Ukash - zablokowany komputer

[McRo]

witam.

Problem chyba wszystkim znany. W czasie startu systemu, gdy już jest pulpit pojawia się informacje żebym zapłacił pieniądze. Próbowałem różnych metod z OLT zamieszczonych na tych forum. Nie działa.

System Windows XP 32-bit.

 

 

P.S. W GMER po skanowaniu mam pusty ekran programu i nic nie chce mi zapisać gdy kilkam w kopiuj. Mam nadzieje ze brak GMERa nie bedzie problemem.

 

Pozdrawiam

OTL.Txt

Extras.Txt

[Landuss]

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

 

:OTL
SRV - File not found [Auto | Stopped] -- c:\program files\lenovo\system update\suservice.exe -- (SUService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tvtpktfilter.sys -- (TVTPktFilter)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1297221847-1997709127-2785810652-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start File not found
O4 - HKLM..\Run: [sqlServerSpatial] C:\Documents and Settings\ksusfal\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4274\SqlServerSpatial.exe ()
[2012-07-03 11:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ksusfal\Dane aplikacji\hellomoto
[2012-07-03 15:29:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
 
:Files
C:\Documents and Settings\ksusfal\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4274
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

 

Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez ekstras)

[McRo]

Bardzo dziękuje. Już nie wyskakuje.

OTL.Txt

[Landuss]

Wszystko poprawnie usunięte. Przejdź do kroków końcowych:

 

1. Użyj opcji Sprzątanie z OTL.

 

2. Opróżnij folder przywracania systemu: KLIK

 

3. Zaktualizuj Jave i Adobe Reader do najnowszych wersji: KLIK

 

4. Dla bezpieczeństwa zmień hasła logowania do serwisów w sieci.

[McRo]

Jeszcze raz dziękuje

[McRo]

witam.

Problem chyba wszystkim znany. W czasie startu systemu, gdy już jest pulpit pojawia się informacje żebym zapłacił pieniądze. Próbowałem różnych metod z OLT zamieszczonych na tych forum. Nie działa.

System Windows XP 32-bit.

 

 

P.S. W GMER po skanowaniu mam pusty ekran programu i nic nie chce mi zapisać gdy kilkam w kopiuj. Mam nadzieje ze brak GMERa nie bedzie problemem.

 

Pozdrawiam

Extras.Txt

OTL.Txt

[Landuss]

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

 

:OTL
O4 - HKLM..\Run: [obuhmkxqeflxbff] C:\Documents and Settings\All Users\Dane aplikacji\obuhmkxq.exe ()
O4 - HKU\S-1-5-21-1297221847-1997709127-2785810652-1005..\Run: [obuhmkxqeflxbff] C:\Documents and Settings\All Users\Dane aplikacji\obuhmkxq.exe ()
 
:Files
C:\Documents and Settings\All Users\Dane aplikacji\noopubfyeaewmba
C:\Documents and Settings\All Users\Dane aplikacji\qgkgnghdwnnbhyi
C:\Documents and Settings\All Users\Dane aplikacji\tvmmisdl.exe
C:\Documents and Settings\All Users\Dane aplikacji\fbfszirp.exe
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

 

Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez extras)

[McRo]

OTL logfile created on: 2012-08-13 08:19:02 - Run 2

OTL by OldTimer - Version 3.2.56.0 Folder = E:\

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,96 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 75,31% Memory free

3,81 Gb Paging File | 3,48 Gb Available in Paging File | 91,28% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142,52 Gb Total Space | 120,51 Gb Free Space | 84,56% Space Free | Partition Type: NTFS

Drive E: | 14,83 Gb Total Space | 11,90 Gb Free Space | 80,25% Space Free | Partition Type: FAT32

 

Computer Name: COMPANY | User Name: ksusfal | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012-08-10 10:13:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

PRC - [2010-10-01 17:09:46 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe

PRC - [2010-05-24 14:10:14 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe

PRC - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2010-02-25 18:45:50 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2010-02-25 18:45:48 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

PRC - [2010-02-25 18:45:48 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2010-01-18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2009-12-21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2009-11-24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2009-10-01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

MOD - [2010-02-25 18:45:58 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll

MOD - [2010-02-25 18:45:58 | 000,075,112 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll

MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL

MOD - [2005-11-14 15:43:58 | 000,029,152 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\FSPPMFP.DLL

MOD - [2005-02-08 16:23:10 | 000,979,005 | ---- | M] () -- C:\Program Files\ClamWin\bin\python23.dll

MOD - [2004-11-20 02:27:54 | 000,106,496 | ---- | M] () -- C:\Program Files\ClamWin\lib\shell.pyd

MOD - [2004-11-20 02:27:54 | 000,086,016 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32gui.pyd

MOD - [2004-11-20 02:27:54 | 000,077,824 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32file.pyd

MOD - [2004-11-20 02:27:54 | 000,069,632 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32api.pyd

MOD - [2004-11-20 02:27:54 | 000,065,536 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32security.pyd

MOD - [2004-11-20 02:27:54 | 000,036,864 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32process.pyd

MOD - [2004-11-20 02:27:54 | 000,024,576 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32pipe.pyd

MOD - [2004-11-20 02:27:54 | 000,024,576 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32event.pyd

MOD - [2004-10-11 19:22:18 | 000,315,392 | ---- | M] () -- C:\Program Files\ClamWin\lib\pythoncom23.dll

MOD - [2004-10-11 19:21:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ClamWin\lib\pywintypes23.dll

MOD - [2004-05-25 20:20:30 | 000,036,864 | ---- | M] () -- C:\Program Files\ClamWin\lib\_winreg.pyd

MOD - [2004-05-25 20:19:32 | 000,045,117 | ---- | M] () -- C:\Program Files\ClamWin\lib\datetime.pyd

MOD - [2004-05-25 20:18:42 | 000,495,616 | ---- | M] () -- C:\Program Files\ClamWin\lib\_ssl.pyd

MOD - [2004-05-25 20:18:28 | 000,057,401 | ---- | M] () -- C:\Program Files\ClamWin\lib\_sre.pyd

MOD - [2004-05-25 20:18:20 | 000,049,212 | ---- | M] () -- C:\Program Files\ClamWin\lib\_socket.pyd

MOD - [2004-05-25 20:17:14 | 000,622,651 | ---- | M] () -- C:\Program Files\ClamWin\lib\_bsddb.pyd

MOD - [2004-01-15 13:45:22 | 000,061,440 | ---- | M] () -- C:\Program Files\ClamWin\lib\_ctypes.pyd

MOD - [2003-10-01 12:40:00 | 002,240,512 | ---- | M] () -- C:\Program Files\ClamWin\lib\wxc.pyd

MOD - [2003-10-01 10:43:02 | 003,239,936 | ---- | M] () -- C:\Program Files\ClamWin\lib\wxmsw24h.dll

MOD - [2003-08-10 08:14:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ClamWin\lib\mxDateTime.pyd

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012-08-07 08:38:56 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2010-02-25 18:45:48 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2010-01-18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2009-11-17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2010-10-01 17:09:46 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2010-03-01 10:14:00 | 000,992,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2010-03-01 10:14:00 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2010-03-01 10:14:00 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2010-03-01 10:14:00 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2010-03-01 10:14:00 | 000,047,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2008-05-12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2007-08-08 13:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007-07-30 04:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007-07-30 03:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007-05-22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)

DRV - [2007-05-22 09:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2007-04-30 06:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)

DRV - [2006-12-22 04:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2006-12-22 04:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2006-12-22 04:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2001-10-26 18:00:44 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = "http://www.lenovo.com/welcome/thinkpad" [binary data]

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://lenovo.live.com"

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = "http://www.lenovo.com/welcome/thinkpad" [binary data]

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://lenovo.live.com"

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1297221847-1997709127-2785810652-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1297221847-1997709127-2785810652-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://google.pl/"

IE - HKU\S-1-5-21-1297221847-1997709127-2785810652-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1297221847-1997709127-2785810652-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"

IE - HKU\S-1-5-21-1297221847-1997709127-2785810652-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

========== Chrome ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: "http://www.google.pl/"

 

O1 HOSTS File: ([2004-08-04 23:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKU\S-1-5-21-1297221847-1997709127-2785810652-1005..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1297221847-1997709127-2785810652-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341383101734" (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab" (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 194.204.152.34

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{501FBF66-F53A-4E1D-9AB3-C910D0F8F1D3}: DhcpNameServer = 194.204.159.1 194.204.152.34

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe File not found

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\ksusfal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\ksusfal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-03-02 06:00:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-07-30 16:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ksusfal\Pulpit\Damian Figórki

 

========== Files - Modified Within 30 Days ==========

 

[2012-08-13 08:17:58 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-08-13 08:17:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-08-13 08:17:23 | 2103,697,408 | -HS- | M] () -- C:\hiberfil.sys

[2012-08-08 18:36:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012-08-08 10:31:00 | 002,651,648 | ---- | M] () -- C:\Documents and Settings\ksusfal\Pulpit\ferrrari.pps

[2012-08-07 08:38:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012-08-07 08:38:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012-08-01 09:54:44 | 000,484,597 | ---- | M] () -- C:\Documents and Settings\ksusfal\Moje dokumenty\umowa CCP 31.07. 2012 C253 Bizhub Dom Maklerski.pdf

[2012-07-26 16:11:18 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\ksusfal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== Files Created - No Company Name ==========

 

[2012-08-13 08:17:23 | 2103,697,408 | -HS- | C] () -- C:\hiberfil.sys

[2012-08-08 10:31:00 | 002,651,648 | ---- | C] () -- C:\Documents and Settings\ksusfal\Pulpit\ferrrari.pps

[2012-08-01 09:54:40 | 000,484,597 | ---- | C] () -- C:\Documents and Settings\ksusfal\Moje dokumenty\umowa CCP 31.07. 2012 C253 Bizhub Dom Maklerski.pdf

[2012-02-15 12:28:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011-07-14 12:21:37 | 000,000,616 | ---- | C] () -- C:\WINDOWS\System32\NTS5CSET.INI

[2011-03-15 09:36:54 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\KOAZXJ_L.DLL

[2011-01-07 17:13:07 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\ksusfal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-05-12 16:07:09 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\ksusfal\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

 

========== LOP Check ==========

 

[2010-05-12 16:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Leadertech

[2010-05-12 15:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Lenovo

[2010-05-13 10:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited

[2010-05-12 15:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lenovo

[2010-10-01 17:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TrueCrypt

[2010-05-12 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\UIB

[2010-05-12 15:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Lenovo

[2010-05-13 10:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksusfal\Dane aplikacji\Canneverbe Limited

[2010-05-12 15:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksusfal\Dane aplikacji\Lenovo

[2010-10-14 14:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksusfal\Dane aplikacji\Minolta

[2010-05-13 09:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksusfal\Dane aplikacji\PasswordTraveler-E

[2010-10-01 20:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ksusfal\Dane aplikacji\TrueCrypt

[2010-05-12 16:06:31 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Przypomnienie o rejestracji 2.job

[2010-05-12 16:06:31 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Przypomnienie o rejestracji 3.job

 

========== Purity Check ==========

 

< End of report >

 

 

Tak wpisuję bo nie mogę wstawić pliku.

[Landuss]

Wszystko usunięte. Problem masz z głowy. Wykonaj kroki końcowe:

 

1. Użyj opcji Sprzątanie z OTL.

 

2. Opróżnij przywracanie systemu: KLIK

 

3. Zaktualizuj wymienione programy do najnowszych wersji:

 

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 29

"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish

 

Szczegóły aktualizacyjne: KLIK

 

4. Dla bezpieczeństwa zmień hasła logowania do serwisów w sieci.