Komendy w "uruchom" nie dzialaja?


(Przemekb29) #1

Otoz od jakiegos czasu mam problem. Nie moge wejsc do rejestru nie dzialaja komendy w "uruchom" jak np. cmd.exe. (pojawia sie pusty pulpit i pochwili wraca do poprzedniej formy). Prawdopodobnie wbil mi sie jakis "syf" na komputer.

Log z hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:27:58, on 2009-05-08

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: RAID Manager.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--

End of file - 8211 bytes

Licze na waszą pomoc.


(Leon$) #2

Zastosuj Malwarebytes' Anti-Malware http://cybertrash.pl/Tata/MBAM/Malwarebytes_%20Anti-Malware.html pełny skan - jak coś znajdzie to usuń zaznaczone - pokaż log

Pobierz DDS http://www.searchengines.pl/index.php?s ... ntry392369 przeskanuj daj log DDS.txt i Attach.txt

:slight_smile:


(Przemekb29) #3

Ok. a wiec:

Przeskanowalem 1 programem i znalazlo 2 zainfekowane - dalem usun zaznaczone. Pojawila sie informacja ze potrzebny bedzie restart, wiec sie zgodzilem...

log:

Malwarebytes' Anti-Malware 1.36

Wersja bazy definicji: 1945

Windows 5.1.2600 Dodatek Service Pack 3

2009-05-08 19:05:51

mbam-log-2009-05-08 (19-05-51).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)

Przeskanowane obiekty: 172199

Upłynęło: 41 minute(s), 53 second(s)

Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 0

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 1

Zainfekowane foldery: 0

Zainfekowane pliki: 1

Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:

(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowane foldery:

(Nie wykryto groźnych plików)

Zainfekowane pliki:

C:\WINDOWS\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.

Jesli chodzi o drugi plik to pobralem pliki dds.pif oraz dds.scr probowalem je odpalic lecz pojawialo sie czarne okienko i natychmiast znikalo... nadal wystepuje problem z dostepem do rejestru i komendami w uruchom.


2 log:

OTListIt Extras logfile created on: 2009-05-08 21:25:43 - Run 1

OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\Przemas\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511.23 Mb Total Physical Memory | 181.11 Mb Available Physical Memory | 35.43% Memory free

1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.48% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 31.25 Gb Total Space | 15.37 Gb Free Space | 49.20% Space Free | Partition Type: NTFS

Drive D: | 21.61 Gb Total Space | 1.66 Gb Free Space | 7.66% Space Free | Partition Type: FAT32

Drive E: | 21.66 Gb Total Space | 4.45 Gb Free Space | 20.56% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PPP-6D36EB58B29

Current User Name: Przemas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

"8461:TCP" = 8461:TCP:*:Enabled:GoD High Port

"8462:TCP" = 8462:TCP:*:Enabled:GoD Low Port

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-01-15 17:09:02 | 06,290,944 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl

2007-12-27 17:45:36 | 00,864,313 | ---- | M -- E:\Gry\Quake 3 demo\quake3.exe:*:Enabled:quake3

2006-05-08 09:37:00 | 01,286,144 | ---- | M -- E:\Gry\Enemy territory\ET.exe:*:Enabled:ET

2005-03-10 15:00:26 | 01,286,144 | ---- | M -- E:\Gry\Enemy territory\ET+set com_hunkMegs 256.exe:*:Enabled:ET+set com_hunkMegs 256

[2005-05-11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

[2005-05-12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe

[2005-05-24 02:17:46 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

[2005-05-24 02:18:00 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

[2005-05-24 02:13:32 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe

2005-05-12 10:06:08 | 00,200,704 | ---- | M -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

2005-05-12 07:28:02 | 01,081,344 | ---- | M -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

[2005-05-24 02:42:00 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe

2005-05-12 08:34:58 | 00,151,635 | ---- | M -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe

[2005-05-24 02:18:52 | 00,458,752 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

2005-03-15 15:12:10 | 00,417,792 | ---- | M -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe

2005-03-15 15:17:50 | 00,704,512 | ---- | M -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe

[2005-05-24 02:34:36 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe

2006-05-08 09:37:00 | 00,581,632 | ---- | M -- E:\Gry\Enemy territory\ETDED.exe:*:Enabled:ETDED

File not found -- E:\Ares\Ares.exe:*:Enabled:Ares p2p for windows

File not found -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule

2003-11-14 03:34:06 | 00,389,120 | ---- | M -- E:\Gry\C.S 1.6\hlds.exe:*:Enabled:HLDS Launcher

[2008-04-14 19:21:19 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer

[2007-07-24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

2008-08-02 20:51:12 | 00,081,920 | ---- | M -- E:\Gry\C.S 1.6\hl.exe:*:Enabled:Half-Life Launcher

File not found -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows

File not found -- C:\Program Files\Zeus\giFT\giftl.exe:*:Enabled:giFT Loader for KCeasy (http://www.kceasy.com)

File not found -- E:\Kazaa\Kazaa Lite Rewolucja\kazaalite.kpp:*:Enabled:kazaalite

[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- E:\Gry\Secret service\Bin\ss.exe:*:Disabled:ss

2009-03-16 11:15:28 | 00,812,544 | ---- | M -- E:\Gry\Metin 2\metin2.bin:*:Enabled:metin2

[2007-09-06 18:01:10 | 12,836,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007-08-29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2007-08-28 23:43:30 | 01,022,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2000-04-30 02:08:02 | 01,577,005 | ---- | M] (Rainbow Multimedia Group, Inc) -- E:\Gry\Motocross Madness 2\MCM2.ICD:*:Enabled:Microsoft® Motocross Madness 2

[2001-07-07 10:45:32 | 01,441,792 | ---- | M] (Raven Software) -- E:\Gry\Soldier of Fortune\SoF.exe:*:Enabled:SoF

File not found -- C:\Documents and Settings\Przemas\Pulpit\Metin 2\Metin.exe:*:Enabled:Metin

File not found -- C:\Documents and Settings\Przemas\Pulpit\Metin 2\metin2.bin:*:Enabled:metin2

[2002-08-23 00:24:02 | 01,799,168 | ---- | M] (mIRC Co. Ltd.) -- E:\mirc\mirc.exe:*:Enabled:mIRC

2003-11-14 03:34:06 | 00,221,184 | ---- | M -- E:\Gry\C.S 1.6\hltv.exe:*:Enabled:HLTV Launcher

2008-06-10 16:29:05 | 02,719,744 | R--- | M -- E:\Gry\Stronghold Crusader\Stronghold Crusader.exe:*:Disabled:Stronghold Crusader

[2008-12-10 01:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server

[2008-02-06 18:37:52 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath

[2009-04-20 16:56:20 | 09,818,728 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu

1999-11-24 02:02:54 | 00,864,313 | ---- | M -- E:\Gry\Q3 arena\quake3.exe:*:Enabled:quake3

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{44734179-8A79-4DEE-BB08-73037F065543}" = Obsługa urządzeń mobilnych Apple

"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour

"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6

"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{2D1F88C2-ADAE-47C4-8648-6EA8F7E6EB2D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{94A4609B-0414-4427-81F3-0FD282A2D0D3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}" = InterVideo Disc Master 2

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{FB132F09-DCF1-46EA-AE92-F8B42AB7BAD4}" = Stunt GP

"{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}" = ITE IT8212 ATA RAID Controller

"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"7-Zip" = 7-Zip 4.58 alpha 9

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI

"Asystent Plusfon 401i_is1" = Asystent Plusfon 401i V1.6.12

"ATI Display Driver" = ATI Display Driver

"avast!" = avast! Antivirus

"C-Media Audio Driver" = C-Media High Definition Audio Driver

"Creative Live! Cam Vista IM User's Guide English" = Creative Live! Cam Vista IM User's Guide (English)

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)

"Creative WebCam Center" = Creative WebCam Center

"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series

"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.3.1 Komputer ŚWIAT Extra 4/2005 Cover CD E

"DrTweakXP" = DoctorTweak XP v1.75

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 5.3

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"IVONA - syntezator mowy, wersja rehabilitacyjna" = IVONA - syntezator mowy, wersja rehabilitacyjna

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"mIRC" = mIRC

"Motocross Madness 2" = Microsoft Motocross Madness 2

"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NeroVision!UninstallKey" = NeroVision Express 2

"Niezbędnik CD_is1" = Niezbędnik CD

"NMPUninstallKey" = Nero Media Player

"Nowe Gadu-Gadu" = Nowe Gadu-Gadu

"PhotoScape" = PhotoScape

"Quake III Arena" = Quake III Arena

"Sjboy_is1" = Sjboy Beta4

"Smart Defrag_is1" = Smart Defrag 1.02

"Soldier of Fortune Platinum" = Soldier of Fortune Platinum

"SysInfo" = Creative System Information

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Tlen.pl" = Tlen.pl

"WampServer 2_is1" = WampServer 2.0

"Winamp" = Winamp

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.4.7

========== Last 10 Event Log Errors ==========

[Antivirus Events]

Error - 2009-05-06 07:52:56 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\QXAQA0WA.DEFAULT\EXTENSIONS{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}\DEFAULTS\PREFERENCES\PREFS-DWHELPER.JS

failed, 00000005.

Error - 2009-05-06 07:52:56 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\QXAQA0WA.DEFAULT\PREFS.JS

failed, 00000005.

Error - 2009-05-08 10:37:25 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\USTAWIENIA LOKALNE\TEMPORARY INTERNET FILES\CONTENT.IE5\9F3XHMU7\METIN2_HEADER2[1].JPG

failed, 00000005.

Error - 2009-05-08 10:37:25 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\USTAWIENIA LOKALNE\TEMPORARY INTERNET FILES\CONTENT.IE5\9F3XHMU7\METIN2_BG3[1].JPG

failed, 00000005.

Error - 2009-05-08 10:37:25 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\USTAWIENIA LOKALNE\TEMPORARY INTERNET FILES\CONTENT.IE5\9F3XHMU7\METIN2_UNTEN2[1].JPG

failed, 00000005.

Error - 2009-05-08 10:37:56 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\QXAQA0WA.DEFAULT\EXTENSIONS{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}\DEFAULTS\PREFERENCES\PREFS-DWHELPER.JS

failed, 00000005.

Error - 2009-05-08 10:37:56 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\QXAQA0WA.DEFAULT\PREFS.JS

failed, 00000005.

Error - 2009-05-08 13:35:19 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\USTAWIENIA LOKALNE\TEMPORARY INTERNET FILES\CONTENT.IE5\9F3XHMU7\METIN2_HEADER2[1].JPG

failed, 00000005.

Error - 2009-05-08 13:35:19 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\USTAWIENIA LOKALNE\TEMPORARY INTERNET FILES\CONTENT.IE5\9F3XHMU7\METIN2_BG3[1].JPG

failed, 00000005.

Error - 2009-05-08 13:35:19 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\PRZEMAS\USTAWIENIA LOKALNE\TEMPORARY INTERNET FILES\CONTENT.IE5\9F3XHMU7\METIN2_UNTEN2[1].JPG

failed, 00000005.

[Application Events]

Error - 2009-04-28 12:41:33 | Computer Name = PPP-6D36EB58B29 | Source = MySQL | ID = 100

Description = Event Scheduler: An error occurred when initializing system tables.

Disabling the Event Scheduler. For more information, see Help and Support Center

at http://www.mysql.com.

Error - 2009-05-02 07:38:54 | Computer Name = PPP-6D36EB58B29 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd barrefinal.exe, wersja 1.2.0.0, moduł powodujący

błąd unknown, wersja 0.0.0.0, adres błędu 0x10001e9d.

Error - 2009-05-02 13:58:07 | Computer Name = PPP-6D36EB58B29 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd barrefinal.exe, wersja 1.2.0.0, moduł powodujący

błąd unknown, wersja 0.0.0.0, adres błędu 0x10001e9d.

Error - 2009-05-03 13:23:55 | Computer Name = PPP-6D36EB58B29 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca winamp.exe, wersja 5.5.4.2147, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-05-03 13:23:55 | Computer Name = PPP-6D36EB58B29 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca winamp.exe, wersja 5.5.4.2147, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-05-05 10:58:22 | Computer Name = PPP-6D36EB58B29 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd metin2.exe, wersja 1.0.0.1, moduł powodujący

błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x0000100b.

Error - 2009-05-07 12:17:14 | Computer Name = PPP-6D36EB58B29 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 6.0.2900.5512, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-05-08 10:37:35 | Computer Name = PPP-6D36EB58B29 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd metin2.exe, wersja 1.0.0.1, moduł powodujący

błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x0000100b.

Error - 2009-05-08 11:54:07 | Computer Name = PPP-6D36EB58B29 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd barrefinal.exe, wersja 1.2.0.0, moduł powodujący

błąd unknown, wersja 0.0.0.0, adres błędu 0x10001e9d.

Error - 2009-05-08 13:35:27 | Computer Name = PPP-6D36EB58B29 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd metin2.exe, wersja 1.0.0.1, moduł powodujący

błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x0000100b.

[System Events]

Error - 2009-05-08 13:08:18 | Computer Name = PPP-6D36EB58B29 | Source = sr | ID = 1

Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'

podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało

zatrzymane monitorowanie woluminu.

Error - 2009-05-08 13:08:32 | Computer Name = PPP-6D36EB58B29 | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: PCIIde

< End of report >


(Leon$) #4

Pobierz OTListIt2: http://www.searchengines.pl/index.php?s ... =392369 przeskanuj daj log OTListIT.txt oraz Extras.txt.

:slight_smile: :slight_smile:


(Przemekb29) #5

Drugi log zamieszczam 2 posty wyzej (ograniczenia znakow i nie da sie zrobic 2 post pod rzad ^^)

OTListIt logfile created on: 2009-05-08 21:25:43 - Run 1

OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\Przemas\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511.23 Mb Total Physical Memory | 181.11 Mb Available Physical Memory | 35.43% Memory free

1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.48% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 31.25 Gb Total Space | 15.37 Gb Free Space | 49.20% Space Free | Partition Type: NTFS

Drive D: | 21.61 Gb Total Space | 1.66 Gb Free Space | 7.66% Space Free | Partition Type: FAT32

Drive E: | 21.66 Gb Total Space | 4.45 Gb Free Space | 20.56% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PPP-6D36EB58B29

Current User Name: Przemas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - 2004-08-12 16:09:28 | 00,389,120 | ---- | M -- C:\WINDOWS\system32\Ati2evxx.exe

PRC - [2008-03-29 19:11:18 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2008-03-29 19:37:02 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008-02-18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2007-07-24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2009-05-05 09:15:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - 2008-04-09 11:20:41 | 00,066,872 | ---- | M -- C:\WINDOWS\system32\PnkBstrA.exe

PRC - [2008-03-29 19:36:22 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2008-03-29 19:30:47 | 00,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - 2004-08-12 16:09:28 | 00,389,120 | ---- | M -- C:\WINDOWS\system32\Ati2evxx.exe

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2004-08-12 21:10:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

PRC - [2008-03-29 19:37:13 | 00,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-05-05 09:15:53 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2005-05-11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

PRC - [2007-08-24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2005-05-11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

PRC - [2004-06-30 16:59:24 | 00,724,992 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

PRC - [2005-05-12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

PRC - [2005-05-11 23:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

PRC - [2009-04-30 21:30:06 | 00,307,704 | R--- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-05-08 21:24:44 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Przemas\Pulpit\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008-02-18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2008-03-29 19:11:18 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - 2004-08-12 16:09:28 | 00,389,120 | ---- | M -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

SRV - 2004-08-12 21:10:00 | 00,516,096 | ---- | M -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

SRV - [2008-03-29 19:37:02 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2008-03-29 19:36:22 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

SRV - [2008-03-29 19:30:47 | 00,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - [2007-07-24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - File not found -- -- (gusvc [On_Demand | Stopped])

SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2009-05-05 09:15:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2007-08-24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

SRV - [2007-08-24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - 2004-09-29 12:14:36 | 00,069,632 | ---- | M -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])

SRV - 2008-04-09 11:20:41 | 00,066,872 | ---- | M -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

SRV - [2008-12-10 01:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache [On_Demand | Stopped])

SRV - 2008-11-15 06:53:14 | 06,447,744 | ---- | M -- c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- (wampmysqld [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008-03-29 19:26:52 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

DRV - [2008-03-29 19:35:49 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2008-03-29 19:35:21 | 00,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2008-03-29 19:29:08 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2008-03-29 19:31:34 | 00,075,856 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

DRV - [2008-03-29 19:27:33 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

DRV - [2004-08-12 16:14:46 | 00,786,944 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2004-07-27 18:06:54 | 01,258,432 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand | Running])

DRV - [2004-05-26 16:08:00 | 00,007,296 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])

DRV - [2004-03-17 16:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - 2005-03-08 06:43:25 | 00,051,120 | R--- | M -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

DRV - 2005-03-08 06:43:26 | 00,016,496 | R--- | M -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

DRV - 2005-03-08 06:43:27 | 00,021,744 | R--- | M -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

DRV - [2004-06-01 10:19:44 | 00,024,971 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid [boot | Running])

DRV - [2003-09-10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])

DRV - [2007-03-27 04:26:56 | 00,088,960 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\hmumdm.sys -- (MobileAdapter [On_Demand | Stopped])

DRV - 2004-08-13 04:56:20 | 00,005,810 | R--- | M -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])

DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - 2008-04-09 11:01:35 | 00,717,296 | ---- | M -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2006-11-04 00:45:48 | 00,178,913 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\V0260Vid.sys -- (V0260VID [On_Demand | Running])

DRV - 2004-06-16 07:14:00 | 00,180,480 | ---- | M -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU.DEFAULT.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-838170752-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

IE - HKU\S-1-5-21-343818398-838170752-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKU\S-1-5-21-343818398-838170752-839522115-1004\S-1-5-21-343818398-838170752-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-838170752-839522115-1004\S-1-5-21-343818398-838170752-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2

FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:0.8

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.8

FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090428

FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:2.95

FF - HKLM\software\mozilla\Firefox\extensions\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-05-05 09:15:54 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-02 21:58:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-05 09:16:07 | 00,000,000 | ---D | M]

[2009-05-02 21:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Extensions

[2009-05-02 21:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-05-02 21:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Firefox\Profiles\q7p025zy.default\extensions

[2009-05-08 18:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Firefox\Profiles\qxaqa0wa.default\extensions

[2009-05-02 22:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Firefox\Profiles\qxaqa0wa.default\extensions{2458abc0-f443-11dd-87af-0800200c9a66}

[2008-12-24 22:35:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Firefox\Profiles\qxaqa0wa.default\extensions{5c8bfb7c-9a54-11dc-8314-0800200c9a66}

[2009-05-02 21:49:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Firefox\Profiles\qxaqa0wa.default\extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009-05-02 09:04:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Firefox\Profiles\qxaqa0wa.default\extensions{de5809e0-2b07-11dd-bd0b-0800200c9a66}

[2009-05-02 09:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Firefox\Profiles\qxaqa0wa.default\extensions\nasanightlaunch@example.com

[2009-05-02 22:07:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Przemas\Dane aplikacji\mozilla\Firefox\Profiles\qxaqa0wa.default\extensions\redshift_V2@shift-themes.com

2008-04-09 11:04:30 | 00,002,921 | ---- | M -- C:\Documents and Settings\Przemas\Dane aplikacji\Mozilla\FireFox\Profiles\qxaqa0wa.default\searchplugins\daemon-search.xml

[2009-05-08 18:32:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-04-30 21:30:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008-08-05 09:45:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009-05-05 09:16:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-04-30 21:30:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-04-30 21:30:05 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

2008-12-17 18:21:37 | 00,000,896 | ---- | M -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

2008-12-17 18:21:37 | 00,001,406 | ---- | M -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

2008-12-17 18:21:37 | 00,001,706 | ---- | M -- C:\Program Files\mozilla firefox\searchplugins\google.xml

2008-12-17 18:21:37 | 00,000,917 | ---- | M -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

2008-12-17 18:21:37 | 00,000,858 | ---- | M -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

2008-12-17 18:21:37 | 00,001,183 | ---- | M -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

2008-12-17 18:21:37 | 00,001,683 | ---- | M -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (161317 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 abcsearch.com

O1 - Hosts: 127.0.0.1 admin.abcsearch.com

O1 - Hosts: 127.0.0.1 www3.abcsearch.com #[browseraid]

O1 - Hosts: 127.0.0.1 http://www.abcsearch.com

O1 - Hosts: 127.0.0.1 abc517.net #[Trojan.Mitglieder.H]

O1 - Hosts: 127.0.0.1 acestats.com

O1 - Hosts: 127.0.0.1 http://www.acestats.com

O1 - Hosts: 127.0.0.1 actualnames.com #[Parasite.ActualNames]

O1 - Hosts: 127.0.0.1 http://www.actualnames.com

O1 - Hosts: 127.0.0.1 ad-up.com

O1 - Hosts: 127.0.0.1 http://www.ad-up.com

O1 - Hosts: 127.0.0.1 adatom.com

O1 - Hosts: 127.0.0.1 aesp.adatom.com

O1 - Hosts: 127.0.0.1 adbest.com

O1 - Hosts: 127.0.0.1 adserv.adbonus.com

O1 - Hosts: 127.0.0.1 http://www.adbonus.com

O1 - Hosts: 127.0.0.1 http://www.adblaster2.info #[Restricted Zone site]

O1 - Hosts: 127.0.0.1 ad2.adcept.net

O1 - Hosts: 127.0.0.1 ad3.adcept.net

O1 - Hosts: 127.0.0.1 http://www.adcept.net

O1 - Hosts: 127.0.0.1 adcomplete.com

O1 - Hosts: 127.0.0.1 http://www.adcomplete.com

O1 - Hosts: 127.0.0.1 http://www.adcopy.info

O1 - Hosts: 127.0.0.1 ads.adcorps.com

O1 - Hosts: 4671 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File not found

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe (Integrated Technology Express, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-343818398-838170752-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-343818398-838170752-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-343818398-838170752-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-343818398-838170752-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll ()

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - 2008-04-07 21:17:01 | 00,000,000 | ---- | M - C:\AUTOEXEC.BAT -- [NTFS]

O33 - MountPoints2{ee8665c0-a113-11dd-8ba4-0011d85c3f90}\Shell - "" = AutoRun

O33 - MountPoints2{ee8665c0-a113-11dd-8ba4-0011d85c3f90}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32*.tmp files]

[2009-05-08 21:24:39 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Przemas\Pulpit\OTListIt2.exe

2009-05-08 20:48:48 | 00,000,618 | ---- | C -- C:\Documents and Settings\Przemas\Pulpit\Play Quake III Arena.lnk

[2009-05-08 20:48:17 | 00,000,000 | ---D | C] -- C:\Program Files\Mplayer

2009-05-08 20:43:26 | 00,000,777 | ---- | C -- C:\WINDOWS\QIII.INI

2009-05-08 18:27:25 | 00,360,021 | ---- | C -- C:\Documents and Settings\Przemas\Pulpit\dds.scr

2009-05-08 18:27:14 | 00,360,021 | ---- | C -- C:\Documents and Settings\Przemas\Pulpit\dds.pif

[2009-05-08 18:20:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemas\Dane aplikacji\Malwarebytes

2009-05-08 18:20:26 | 00,000,696 | ---- | C -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-05-08 18:20:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-05-08 18:20:23 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-05-08 18:20:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-05-08 18:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

2009-05-07 20:25:17 | 00,001,734 | ---- | C -- C:\Documents and Settings\Przemas\Pulpit\HijackThis.lnk

[2009-05-07 20:25:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

2009-05-06 08:02:42 | 00,000,260 | ---- | C -- C:\WINDOWS\tasks\WGASetup.job

[2009-05-06 08:02:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474

2009-05-05 09:19:12 | 03,686,454 | ---- | C -- C:\Documents and Settings\Przemas\Pulpit\log.bmp

[2009-05-02 21:58:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemas\Dane aplikacji\Mozilla

2009-04-27 20:04:54 | 00,000,208 | ---- | C -- C:\Documents and Settings\Przemas\Pulpit\CMI Audio Config.lnk

[2009-04-26 11:10:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemas\Dane aplikacji\Nowe Gadu-Gadu

[2009-04-26 11:09:22 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu

2009-04-20 18:43:19 | 00,001,176 | ---- | C -- C:\WINDOWS\ImpTable.bin

2009-04-16 20:34:08 | 00,030,700 | ---- | C -- C:\Documents and Settings\All Users\Dokumenty\Scenariusz Zak. KL VI.docx

[2009-04-16 10:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemas\Pulpit\dom2

[2009-04-15 18:52:07 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe

[2009-04-15 18:52:06 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll

[2009-04-15 18:52:06 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll

[2009-04-15 18:52:06 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe

[2009-04-15 18:52:05 | 00,686,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll

[2009-04-15 18:52:05 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll

[2009-04-15 18:52:03 | 00,731,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll

[2009-04-15 18:52:03 | 00,722,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll

[2009-04-15 18:52:03 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll

2009-04-15 18:46:32 | 01,203,922 | ---- | C -- C:\WINDOWS\System32\dllcache\sysmain.sdb

[2009-04-15 18:46:31 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe

2009-04-09 10:12:50 | 00,019,903 | ---- | C -- C:\Documents and Settings\Przemas\Pulpit\dietaLekkostrawna.pdf

2009-01-07 21:03:24 | 00,000,884 | ---- | C -- C:\WINDOWS\SOFPLAT.ini

2008-04-13 17:39:04 | 00,138,280 | ---- | C -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

2008-04-09 15:19:29 | 00,000,049 | ---- | C -- C:\WINDOWS\NeroDigital.ini

2008-04-09 11:01:35 | 00,717,296 | ---- | C -- C:\WINDOWS\System32\drivers\sptd.sys

2008-04-08 19:44:38 | 00,000,526 | ---- | C -- C:\WINDOWS\ODBC.INI

2008-04-07 21:30:55 | 00,122,880 | ---- | C -- C:\WINDOWS\System32\cddvdint.dll

2008-04-07 21:26:27 | 00,028,672 | R--- | C -- C:\WINDOWS\System32\cmirmdrv.dll

2008-04-07 21:26:23 | 00,003,407 | R--- | C -- C:\WINDOWS\cmudax.ini

2008-04-07 21:24:01 | 00,005,810 | R--- | C -- C:\WINDOWS\System32\drivers\ASACPI.sys

2008-04-07 21:23:57 | 00,002,812 | ---- | C -- C:\WINDOWS\Ascd_tmp.ini

2008-04-07 21:23:55 | 00,005,824 | ---- | C -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

2008-04-07 21:22:53 | 00,151,552 | R--- | C -- C:\WINDOWS\System32\ATIDEMGR.dll

2005-10-31 21:28:22 | 00,069,632 | ---- | C -- C:\WINDOWS\System32\MobOlExt.dll

2004-08-12 16:10:50 | 00,086,016 | ---- | C -- C:\WINDOWS\System32\ati2evxx.dll

2001-07-21 22:16:20 | 00,000,679 | ---- | C -- C:\WINDOWS\win.ini

2001-07-21 22:15:52 | 00,000,435 | ---- | C -- C:\WINDOWS\system.ini

2001-07-06 15:30:02 | 00,003,234 | ---- | C -- C:\WINDOWS\System32\HPTCPMON.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32*.tmp files]

[4 C:\WINDOWS*.tmp files]

[2009-05-08 21:24:44 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Przemas\Pulpit\OTListIt2.exe

2009-05-08 20:48:48 | 00,000,618 | ---- | M -- C:\Documents and Settings\Przemas\Pulpit\Play Quake III Arena.lnk

2009-05-08 20:48:21 | 00,000,777 | ---- | M -- C:\WINDOWS\QIII.INI

2009-05-08 20:36:29 | 00,000,260 | ---- | M -- C:\WINDOWS\tasks\WGASetup.job

2009-05-08 20:36:21 | 00,000,062 | -HS- | M -- C:\Documents and Settings\Przemas\Ustawienia lokalne\desktop.ini

2009-05-08 20:35:41 | 00,000,006 | -H-- | M -- C:\WINDOWS\tasks\SA.DAT

2009-05-08 20:35:30 | 00,002,048 | --S- | M -- C:\WINDOWS\bootstat.dat

2009-05-08 18:48:01 | 00,360,021 | ---- | M -- C:\Documents and Settings\Przemas\Pulpit\dds.pif

2009-05-08 18:47:51 | 00,360,021 | ---- | M -- C:\Documents and Settings\Przemas\Pulpit\dds.scr

2009-05-08 18:45:06 | 00,000,435 | ---- | M -- C:\WINDOWS\system.ini

2009-05-08 18:20:26 | 00,000,696 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

2009-05-07 20:25:17 | 00,001,734 | ---- | M -- C:\Documents and Settings\Przemas\Pulpit\HijackThis.lnk

2009-05-07 19:48:04 | 00,001,891 | ---- | M -- C:\WINDOWS\imsins.BAK

2009-05-05 09:53:35 | 00,000,049 | ---- | M -- C:\WINDOWS\NeroDigital.ini

2009-05-05 09:19:13 | 03,686,454 | ---- | M -- C:\Documents and Settings\Przemas\Pulpit\log.bmp

2009-05-02 21:50:56 | 00,012,800 | -HS- | M -- C:\Documents and Settings\Przemas\Pulpit\Thumbs.db

2009-05-01 09:30:17 | 00,000,318 | ---- | M -- C:\WINDOWS\System\cmicnfg.ini

2009-04-30 09:14:19 | 00,013,329 | ---- | M -- C:\Documents and Settings\Przemas\Pulpit\Nowy Dokument programu Microsoft Office Word.docx

2009-04-27 20:04:54 | 00,000,208 | ---- | M -- C:\Documents and Settings\Przemas\Pulpit\CMI Audio Config.lnk

2009-04-27 18:42:07 | 00,000,284 | ---- | M -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2009-04-20 18:43:19 | 00,001,176 | ---- | M -- C:\WINDOWS\ImpTable.bin

2009-04-16 21:27:49 | 00,002,259 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

2009-04-16 20:34:08 | 00,030,700 | ---- | M -- C:\Documents and Settings\All Users\Dokumenty\Scenariusz Zak. KL VI.docx

2009-04-16 20:04:53 | 00,772,674 | ---- | M -- C:\WINDOWS\System32\PerfStringBackup.INI

2009-04-16 20:04:53 | 00,359,178 | ---- | M -- C:\WINDOWS\System32\perfh015.dat

2009-04-16 20:04:53 | 00,314,644 | ---- | M -- C:\WINDOWS\System32\perfh009.dat

2009-04-16 20:04:53 | 00,050,968 | ---- | M -- C:\WINDOWS\System32\perfc015.dat

2009-04-16 20:04:53 | 00,040,972 | ---- | M -- C:\WINDOWS\System32\perfc009.dat

2009-04-12 19:44:36 | 00,002,206 | ---- | M -- C:\WINDOWS\System32\wpa.dbl

2009-04-09 10:12:50 | 00,019,903 | ---- | M -- C:\Documents and Settings\Przemas\Pulpit\dietaLekkostrawna.pdf

< End of report >

:x :x :x


(Leon$) #6

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

otwórz plik C:\WINDOWS\System32\drivers\etc\Hosts

i usuń podane wpisy

przeskanuj

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2 ... It!+4.44.5

:slight_smile: