braviax.exe juz usuniety teraz tak na prosbe dwa loga z dss :).
Deckard's System Scanner v20071014.68
Run by Michal on 2008-06-13 21:45:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
22: 2008-06-13 19:45:07 UTC - RP52 - Deckard's System Scanner Restore Point
21: 2008-06-13 09:39:10 UTC - RP51 - ComboFix created restore point
20: 2008-06-12 15:42:05 UTC - RP50 - Installed Python
19: 2008-06-12 15:41:52 UTC - RP49 - Installed Applet_App
18: 2008-06-12 15:41:45 UTC - RP48 - Installed Applet_Email
-- First Restore Point --
1: 2008-06-04 11:59:45 UTC - RP31 - Punkt kontrolny systemu
Backed up registry hives.
Performed disk cleanup.
[color=red]Percentage of Memory in Use: 77% (more than 75%).[/color]
[color=red]Total Physical Memory: 384 MiB (512 MiB recommended).[/color]
-- HijackThis (run as Michal.exe) ----------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-13 21:45:30
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\services.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Documents and Settings\Michal\Pulpit\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [msm] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 3061 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\Michal\Pulpit\backups\) ---------------
backup-20080613-123643-108 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
backup-20080613-123643-191 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080613-123724-100 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080613-123724-115 O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
backup-20080613-123724-130 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
backup-20080613-123724-180 O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
backup-20080613-123724-252 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
backup-20080613-123724-284 O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
backup-20080613-123724-328 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm022YYPL
backup-20080613-123724-346 O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
backup-20080613-123724-365 O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
backup-20080613-123724-411 O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
backup-20080613-123724-429 O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
backup-20080613-123724-433 O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
backup-20080613-123724-439 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080613-123724-441 O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
backup-20080613-123724-461 O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
backup-20080613-123724-481 O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe
backup-20080613-123724-545 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
backup-20080613-123724-592 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
backup-20080613-123724-613 O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
backup-20080613-123724-647 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
backup-20080613-123724-653 O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
backup-20080613-123724-705 O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
backup-20080613-123724-714 O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
backup-20080613-123724-769 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
backup-20080613-123724-786 O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
backup-20080613-123724-812 O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
backup-20080613-123724-848 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
backup-20080613-123724-855 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20080613-123724-871 O4 - Global Startup: qkpj.exe
backup-20080613-123724-999 O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
backup-20080613-123725-716 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab
backup-20080613-123725-941 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080613-123725-965 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20080613-123726-330 O17 - HKLM\System\CCS\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164
backup-20080613-123726-384 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
backup-20080613-123726-717 O17 - HKLM\System\CS1\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164
backup-20080613-123726-726 O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
backup-20080613-123726-775 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080613-123726-978 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 e4usbaw (USB ADSL2 WAN Adapter) - c:\windows\system32\drivers\e4usbaw.sys
S2 IKANLOADER2 (General Purpose USB Driver (e4ldr.sys)) - c:\windows\system32\drivers\e4ldr.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe"
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-05-13 and 2008-06-13 -----------------------------
2008-06-13 14:09:23 33856 --a------ C:\WINDOWS\system32\drivers\services.exe
2008-06-13 13:38:13 0 d-------- C:\Program Files\Lavasoft
2008-06-13 13:30:46 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-13 13:30:46 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-13 13:30:46 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-13 13:30:46 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-13 13:30:46 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-13 13:30:45 0 d-------- C:\Program Files\Trojan Remover
2008-06-13 12:01:35 6656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-06-13 11:55:17 0 d-------- C:\ComboFi
2008-06-13 11:45:59 0 d--hs---- C:\WINDOWS\system32\dllcache
2008-06-13 11:44:50 53248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-06-13 11:38:36 68096 --a------ C:\WINDOWS\zip.exe
2008-06-13 11:38:36 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-13 11:38:36 212480 --a------ C:\WINDOWS\swxcacls.exe
2008-06-13 11:38:36 136704 --a------ C:\WINDOWS\swsc.exe
2008-06-13 11:38:36 161792 --a------ C:\WINDOWS\swreg.exe
2008-06-13 11:38:36 98816 --a------ C:\WINDOWS\sed.exe
2008-06-13 11:38:36 80412 --a------ C:\WINDOWS\grep.exe
2008-06-13 11:38:36 89504 --a------ C:\WINDOWS\fdsv.exe
2008-06-13 11:36:19 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-13 11:06:40 0 d--hs---- C:\WINDOWS\system32\wsnpoem
2008-06-12 17:43:06 163840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2008-06-12 17:42:33 212480 --a------ C:\WINDOWS\pcdlib32.dll
2008-06-12 17:42:33 0 d-------- C:\Program Files\ArcSoft
2008-06-12 17:42:07 57344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2008-06-12 17:42:07 290919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2008-06-12 17:42:07 708696 --a------ C:\WINDOWS\system32\python21.dll
2008-06-12 17:42:05 0 d-------- C:\Program Files\Common Files\Python
2008-06-12 17:39:46 96768 --a------ C:\WINDOWS\SlantAdj.dll
2008-06-12 17:39:46 3136 --a------ C:\WINDOWS\Ade001.bin
2008-06-12 17:39:46 73216 --a------ C:\WINDOWS\ADE.DLL
2008-06-12 17:39:10 0 d-------- C:\Program Files\EPSON
2008-06-12 17:38:26 0 d-------- C:\EPSON
2008-06-08 20:34:32 107966 -r-hs---- C:\qa8sywva.cmd
2008-06-08 00:19:44 0 d-------- C:\Program Files\MarBit
2008-06-07 19:28:01 0 d-------- C:\Program Files\Tibia
2008-06-07 18:49:24 0 d-------- C:\Program Files\Asprate
2008-05-25 14:12:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-21 10:58:01 106582 -r-hs---- C:\tfk8.exe
2008-05-20 16:58:09 198144 -----n--- C:\WINDOWS\system32\_psisdecd.dll
2008-05-20 16:57:59 44544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-05-20 16:55:02 0 d-------- C:\Program Files\CyberLink
2008-05-20 16:54:36 0 d-------- C:\Program Files\Digital Photo Navigator 1.5
2008-05-16 22:23:23 0 d-------- C:\Program Files\sXe Injected
2008-05-16 14:06:24 0 d-------- C:\WINDOWS\Cache
2008-05-16 13:59:15 0 d-------- C:\WINDOWS\Profiles
2008-05-16 13:59:13 0 d-------- C:\WINDOWS\system32\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-06-13 21:45:26 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Avant Browser
2008-06-13 18:51:31 0 d-------- C:\Program Files\foobar2000
2008-06-13 13:41:11 0 d-------- C:\Program Files\AutoConnect
2008-06-13 13:38:19 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Lavasoft
2008-06-13 13:30:45 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Simply Super Software
2008-06-12 17:54:54 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\gtk-2.0
2008-06-12 17:46:17 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\ArcSoft
2008-06-12 17:42:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 17:42:05 0 d-------- C:\Program Files\Common Files
2008-06-07 22:17:31 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Tibia
2008-05-25 12:58:54 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Winamp
2008-05-23 14:55:47 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Ahead
2008-05-20 17:21:05 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\CyberLink
2008-05-16 14:08:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-16 13:59:13 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\InterTrust
2008-05-16 13:59:13 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Adobe
2008-05-16 11:13:26 0 d-------- C:\Program Files\Avant Browser
2008-05-14 22:35:28 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Avant Profiles
2008-05-14 11:22:37 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Media Player Classic
2008-05-11 12:51:15 0 d-------- C:\Program Files\VirtualNetwork
2008-05-10 10:52:49 0 d-------- C:\Program Files\Common Files\Nero
2008-05-10 10:51:30 0 d-------- C:\Program Files\Ahead
2008-05-10 10:51:18 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-02 21:36:11 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Samsung
2008-05-02 19:38:59 355486 --a------ C:\WINDOWS\system32\perfh015.dat
2008-05-02 19:38:59 49492 --a------ C:\WINDOWS\system32\perfc015.dat
2008-05-02 18:59:52 0 d-------- C:\Program Files\Samsung
2008-04-28 14:42:14 104269 -r-hs---- C:\jfvkcsy.bat
2008-04-27 20:04:40 105128 -r-hs---- C:\oq.cmd
2008-04-26 14:43:09 103457 -r-hs---- C:\0n.bat
2008-04-26 09:39:30 0 d-------- C:\Program Files\BearShare
2008-04-25 22:59:47 0 d-------- C:\Program Files\Damian Pasternak
2008-04-25 22:56:19 0 d-------- C:\Program Files\Winamp
2008-04-25 22:55:05 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\foobar2000
2008-04-25 22:10:32 0 d-------- C:\Program Files\Tasker
2008-04-25 21:46:49 0 d-------- C:\Program Files\DVD Shrink
2008-04-25 12:10:14 104161 -r-hs---- C:\1dg.exe
2008-04-24 20:59:30 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-24 20:21:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-24 19:39:26 102822 -r-hs---- C:\lkxcqdb.bat
2008-04-24 15:39:53 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-24 15:39:50 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-24 15:39:17 62 --ahs---- C:\Documents and Settings\Michal\Dane aplikacji\desktop.ini
2008-04-24 14:56:15 0 d-------- C:\Program Files\SAGEM
2008-04-24 14:55:33 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Macromedia
2008-04-24 14:43:55 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Identities
2008-04-24 14:27:06 0 d-------- C:\Program Files\GIMP-2.0
2008-04-24 14:18:08 0 d-------- C:\Program Files\Gadu-Gadu
2008-04-24 14:12:36 0 d-------- C:\Program Files\C-Media 3D Audio
2008-04-24 14:11:19 0 d-------- C:\Program Files\SiSLan
2008-04-24 13:49:37 0 -rahs---- C:\MSDOS.SYS
2008-04-24 13:49:37 0 -rahs---- C:\IO.SYS
2008-04-24 13:49:37 0 --a------ C:\CONFIG.SYS
2008-04-24 13:49:37 0 --a------ C:\AUTOEXEC.BAT
2008-04-24 13:47:44 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-24 13:47:40 0 d-------- C:\Program Files\Usługi online
2008-04-24 13:46:52 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-24 13:46:43 0 d-------- C:\Program Files\Movie Maker
2008-04-24 13:45:42 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-24 13:45:09 0 d-------- C:\Program Files\Messenger
2008-04-24 13:45:05 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-24 13:44:56 0 d-------- C:\Program Files\Windows NT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-17 07:35]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-03 20:33]
"msm"="C:\WINDOWS\system32\drivers\services.exe" [2008-06-13 14:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 15:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e44cf96-1eb5-11dd-abb3-4d6564696130}]
AutoRun\command- G:\jfvkcsy.bat
explore\Command- G:\jfvkcsy.bat
open\Command- G:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e44cf9c-1eb5-11dd-abb3-000b6a1e9955}]
AutoRun\command- G:\jfvkcsy.bat
explore\Command- G:\jfvkcsy.bat
open\Command- G:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c416123-2eeb-11dd-ac1b-4d6564696130}]
AutoRun\command- G:\qa8sywva.cmd
explore\Command- G:\qa8sywva.cmd
open\Command- G:\qa8sywva.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65c21b50-2653-11dd-abd9-4d6564696130}]
AutoRun\command- G:\jfvkcsy.bat
explore\Command- G:\jfvkcsy.bat
open\Command- G:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eff702b-2191-11dd-abbf-4d6564696130}]
AutoRun\command- G:\qa8sywva.cmd
explore\Command- G:\qa8sywva.cmd
open\Command- G:\qa8sywva.cmd
-- Hosts -----------------------------------------------------------------------
127.0.0.1 norton.com
127.0.0.1 multitrader.info
127.0.0.1 reggame.biz
127.0.0.1 tele-globus.biz
127.0.0.1 newasp.com.cn
127.0.0.1 mygolddinar.com
127.0.0.1 xfatum.com
127.0.0.1 think-adz2.com
127.0.0.1 daoway.biz
127.0.0.1 school-172.info
5 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-06-13 21:46:03 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Polish
CPU 0: AMD Athlon(tm) XP 2000+
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 383.48 MiB / 130.06 MiB
Pagefile Memory (total/avail): 922.16 MiB / 774.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.76 MiB
C: is Fixed (NTFS) - 7.96 GiB total, 3.73 GiB free.
D: is Fixed (NTFS) - 29.3 GiB total, 6.59 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Instalowalny system plików - 7.96 GiB - C:
\PARTITION1 - Rozszerzona z rozszerzonym przerwaniem 13 - 29.3 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michal\Dane aplikacji
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MICHAť
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michal
LOGONSERVER=\\MICHAť
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Samsung\Samsung PC Studio 3
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michal\USTAWI~1\Temp
TMP=C:\DOCUME~1\Michal\USTAWI~1\Temp
USERDOMAIN=MICHAť
USERNAME=Michal
USERPROFILE=C:\Documents and Settings\Michal
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Michal [I](admin)[/I]
Administrator [I](new local, admin)[/I]
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.2 CE --> MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-CEA000000001}
ALLPlayer V3.X --> "C:\Program Files\MarBit\ALLPlayer\unins000.exe"
Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\setup.exe" -l0x9 -uninst
AutoConnect v0.1.2.5 --> C:\Program Files\AutoConnect\uninst.exe
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
BearShare --> C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
CWK (Czasowy Wyłącznik Komputera) --> "C:\Program Files\Damian Pasternak\CWK\CWK.exe" /uninstall
Digital Photo Navigator 1.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}\setup.EXE" -l0x9
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG
EPSON Photo Print --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x15 UNINSTALL
foobar2000 v0.9.4 --> "C:\Program Files\foobar2000\uninstall.exe"
Gadu-Gadu 7.1 --> C:\Program Files\Gadu-Gadu\Setup.exe
GIMP 2.4.4 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Michal\Pulpit\HijackThis.exe /uninstall
K-Lite Codec Pack 2.80 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
My Web Search (Webfetti) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver --> RUNDLL32.EXE nsesetup.dll,DoNTUninst
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerCinema NE for Everio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39CEE1F2-12B6-4C50-9131-04BFCA110578}\setup.exe" -uninstall
PowerDirector Express --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
SAGEM F@st 800-840 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x15
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
sXe Injected --> "C:\Program Files\sXe Injected\uninstall.exe"
Tasker version 3.13 --> "C:\Program Files\Tasker\unins000.exe"
Tibia --> "C:\Program Files\Tibia\unins000.exe"
Tibia MULTI-ip changer --> C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe
Trojan Remover 6.7.0 --> "C:\Program Files\Trojan Remover\unins000.exe"
VirtualNetwork --> "C:\Program Files\VirtualNetwork\Uninstall.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type646 / Error
Event Submitted/Written: 06/13/2008 11:38:55 AM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd help.exe, wersja 0.0.0.0, moduł powodujący błąd help.exe, wersja 0.0.0.0, adres błędu 0x0004008b.
Przetwarzanie zdarzenia określonego nośnika dla [help.exe!ws!]
Event Record #/Type626 / Error
Event Submitted/Written: 06/10/2008 09:31:39 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca avant.exe, wersja 10.2.0.52, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Event Record #/Type620 / Error
Event Submitted/Written: 06/10/2008 07:14:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd nbj.exe, wersja 1.2.0.56, moduł powodujący błąd advrcntr.dll, wersja 1.2.12.2314, adres błędu 0x0001d144.
Przetwarzanie zdarzenia określonego nośnika dla [nbj.exe!ws!]
Event Record #/Type611 / Error
Event Submitted/Written: 06/08/2008 11:30:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca winamp.exe, wersja 5.5.3.1898, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Event Record #/Type610 / Error
Event Submitted/Written: 06/08/2008 11:30:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca winamp.exe, wersja 5.5.3.1898, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4010 / Warning
Event Submitted/Written: 06/13/2008 09:22:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
Protokół TCP/IP osiągnął limit zabezpieczeń ustalony dla liczby równoczesnych prób połączeń TCP.
Event Record #/Type4009 / Warning
Event Submitted/Written: 06/13/2008 09:07:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
Protokół TCP/IP osiągnął limit zabezpieczeń ustalony dla liczby równoczesnych prób połączeń TCP.
Event Record #/Type3977 / Error
Event Submitted/Written: 06/13/2008 07:56:21 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Nie można załadować następujących sterowników startu rozruchowego lub systemowego:
Beep
Event Record #/Type3976 / Error
Event Submitted/Written: 06/13/2008 07:56:20 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu:
%%1058
Event Record #/Type3971 / Warning
Event Submitted/Written: 06/13/2008 07:20:52 PM
Event ID/Source: 4226 / Tcpip
Event Description:
Protokół TCP/IP osiągnął limit zabezpieczeń ustalony dla liczby równoczesnych prób połączeń TCP.
-- End of Deckard's System Scanner: finished at 2008-06-13 21:46:03 ------------