.12) " = Mozilla Firefox (3.6.12)
" MSCompPackV1 " = Microsoft Compression Client Pack 1.0 for Windows XP
" SopCast " = SopCast 3.2.9
" TVAnts 1.0 " = TVAnts 1.0
" Windows Media Format Runtime " = Windows Media Format 11 runtime
" Windows Media Player " = Windows Media Player 11
" Windows XP Service Pack " = Windows XP Service Pack 3
" WinRAR archiver " = Archiwizator WinRAR
" WMFDist11 " = Windows Media Format 11 runtime
" wmp11 " = Windows Media Player 11
" Wudf01000 " = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-10-31 02:19:48 | Computer Name = KUBUS | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd tvplayer.exe, wersja 4.8.0.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.5781, adres błędu 0x00012afb.

Error - 2010-10-31 04:41:36 | Computer Name = KUBUS | Source = Wudf01000 | ID = 921877
Description =

Error - 2010-10-31 18:16:02 | Computer Name = KUBUS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 pmcloader.exe, P2 1.0.2826.13127, P3 46fb4aff,
P4 pmcloader, P5 1.0.2826.13127, P6 46fb4aff, P7 14, P8 ce, P9 system.io.directorynotfound,
P10 NIL.

[ System Events ]
Error - 2010-10-30 20:00:27 | Computer Name = KUBUS | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT; ostatni błąd:
Odnośny zestaw nie jest zainstalowany w tym systemie.

Error - 2010-10-30 20:00:28 | Computer Name = KUBUS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.CRT. Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .

Error - 2010-10-30 20:00:28 | Computer Name = KUBUS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\WINDOWS\system32\atiadlxx.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .

Error - 2010-10-30 20:00:28 | Computer Name = KUBUS | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT; ostatni błąd:
Odnośny zestaw nie jest zainstalowany w tym systemie.

Error - 2010-10-30 20:00:28 | Computer Name = KUBUS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.CRT. Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .

Error - 2010-10-30 20:00:28 | Computer Name = KUBUS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\WINDOWS\system32\atiadlxx.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .

Error - 2010-10-31 18:15:56 | Computer Name = KUBUS | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {2FB50924-AA68-4BE2-81FA-C9220A0830A7}.
Błąd:
,,%3"
wystąpił
podczas uruchamiania tego polecenia: " D:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe "
-Embedding

Error - 2010-10-31 18:16:01 | Computer Name = KUBUS | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {2FB50924-AA68-4BE2-81FA-C9220A0830A7}.
Błąd:
,,%3"
wystąpił
podczas uruchamiania tego polecenia: " D:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe "
-Embedding

Error - 2010-11-01 08:44:46 | Computer Name = KUBUS | Source = Service Control Manager | ID = 7034
Description = Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-11-01 08:44:47 | Computer Name = KUBUS | Source = Service Control Manager | ID = 7034
Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.


& lt; End of report & gt;


Pobierz plik - link do postu