Komendy w "uruchom" nie dzialaja?

WhoNext · 8 Maj 2009 15:28

Otoz od jakiegos czasu mam problem. Nie moge wejsc do rejestru nie dzialaja komendy w “uruchom” jak np. cmd.exe. (pojawia sie pusty pulpit i pochwili wraca do poprzedniej formy). Prawdopodobnie wbil mi sie jakis “syf” na komputer.

Log z hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:27:58, on 2009-05-08

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: RAID Manager.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

–

End of file - 8211 bytes

Licze na waszą pomoc.

Leon1 · 8 Maj 2009 16:03

Zastosuj Malwarebytes’ Anti-Malware http://cybertrash.pl/Tata/MBAM/Malwarebytes_%20Anti-Malware.html pełny skan - jak coś znajdzie to usuń zaznaczone - pokaż log

Pobierz DDS http://www.searchengines.pl/index.php?s … ntry392369 przeskanuj daj log DDS.txt i Attach.txt

WhoNext · 8 Maj 2009 17:17

Ok. a wiec:

Przeskanowalem 1 programem i znalazlo 2 zainfekowane - dalem usun zaznaczone. Pojawila sie informacja ze potrzebny bedzie restart, wiec sie zgodzilem…

log:

Malwarebytes’ Anti-Malware 1.36

Wersja bazy definicji: 1945

Windows 5.1.2600 Dodatek Service Pack 3

2009-05-08 19:05:51

mbam-log-2009-05-08 (19-05-51).txt

Typ skanowania: Pełne skanowanie (C:|D:|E:|)

Przeskanowane obiekty: 172199

Upłynęło: 41 minute(s), 53 second(s)

Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 0

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 1

Zainfekowane foldery: 0

Zainfekowane pliki: 1

Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:

(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowane foldery:

(Nie wykryto groźnych plików)

Zainfekowane pliki:

C:\WINDOWS\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.

Jesli chodzi o drugi plik to pobralem pliki dds.pif oraz dds.scr probowalem je odpalic lecz pojawialo sie czarne okienko i natychmiast znikalo… nadal wystepuje problem z dostepem do rejestru i komendami w uruchom.

2 log:

OTListIt Extras logfile created on: 2009-05-08 21:25:43 - Run 1

OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\Przemas\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511.23 Mb Total Physical Memory | 181.11 Mb Available Physical Memory | 35.43% Memory free

1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.48% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 31.25 Gb Total Space | 15.37 Gb Free Space | 49.20% Space Free | Partition Type: NTFS

Drive D: | 21.61 Gb Total Space | 1.66 Gb Free Space | 7.66% Space Free | Partition Type: FAT32

Drive E: | 21.66 Gb Total Space | 4.45 Gb Free Space | 20.56% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PPP-6D36EB58B29

Current User Name: Przemas

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

“FirstRunDisabled” = 1

“AntiVirusDisableNotify” = 0

“FirewallDisableNotify” = 0

“UpdatesDisableNotify” = 0

“AntiVirusOverride” = 1

“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

“EnableFirewall” = 1

“DoNotAllowExceptions” = 0

“DisableNotifications” = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

“8461:TCP” = 8461:TCP:*:Enabled:GoD High Port

“8462:TCP” = 8462:TCP:*:Enabled:GoD Low Port

“1900:UDP” = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

“2869:TCP” = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) – %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-01-15 17:09:02 | 06,290,944 | ---- | M] (o2.pl Sp. z o.o.) – C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl

[2007-12-27 17:45:36 | 00,864,313 | ---- | M] () – E:\Gry\Quake 3 demo\quake3.exe:*:Enabled:quake3

[2006-05-08 09:37:00 | 01,286,144 | ---- | M] () – E:\Gry\Enemy territory\ET.exe:*:Enabled:ET

[2005-03-10 15:00:26 | 01,286,144 | ---- | M] () – E:\Gry\Enemy territory\ET+set com_hunkMegs 256.exe:*:Enabled:ET+set com_hunkMegs 256

[2005-05-11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

[2005-05-12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe

[2005-05-24 02:17:46 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

[2005-05-24 02:18:00 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

[2005-05-24 02:13:32 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe

[2005-05-12 10:06:08 | 00,200,704 | ---- | M] () – C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

[2005-05-12 07:28:02 | 01,081,344 | ---- | M] (Hewlett-Packard) – C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

[2005-05-24 02:42:00 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe

[2005-05-12 08:34:58 | 00,151,635 | ---- | M] (Hewlett-Packard) – C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe

[2005-05-24 02:18:52 | 00,458,752 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

[2005-03-15 15:12:10 | 00,417,792 | ---- | M] () – C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe

[2005-03-15 15:17:50 | 00,704,512 | ---- | M] ( ) – C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe

[2005-05-24 02:34:36 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe

[2006-05-08 09:37:00 | 00,581,632 | ---- | M] () – E:\Gry\Enemy territory\ETDED.exe:*:Enabled:ETDED

File not found – E:\Ares\Ares.exe:*:Enabled:Ares p2p for windows

File not found – C:\Program Files\eMule\emule.exe:*:Enabled:eMule

[2003-11-14 03:34:06 | 00,389,120 | ---- | M] (Valve) – E:\Gry\C.S 1.6\hlds.exe:*:Enabled:HLDS Launcher

[2008-04-14 19:21:19 | 00,093,184 | ---- | M] (Microsoft Corporation) – C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer

[2007-07-24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) – C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008-08-02 20:51:12 | 00,081,920 | ---- | M] (Valve) – E:\Gry\C.S 1.6\hl.exe:*:Enabled:Half-Life Launcher

File not found – C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows

File not found – C:\Program Files\Zeus\giFT\giftl.exe:*:Enabled:giFT Loader for KCeasy (http://www.kceasy.com)

File not found – E:\Kazaa\Kazaa Lite Rewolucja\kazaalite.kpp:*:Enabled:kazaalite

[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) – %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found – E:\Gry\Secret service\Bin\ss.exe:*:Disabled:ss

[2009-03-16 11:15:28 | 00,812,544 | ---- | M] () – E:\Gry\Metin 2\metin2.bin:*:Enabled:metin2

[2007-09-06 18:01:10 | 12,836,728 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007-08-29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2007-08-28 23:43:30 | 01,022,840 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2000-04-30 02:08:02 | 01,577,005 | ---- | M] (Rainbow Multimedia Group, Inc) – E:\Gry\Motocross Madness 2\MCM2.ICD:*:Enabled:Microsoft® Motocross Madness 2

[2001-07-07 10:45:32 | 01,441,792 | ---- | M] (Raven Software) – E:\Gry\Soldier of Fortune\SoF.exe:*:Enabled:SoF

File not found – C:\Documents and Settings\Przemas\Pulpit\Metin 2\Metin.exe:*:Enabled:Metin

File not found – C:\Documents and Settings\Przemas\Pulpit\Metin 2\metin2.bin:*:Enabled:metin2

[2002-08-23 00:24:02 | 01,799,168 | ---- | M] (mIRC Co. Ltd.) – E:\mirc\mirc.exe:*:Enabled:mIRC

[2003-11-14 03:34:06 | 00,221,184 | ---- | M] (Valve) – E:\Gry\C.S 1.6\hltv.exe:*:Enabled:HLTV Launcher

[2008-06-10 16:29:05 | 02,719,744 | R— | M] () – E:\Gry\Stronghold Crusader\Stronghold Crusader.exe:*:Disabled:Stronghold Crusader

[2008-12-10 01:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) – C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server

[2008-02-06 18:37:52 | 21,898,024 | R— | M] (Skype Technologies S.A.) – C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath

[2009-04-20 16:56:20 | 09,818,728 | ---- | M] (GG Network S.A.) – C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu

[1999-11-24 02:02:54 | 00,864,313 | ---- | M] () – E:\Gry\Q3 arena\quake3.exe:*:Enabled:quake3

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}” = CP_Package_Variety1

“{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}” = Destinations

“{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}” = AiO_Scan

“{0BEDBD4E-2D34-47B5-9973-57E62B29307C}” = ATI Control Panel

“{13B792AA-C078-43A4-8A3A-8B12D629940D}” = Counter-Strike 1.6

“{15EE79F4-4ED1-4267-9B0F-351009325D7D}” = HP Software Update

“{18455581-E099-4BA8-BC6B-F34B2F06600C}” = Google Toolbar for Internet Explorer

“{1B399A41-C1D0-40A2-9E4F-095868EFAF01}” = InterVideo WinDVD 5

“{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}” = CP_Package_Variety3

“{2315B23D-3E21-4920-837D-AE6460934ECB}” = FIFA 09

“{26A24AE4-039D-4CA4-87B4-2F83216013FF}” = Java 6 Update 13

“{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}” = Unload

“{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}” = TrayApp

“{3248F0A8-6813-11D6-A77B-00B0D0160050}” = Java 6 Update 5

“{3248F0A8-6813-11D6-A77B-00B0D0160070}” = Java 6 Update 7

“{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP

“{44734179-8A79-4DEE-BB08-73037F065543}” = Obsługa urządzeń mobilnych Apple

“{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}” = Bonjour

“{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}” = SpPhones

“{54E3707F-808E-4fd4-95C9-15D1AB077E5D}” = NewCopy

“{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}” = Sp5

“{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}” = WebReg

“{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}” = HP PSC & OfficeJet 5.3.B

“{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}” = Skype™ 3.6

“{65248369-7CB9-43A9-82C8-C438AE04DED4}” = 1500

“{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}” = eSupportQFolder

“{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update

“{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}” = Windows Media Player Firefox Plugin

“{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}” = DocProc

“{6C3959C6-943E-44B3-BAAD-570B04B134E5}” = SpCommon

“{7299052b-02a4-4627-81f2-1818da5d550d}” = Microsoft Visual C++ 2005 Redistributable

“{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}” = AiOSoftware

“{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}” = Camtasia Studio 5

“{7C9B95B7-B598-4398-B30F-7F6827192E6C}” = ProductContext

“{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}” = 1500_Help

“{90120000-0010-0415-0000-0000000FF1CE}” = Microsoft Software Update for Web Folders (Polish) 12

“{90120000-0015-0415-0000-0000000FF1CE}” = Microsoft Office Access MUI (Polish) 2007

“{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-0016-0415-0000-0000000FF1CE}” = Microsoft Office Excel MUI (Polish) 2007

“{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-0018-0415-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (Polish) 2007

“{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-0019-0415-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (Polish) 2007

“{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-001A-0415-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (Polish) 2007

“{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-001B-0415-0000-0000000FF1CE}” = Microsoft Office Word MUI (Polish) 2007

“{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2007

“{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007

“{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-001F-0415-0000-0000000FF1CE}” = Microsoft Office Proof (Polish) 2007

“{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{2D1F88C2-ADAE-47C4-8648-6EA8F7E6EB2D}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-002C-0415-0000-0000000FF1CE}” = Microsoft Office Proofing (Polish) 2007

“{90120000-0030-0000-0000-0000000FF1CE}” = Microsoft Office Enterprise 2007

“{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-0044-0415-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (Polish) 2007

“{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-006E-0415-0000-0000000FF1CE}” = Microsoft Office Shared MUI (Polish) 2007

“{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{94A4609B-0414-4427-81F3-0FD282A2D0D3}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-00A1-0415-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (Polish) 2007

“{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{90120000-00BA-0415-0000-0000000FF1CE}” = Microsoft Office Groove MUI (Polish) 2007

“{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)

“{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}” = Readme

“{A195B13E-A5E3-4BAF-A995-7F70F445CD06}” = ScannerCopy

“{AB5D51AE-EBC3-438D-872C-705C7C2084B0}” = DeviceManagementQFolder

“{AC76BA86-7AD7-1033-7B44-A71000000002}” = Adobe Reader 7.1.0

“{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}” = CP_Package_Variety2

“{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}” = BufferChm

“{C506A18C-1469-4678-B094-F4EC9DAE6DB7}” = Scan

“{C950420B-4182-49EA-850A-A6A2ABF06C6B}” = Marvell Miniport Driver

“{CBA30674-A242-4531-82B5-586B31F90E04}” = 1500Trb

“{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}” = Fax

“{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}” = GTA San Andreas

“{E3F90083-80D4-4b5a-87C7-E97E12F5516D}” = HPProductAssistant

“{E415C943-37E5-473F-8BAE-043C56734124}” = Sp5TTInt

“{EA103B64-C0E4-4C0E-A506-751590E1653D}” = SolutionCenter

“{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}” = InterVideo Disc Master 2

“{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}” = Status

“{F5346614-B7C4-4E94-826A-E2363155233D}” = EasyCleaner

“{FB132F09-DCF1-46EA-AE92-F8B42AB7BAD4}” = Stunt GP

“{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}” = ITE IT8212 ATA RAID Controller

“{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}” = Sp5Intl

“{FE64AE29-0883-4C70-8388-DC026019C900}” = HP Image Zone Express

“7-Zip” = 7-Zip 4.58 alpha 9

“Adobe Flash Player ActiveX” = Adobe Flash Player ActiveX

“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin

“Adobe Shockwave Player” = Adobe Shockwave Player

“All ATI Software” = Narzędzie Software Uninstall Utility firmy ATI

“Asystent Plusfon 401i_is1” = Asystent Plusfon 401i V1.6.12

“ATI Display Driver” = ATI Display Driver

“avast!” = avast! Antivirus

“C-Media Audio Driver” = C-Media High Definition Audio Driver

“Creative Live! Cam Vista IM User’s Guide English” = Creative Live! Cam Vista IM User’s Guide (English)

“Creative Software AutoUpdate” = Creative Software AutoUpdate

“Creative VF0260” = Creative Live! Cam Vista IM Driver (1.01.03.1104)

“Creative WebCam Center” = Creative WebCam Center

“CTDVDAudio Plugin” = Creative DVD Audio Plugin for Audigy Series

“Deluxe Ski Jump 3_is1” = Deluxe Ski Jump 3 v1.3.1 Komputer ŚWIAT Extra 4/2005 Cover CD E

“DrTweakXP” = DoctorTweak XP v1.75

“ENTERPRISE” = Microsoft Office Enterprise 2007

“HijackThis” = HijackThis 2.0.2

“HP Imaging Device Functions” = HP Imaging Device Functions 5.3

“HP Solution Center & Imaging Support Tools” = HP Solution Center & Imaging Support Tools 5.3

“IVONA - syntezator mowy, wersja rehabilitacyjna” = IVONA - syntezator mowy, wersja rehabilitacyjna

“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware

“mIRC” = mIRC

“Motocross Madness 2” = Microsoft Motocross Madness 2

“Mozilla Firefox (3.0.10)” = Mozilla Firefox (3.0.10)

“Nero - Burning Rom!UninstallKey” = Nero OEM

“NeroVision!UninstallKey” = NeroVision Express 2

“Niezbędnik CD_is1” = Niezbędnik CD

“NMPUninstallKey” = Nero Media Player

“Nowe Gadu-Gadu” = Nowe Gadu-Gadu

“PhotoScape” = PhotoScape

“Quake III Arena” = Quake III Arena

“Sjboy_is1” = Sjboy Beta4

“Smart Defrag_is1” = Smart Defrag 1.02

“Soldier of Fortune Platinum” = Soldier of Fortune Platinum

“SysInfo” = Creative System Information

“Teamspeak 2 RC2_is1” = TeamSpeak 2 RC2

“Tlen.pl” = Tlen.pl

“WampServer 2_is1” = WampServer 2.0

“Winamp” = Winamp

“Windows XP Service Pack” = Windows XP Service Pack 3

“WinGimp-2.0_is1” = GIMP 2.4.7

========== Last 10 Event Log Errors ==========

[Antivirus Events]

Error - 2009-05-06 07:52:56 | Computer Name = PPP-6D36EB58B29 | Source = avast! | ID = 33554522