Dr Web nic nie znalazł. Mbam drugi raz nie skanowałem ale generalnie ilość procesów wróciła do normy. Logi z OTL niżej.
OTL Extras logfile created on: 2013-01-15 21:57:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Viris\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2.96 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 81.51% Memory free
4.80 Gb Paging File | 4.11 Gb Available in Paging File | 85.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.51% Space Free | Partition Type: NTFS
Drive D: | 136.71 Gb Total Space | 11.70 Gb Free Space | 8.56% Space Free | Partition Type: NTFS
Drive E: | 150.53 Gb Total Space | 79.35 Gb Free Space | 52.72% Space Free | Partition Type: NTFS
Computer Name: ZAKON-05F43C88D | User Name: Viris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL " %1 " ,%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-329068152-1606980848-839522115-1003\SOFTWARE\Classes\ & lt; extension & gt; ]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL " %1 " ,%*
exefile [open] -- " %1 " %*
http [open] -- " C:\Program Files\Opera\Opera.exe " " %1 " (Opera Software)
https [open] -- " C:\Program Files\Opera\Opera.exe " " %1 " (Opera Software)
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- " C:\Program Files\Winamp\winamp.exe " /BOOKMARK " %1 " (Nullsoft)
Directory [Winamp.Enqueue] -- " C:\Program Files\Winamp\winamp.exe " /ADD " %1 " (Nullsoft)
Directory [Winamp.Play] -- " C:\Program Files\Winamp\winamp.exe " " %1 " (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
" FirstRunDisabled " = 1
" AntiVirusDisableNotify " = 0
" FirewallDisableNotify " = 0
" UpdatesDisableNotify " = 0
" AntiVirusOverride " = 0
" FirewallOverride " = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
" DisableSR " = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
" Start " = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
" Start " = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
" 139:TCP " = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
" 445:TCP " = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
" 137:UDP " = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
" 138:UDP " = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
" EnableFirewall " = 1
" DoNotAllowExceptions " = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
" 1900:UDP " = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
" 2869:TCP " = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
" 139:TCP " = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
" 445:TCP " = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
" 137:UDP " = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
" 138:UDP " = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
" %windir%\system32\sessmgr.exe " = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
" %windir%\Network Diagnostic\xpnetdiag.exe " = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
" %windir%\system32\sessmgr.exe " = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
" C:\Program Files\Konnekt\konnekt.exe " = C:\Program Files\Konnekt\konnekt.exe:*:Enabled:Konnekt - Core
" D:\Quake 3\Quake III Arena\quake3.exe " = D:\Quake 3\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
" C:\Program Files\Skype\Plugin Manager\skypePM.exe " = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
" %windir%\Network Diagnostic\xpnetdiag.exe " = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
" C:\Program Files\uTorrent\uTorrent.exe " = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent -- (BitTorrent, Inc.)
" D:\Motocross\MCM2.EXE " = D:\Motocross\MCM2.EXE:*:Enabled:Microsoft(R) Motocross Madness 2
" C:\Program Files\Opera\opera.exe " = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
" F:\fscommand\CKSocketServer.exe " = F:\fscommand\CKSocketServer.exe:*:Enabled:Socket Server
" C:\Program Files\Java\jre6\bin\java.exe " = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
" D:\mt2\PandoraMT2\metin2.bin " = D:\mt2\PandoraMT2\metin2.bin:*:Enabled:metin2
" D:\Moto Gp 08\Launcher.exe " = D:\Moto Gp 08\Launcher.exe:*:Enabled:MotoGP 08
" D:\UT2004\System\UT2004.exe " = D:\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
" D:\nfs u\Speed.exe " = D:\nfs u\Speed.exe:*:Enabled:Speed
" C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe " = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
" D:\DivineWorld\DivineWorld\Divine.exe " = D:\DivineWorld\DivineWorld\Divine.exe:*:Enabled:Divine
" D:\Torrent\Colin McRae Rally 04.nrg\F1 2007\F1 2007\f1 challenge 99-02.exe " = D:\Torrent\Colin McRae Rally 04.nrg\F1 2007\F1 2007\f1 challenge 99-02.exe:*:Enabled:F1 Challenge 99-02
" E:\nascar\NASCAR_Thunder_2004.exe " = E:\nascar\NASCAR_Thunder_2004.exe:*:Enabled:NASCAR Thunder TM 2004
" C:\Program Files\Skype\Phone\Skype.exe " = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {26A24AE4-039D-4CA4-87B4-2F83217007FF} " = Java 7 Update 11
" {350C9415-3D7C-4EE8-BAA9-00BCB3D54227} " = WebFldrs XP
" {4A03706F-666A-4037-7777-5F2748764D10} " = Java Auto Updater
" {4BB1DCED-84D3-47F9-B718-5947E904593E} " = Lenovo EasyCamera
" {55A41219-9B22-4098-BAE7-AE289B3C569A}_is1 " = Panda USB Vaccine 1.0.1.4
" {56C049BE-79E9-4502-BEA7-9754A3E60F9B} " = neroxml
" {5C82DAE5-6EB0-4374-9254-BE3319BA4E82} " = Skype(TM) 3.8
" {6068A42A-C1CF-45F2-9859-5DB16287FE5D} " = msvcrt_installer
" {6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} " = MSVC80_x86_v2
" {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} " = Microsoft .NET Framework 2.0
" {84814E6B-2581-46EC-926A-823BD1C670F6} " = WIDCOMM Bluetooth Software
" {8991E763-21F5-4DEA-A938-5D9D77DCB488} " = Broadcom WLAN
" {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} " = Microsoft Silverlight
" {90110415-6000-11D3-8CFE-0150048383C9} " = Microsoft Office Professional Edition 2003
" {90170415-6000-11D3-8CFE-0150048383C9} " = Microsoft Office FrontPage 2003
" {91C0B95B-B83A-4828-A775-BBE2DD421045} " = Nero 7 Ultra Edition
" {96AE7E41-E34E-47D0-AC07-1091A8127911} " = USB2.0 Card Reader Software
" {9A25302D-30C0-39D9-BD6F-21E6EC160475} " = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
" {9E325417-AE9C-4EE1-A158-13DF451A5987} " = Broadcom Gigabit Integrated Controller
" {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} " = ALPS Touch Pad Driver
" {A43BF6A5-D5F0-4AAA-BF41-65995063EC44} " = MSXML 6.0 Parser
" {AE1E24C2-E720-42D5-B8E1-48F71A97B4DB} " = Energy Management
" {AF111648-99A1-453E-81DD-80DBBF6DAD0D} " = MSVC90_x86
" {B0650E3D-FDCA-4908-B74B-0CC1731BDB93} " = Microsoft Tool Web Package : EXCTRLST.EXE
" {BE9122B8-8E6A-428A-A0D4-EF48F304B2D4}_is1 " = Quake III Arena + OSP + PR 1.32 + Bid For Power
" Adobe Flash Player ActiveX " = Adobe Flash Player 11 ActiveX
" Adobe Flash Player Plugin " = Adobe Flash Player 11 Plugin
" avast! " = avast! Antivirus
" CNXT_AUDIO_HDA " = Conexant HD Audio
" Foxit Reader_is1 " = Foxit Reader 5.1
" HDMI " = Intel(R) Graphics Media Accelerator Driver
" ie8 " = Windows Internet Explorer 8
" LAME_is1 " = LAME v3.99.3 (for Windows)
" Microsoft .NET Framework 2.0 " = Microsoft .NET Framework 2.0
" MSCompPackV1 " = Microsoft Compression Client Pack 1.0 for Windows XP
" NapiProjekt_is1 " = NapiProjekt 1.0.6.5
" NLSDownlevelMapping " = Microsoft National Language Support Downlevel APIs
" Opera 12.12.1707 " = Opera 12.12
" RealAlt_is1 " = Real Alternative 2.0.1
" SubEdit-Player_is1 " = SubEdit-Player
" uTorrent " = uTorrent
" Wdf01005 " = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
" Wdf01009 " = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
" Winamp " = Winamp (remove only)
" Windows Media Format Runtime " = Windows Media Format 11 runtime
" Windows Media Player " = Windows Media Player 11
" Windows XP Service Pack " = Windows XP Service Pack 3
" WinRAR archiver " = Archiwizator WinRAR
" WMFDist11 " = Windows Media Format 11 runtime
" wmp11 " = Windows Media Player 11
" Wudf01000 " = Microsoft User-Mode Driver Framework Feature Pack 1.0
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Antivirus Events ]
Error - 2012-02-03 12:59:53 | Computer Name = ZAKON-05F43C88D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\WWW\WWW\highslide\images\thumbs\zlatarni2.jpg failed, 00000005.
[ Application Events ]
Error - 2012-10-22 03:34:35 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd screamer.exe, wersja 0.4.4.0, moduł powodujący
błąd screamer.exe, wersja 0.4.4.0, adres błędu 0x0011da45.
Error - 2012-11-15 14:39:25 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd farmingsimulator2013game.exe, wersja 1.0.0.1,
moduł powodujący błąd ig4dev32.dll, wersja 6.14.10.5002, adres błędu 0x0000bea0.
Error - 2012-11-15 14:40:41 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd farmingsimulator2013game.exe, wersja 1.0.0.1,
moduł powodujący błąd ig4dev32.dll, wersja 6.14.10.5002, adres błędu 0x000d23c6.
Error - 2012-11-15 16:30:22 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 6.4.9.1, moduł powodujący
błąd mplayerc.exe, wersja 6.4.9.1, adres błędu 0x001e24e0.
Error - 2012-11-15 16:30:30 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 6.4.9.1, moduł powodujący
błąd mplayerc.exe, wersja 6.4.9.1, adres błędu 0x001e24e0.
Error - 2012-11-15 16:32:35 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 6.4.9.1, moduł powodujący
błąd mplayerc.exe, wersja 6.4.9.1, adres błędu 0x001e24e0.
Error - 2012-12-08 04:25:10 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd screamer.exe, wersja 0.4.4.0, moduł powodujący
błąd screamer.exe, wersja 0.4.4.0, adres błędu 0x0011da45.
Error - 2012-12-26 06:23:34 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd set1.tmp, wersja 11.0.0.28844, moduł powodujący
błąd , wersja 0.0.0.0, adres błędu 0x00000000.
Error - 2012-12-26 06:23:52 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd set3.tmp, wersja 11.0.0.28844, moduł powodujący
błąd , wersja 0.0.0.0, adres błędu 0x00000000.
Error - 2012-12-26 06:25:11 | Computer Name = ZAKON-05F43C88D | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd set5.tmp, wersja 11.0.0.28844, moduł powodujący
błąd , wersja 0.0.0.0, adres błędu 0x00000000.
[ System Events ]
Error - 2013-01-13 14:07:31 | Computer Name = ZAKON-05F43C88D | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.12 dla karty sieciowej o adresie 0C60769A1182
został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).
Error - 2013-01-14 04:37:31 | Computer Name = ZAKON-05F43C88D | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd ,,%1058" podczas próby uruchomienia usługi
wuauserv z argumentami ,," w celu uruchomienia serwera: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 2013-01-14 04:37:32 | Computer Name = ZAKON-05F43C88D | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd ,,%1058" podczas próby uruchomienia usługi
BITS z argumentami ,," w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 2013-01-14 04:37:32 | Computer Name = ZAKON-05F43C88D | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd ,,%1058" podczas próby uruchomienia usługi
wuauserv z argumentami ,," w celu uruchomienia serwera: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 2013-01-14 14:53:42 | Computer Name = ZAKON-05F43C88D | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd ,,%1058" podczas próby uruchomienia usługi
BITS z argumentami ,," w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097}
Error - 2013-01-14 15:19:20 | Computer Name = ZAKON-05F43C88D | Source = PlugPlayManager | ID = 11
Description = Urządzenie Root\LEGACY_17459111\0000 zniknęło z systemu bez uprzedniego
przygotowania go do usunięcia.
Error - 2013-01-14 15:22:28 | Computer Name = ZAKON-05F43C88D | Source = Service Control Manager | ID = 7034
Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.
Error - 2013-01-15 16:08:19 | Computer Name = ZAKON-05F43C88D | Source = Service Control Manager | ID = 7034
Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.
Error - 2013-01-15 16:14:18 | Computer Name = ZAKON-05F43C88D | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd ,,%1058" podczas próby uruchomienia usługi
wuauserv z argumentami ,," w celu uruchomienia serwera: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 2013-01-15 16:35:11 | Computer Name = ZAKON-05F43C88D | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.
& lt; End of report & gt;