Winlogon.exe, explorer.exe - wirus; blokowanie stron

**Posty:** 584 · przez **Piotrek1993** 16 Sty 2011, 19:38

Witam.
Od jakiegoś czasu na komputerze mojego brata dzieją się dziwne rzeczy. Wcześniej Avast, teraz Comodo, wykrywa wirusa w procesach winlogon.exe i explorer.exe. Ostatnio nawet nie może wejść na większość stron, ponieważ wyskakuje mu takie coś - >KLIK<. Blokuje prawie wszystkie strony, oprócz tych, które ma dodane do ulubionych.
Log GMER, OTL, Extras.
Podczas generowania 2 loga z Gmera (bo ten wydaje mi się jakiś długi i rozlazły, nie wiem czy tak ma to wyglądać...) wyskoczył najpierw bsod a przy kolejnej próbie - komputer się zawiesił...
Proszę o pomoc.

**Posty:** 18165 · przez **wojtas** 16 Sty 2011, 21:00

dla pewności : odinstalowałeś daemon tools przed użyciem Gmera?
wypakuj to na dysku C :
http://www.sendspace.com/file/gew9cr

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKU\S-1-5-21-1325072439-2419310910-506584239-1006..\Run: [FlashGet 3] File not found
O4 - HKU\S-1-5-21-1325072439-2419310910-506584239-1006..\Run: [Orb] File not found
O4 - Startup: C:\Documents and Settings\Winiarski\Menu Start\Programy\Autostart\ubisoft register.lnk = File not found
O33 - MountPoints2\{2b35221e-e340-11df-99be-0011675ee65d}\Shell\AutoRun\command - "" = H:\urDrive.exe
O33 - MountPoints2\{2f007bc2-9095-11de-96c4-0011675ee65d}\Shell - "" = AutoRun
O33 - MountPoints2\{2f007bc2-9095-11de-96c4-0011675ee65d}\Shell\AutoRun\command - "" = H:\Install.exe
O33 - MountPoints2\{5a90e8f0-5633-11dd-94eb-0011675ee65d}\Shell\AutoRun\command - "" = EXPLORER.EXE
O33 - MountPoints2\{5a90e8f0-5633-11dd-94eb-0011675ee65d}\Shell\explore\Command - "" = EXPLORER.EXE
O33 - MountPoints2\{5a90e8f0-5633-11dd-94eb-0011675ee65d}\Shell\open\Command - "" = EXPLORER.EXE
O33 - MountPoints2\{7cac8b18-6256-11dd-9503-0011675ee65d}\Shell\AutoRun\command - "" = \Firefox\FirefoxPortable.exe
O33 - MountPoints2\{bb8b5a54-d2c6-11dd-95a5-0011675ee65d}\Shell\AutoRun\command - "" = H:\EXPLORER.EXE
O33 - MountPoints2\{bb8b5a54-d2c6-11dd-95a5-0011675ee65d}\Shell\explore\Command - "" = H:\EXPLORER.EXE
O33 - MountPoints2\{bb8b5a54-d2c6-11dd-95a5-0011675ee65d}\Shell\open\Command - "" = H:\EXPLORER.EXE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2B11E0DF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9

:Files
C:\Documents and Settings\Winiarski\Dane aplikacji\ESET
C:\Documents and Settings\All Users\Dane aplikacji\ESET
C:\Documents and Settings\Winiarski\Dane aplikacji\Toolbar4
C:\Documents and Settings\Winiarski\Ustawienia lokalne\Temp
C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\searchplugins\daemon-search.xml
C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\searchplugins\web-search.xml
C:\WINDOWS\System32\winlogon.exe|C:\winlogon.exe /replace
C:\WINDOWS\System32\dllcache\winlogon.exe|C:\winlogon.exe /replace
C:\WINDOWS\explorer.exe|C:\explorer.exe /replace
C:\WINDOWS\System32\dllcache\explorer.exe|C:\explorer.exe /replace

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 584 · przez **Piotrek1993** 16 Sty 2011, 22:13

Do komputera nie mam niestety dostępu, a brat mówił, że Deamona nie było w Start->Programy ani w "Dodaj lub usuń programy", więc nie było co odinstalować.
Kolejna dziwna rzecz się przytrafiła - po restarcie komputera nie otworzył się żaden notatnik z raportem... oprócz tego brat mówił, że nie widzi ikon na pulpicie, paska startu. Po uruchomieniu komputera jest sama tapeta.
Log z OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-01-16 20:40:09 - Run 2 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Winiarski\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 014,00 Mb Total Physical Memory | 391,00 Mb Available Physical Memory | 39,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 13,50 Gb Free Space | 24,16% Space Free | Partition Type: NTFS Drive D: | 55,90 Gb Total Space | 22,99 Gb Free Space | 41,12% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Winiarski | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-01-16 14:13:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Winiarski\Pulpit\OTL.exe PRC - [2011-01-11 11:07:02 | 001,771,288 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2010-12-11 14:51:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-11-19 16:12:44 | 000,151,432 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe PRC - [2009-04-07 13:11:58 | 000,241,664 | ---- | M] () -- C:\Program Files\blueconnect\AssistantServices.exe PRC - [2009-04-07 13:11:16 | 000,132,608 | ---- | M] () -- C:\Program Files\blueconnect\UIExec.exe PRC - [2008-06-03 22:44:42 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2008-05-20 10:57:52 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008-05-20 10:55:58 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\explorer.exe PRC - [2008-04-14 18:21:48 | 000,510,464 | ---- | M] () -- C:\Windows\system32\winlogon.exe PRC - [2006-10-26 12:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WISPTIS.EXE PRC - [2005-07-03 16:03:32 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\Windows\sm56hlpr.exe PRC - [2005-04-06 15:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-01-16 14:13:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Winiarski\Pulpit\OTL.exe MOD - [2010-12-29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\system32\guard32.dll MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2008-05-20 10:57:40 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj02.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (edgesrv) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011-01-11 11:07:02 | 001,771,288 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2010-11-19 16:12:44 | 000,151,432 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS) SRV - [2009-04-07 13:11:58 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\blueconnect\AssistantServices.exe -- (UI Assistant Service) SRV - [2008-05-20 10:57:52 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008-05-20 10:55:58 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2005-04-06 15:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-01-06 17:37:04 | 000,094,784 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect) DRV - [2011-01-06 17:37:04 | 000,027,576 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2011-01-06 17:37:02 | 000,239,368 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2011-01-06 17:37:02 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\system32\drivers\cmderd.sys -- (cmderd) DRV - [2010-10-11 15:55:59 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\regguard.sys -- (RegGuard) DRV - [2009-08-02 09:50:17 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-01-12 08:12:56 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009-01-05 08:59:54 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009-01-04 16:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009-01-04 16:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008-11-23 11:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\NSHE.SYS -- (NSHE) DRV - [2008-10-29 15:35:32 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008-05-20 19:59:09 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2008-05-20 19:58:58 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam 3000(UVC) DRV - [2008-05-20 19:58:46 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008-05-20 19:58:01 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008-05-20 10:57:16 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008-04-13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-08-24 10:22:56 | 005,776,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007-04-13 16:42:16 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2006-11-22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006-11-15 14:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-09-26 11:49:16 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2006-09-26 11:49:16 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2006-09-22 04:32:02 | 001,428,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2006-03-02 13:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2006-03-02 13:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2006-02-27 08:00:50 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR) DRV - [2006-02-20 09:01:06 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR) DRV - [2005-08-10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-07-03 16:01:40 | 000,838,930 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\smserial.sys -- (smserial) DRV - [2005-05-31 14:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2005-05-31 08:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2005-05-16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005-04-30 13:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2005-04-30 13:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2005-04-30 13:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2005-03-25 16:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2005-01-11 11:02:21 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004-10-19 12:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\VComm.sys -- (VComm) DRV - [2003-01-02 09:44:40 | 000,041,088 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ser2pl.sys -- (Ser2pl) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1325072439-2419310910-506584239-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1325072439-2419310910-506584239-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-1325072439-2419310910-506584239-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1325072439-2419310910-506584239-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25567 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.http: "91.121.91.61 " FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\blueconnect\addon [2009-08-24 11:02:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-19 14:30:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-11 14:51:36 | 000,000,000 | ---D | M] [2008-08-26 09:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Extensions [2011-01-16 20:37:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\extensions [2010-10-11 20:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} [2010-11-03 22:05:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-29 14:39:58 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010-09-22 18:44:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\extensions\en-US@dictionaries.addons.mozilla.org [2010-12-01 20:37:10 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\extensions\vshare@toolbar [2008-06-29 11:59:12 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\searchplugins\daemon-search.xml [2010-12-01 20:37:16 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Winiarski\Dane aplikacji\Mozilla\Firefox\Profiles\03jsg06j.default\searchplugins\web-search.xml [2011-01-16 18:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-05-23 21:36:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-07-28 14:00:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-05-23 21:36:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008-06-24 17:31:00 | 000,925,696 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll [2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2008-07-24 16:02:40 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2008-06-24 18:05:58 | 000,529,912 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPNAVY.dll [2008-06-24 18:06:28 | 000,550,392 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSLOTS70.dll [2010-03-21 12:14:10 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-21 12:14:10 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-21 12:14:10 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-21 12:14:10 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-21 12:14:10 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-21 12:14:10 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-10-13 21:32:03 | 000,000,949 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&Tłumaczenie) - {2F7DB8D7-9BE7-4666-901E-F380555BCAC7} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll (Techland) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\blueconnect\UIExec.exe () O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKU\S-1-5-21-1325072439-2419310910-506584239-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1325072439-2419310910-506584239-1006..\Run: [FlashGet 3] File not found O4 - HKU\S-1-5-21-1325072439-2419310910-506584239-1006..\Run: [Orb] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation) O4 - Startup: C:\Documents and Settings\Winiarski\Menu Start\Programy\Autostart\ubisoft register.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Ściągnij przy poomocy FlashGet3 - C:\Documents and Settings\Winiarski\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet3 - C:\Documents and Settings\Winiarski\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Winiarski\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Winiarski\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll,-103 - {94C70A96-012C-4171-98FC-C1971511F20D} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll (Techland) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167749529805 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\Windows\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - \explorer.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Winiarski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Winiarski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2b35221e-e340-11df-99be-0011675ee65d}\Shell\AutoRun\command - "" = H:\urDrive.exe O33 - MountPoints2\{2f007bc2-9095-11de-96c4-0011675ee65d}\Shell - "" = AutoRun O33 - MountPoints2\{2f007bc2-9095-11de-96c4-0011675ee65d}\Shell\AutoRun\command - "" = H:\Install.exe O33 - MountPoints2\{5a90e8f0-5633-11dd-94eb-0011675ee65d}\Shell\AutoRun\command - "" = \explorer.exe -- [2008-04-14 22:51:18 | 001,035,264 | ---- | M] () O33 - MountPoints2\{5a90e8f0-5633-11dd-94eb-0011675ee65d}\Shell\explore\Command - "" = \explorer.exe -- [2008-04-14 22:51:18 | 001,035,264 | ---- | M] () O33 - MountPoints2\{5a90e8f0-5633-11dd-94eb-0011675ee65d}\Shell\open\Command - "" = \explorer.exe -- [2008-04-14 22:51:18 | 001,035,264 | ---- | M] () O33 - MountPoints2\{7cac8b18-6256-11dd-9503-0011675ee65d}\Shell\AutoRun\command - "" = \Firefox\FirefoxPortable.exe O33 - MountPoints2\{bb8b5a54-d2c6-11dd-95a5-0011675ee65d}\Shell\AutoRun\command - "" = H:\EXPLORER.EXE O33 - MountPoints2\{bb8b5a54-d2c6-11dd-95a5-0011675ee65d}\Shell\explore\Command - "" = H:\EXPLORER.EXE O33 - MountPoints2\{bb8b5a54-d2c6-11dd-95a5-0011675ee65d}\Shell\open\Command - "" = H:\EXPLORER.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-01-16 20:22:24 | 000,000,000 | ---D | C] -- C:\_OTL [2011-01-16 20:12:42 | 001,035,264 | ---- | C] (Microsoft Corporation) -- C:\explorer.exe [2011-01-16 20:12:42 | 000,510,464 | ---- | C] (Microsoft Corporation) -- C:\winlogon.exe [2011-01-16 14:13:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Winiarski\Pulpit\OTL.exe [2011-01-16 14:07:48 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Winiarski\Pulpit\SPTDinst-v162-x86.exe [2011-01-16 12:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\COMODO [2011-01-16 12:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Comodo [2011-01-16 12:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\COMODO [2011-01-16 12:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2011-01-12 23:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Winiarski\Pulpit\Dragon Ball [2011-01-12 22:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Winiarski\Dane aplikacji\BITS [2011-01-12 22:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Winiarski\Dane aplikacji\FlashGet [2011-01-12 22:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Winiarski\Dane aplikacji\FlashGetBHO [2011-01-12 22:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network [2011-01-12 21:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Internet Download Manager [2011-01-12 21:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Winiarski\Menu Start\Programy\Internet Download Manager [2011-01-12 21:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Tensons [2011-01-12 18:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2011-01-12 17:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\DAP [2011-01-06 17:37:04 | 000,094,784 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2011-01-06 17:37:04 | 000,027,576 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2011-01-06 17:37:02 | 000,239,368 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [2011-01-06 17:37:02 | 000,015,592 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys [2010-12-29 01:42:04 | 000,285,480 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010-12-26 21:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Winiarski\Moje dokumenty\FIFA 07 [2010-12-26 21:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EA SPORTS [2010-12-26 21:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Winiarski\Dane aplikacji\GameRanger [2010-12-26 20:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS [2010-12-23 21:06:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2010-12-23 21:06:38 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2010-12-23 21:06:35 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-01-16 20:53:47 | 000,386,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2011-01-16 20:24:46 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-01-16 20:24:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-01-16 20:24:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-01-16 20:24:22 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys [2011-01-16 20:22:28 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Winiarski\NTUSER.DAT [2011-01-16 19:24:00 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-01-16 18:09:25 | 000,363,851 | ---- | M] () -- C:\WINDOWS\explorer_xpsp3_pl.rar [2011-01-16 14:38:00 | 000,220,704 | ---- | M] () -- C:\Documents and Settings\Winiarski\Pulpit\bez tytułu.JPG [2011-01-16 14:26:58 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Winiarski\ntuser.ini [2011-01-16 14:13:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Winiarski\Pulpit\OTL.exe [2011-01-16 14:08:57 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Winiarski\Pulpit\jpxjtks8.exe [2011-01-16 14:07:48 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Winiarski\Pulpit\SPTDinst-v162-x86.exe [2011-01-16 12:44:15 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-01-16 00:50:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-01-15 22:40:38 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\Winiarski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-14 19:26:54 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Winiarski\Pulpit\k.audio.doc [2011-01-13 10:46:10 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat [2011-01-12 22:06:53 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI [2011-01-06 20:47:37 | 003,915,055 | ---- | M] () -- C:\Documents and Settings\Winiarski\Pulpit\Alexis Jordan - Happiness.mp3 [2011-01-06 17:37:04 | 000,094,784 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2011-01-06 17:37:04 | 000,027,576 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2011-01-06 17:37:02 | 000,239,368 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [2011-01-06 17:37:02 | 000,015,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys [2011-01-03 13:00:10 | 000,013,209 | ---- | M] () -- C:\Documents and Settings\Winiarski\Pulpit\Madras.jpg [2010-12-31 14:42:43 | 001,574,088 | -H-- | M] () -- C:\Documents and Settings\Winiarski\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-12-29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010-12-26 21:10:59 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 07.lnk [2010-12-26 21:04:21 | 000,001,031 | ---- | M] () -- C:\Documents and Settings\Winiarski\Pulpit\GameRanger.lnk [2010-12-26 20:23:45 | 000,000,096 | ---- | M] () -- C:\Documents and Settings\Winiarski\default.pls [2010-12-26 10:49:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-01-16 18:09:21 | 000,363,851 | ---- | C] () -- C:\WINDOWS\explorer_xpsp3_pl.rar [2011-01-16 15:00:03 | 001,035,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\explorer.exe [2011-01-16 14:37:59 | 000,220,704 | ---- | C] () -- C:\Documents and Settings\Winiarski\Pulpit\bez tytułu.JPG [2011-01-16 14:08:56 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Winiarski\Pulpit\jpxjtks8.exe [2011-01-16 12:52:45 | 000,386,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2011-01-14 19:26:53 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Winiarski\Pulpit\k.audio.doc [2011-01-12 22:10:34 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2011-01-12 22:06:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2011-01-06 20:42:59 | 003,915,055 | ---- | C] () -- C:\Documents and Settings\Winiarski\Pulpit\Alexis Jordan - Happiness.mp3 [2011-01-03 13:00:09 | 000,013,209 | ---- | C] () -- C:\Documents and Settings\Winiarski\Pulpit\Madras.jpg [2010-12-26 21:10:59 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 07.lnk [2010-12-26 21:04:21 | 000,001,031 | ---- | C] () -- C:\Documents and Settings\Winiarski\Pulpit\GameRanger.lnk [2010-10-12 15:31:12 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Winiarski\Ustawienia lokalne\Dane aplikacji\FASTWiz.log [2010-10-11 16:08:18 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2010-10-11 16:08:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2010-10-11 16:08:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2010-10-11 16:08:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2010-06-08 20:20:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Winiarski\Dane aplikacji\winscp.rnd [2009-12-25 12:13:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-07-31 22:02:19 | 000,068,960 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009-05-16 14:20:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009-04-11 22:27:58 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2009-02-17 21:12:14 | 000,006,688 | ---- | C] () -- C:\WINDOWS\SvSMaps.ini [2009-02-14 11:18:20 | 000,000,062 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008-10-15 19:15:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\518.dll [2008-10-14 15:19:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\0.dll [2008-05-20 10:57:16 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008-04-26 13:20:36 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008-04-26 13:20:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008-04-26 13:20:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008-04-26 13:19:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2008-01-21 21:19:42 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat [2007-11-09 21:32:23 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2007-10-03 19:18:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll [2007-08-25 08:58:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2007-08-25 08:58:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2007-08-24 14:56:45 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI [2007-08-24 14:11:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-08-24 14:11:10 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Winiarski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-08-24 14:00:07 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys [2007-08-24 14:00:07 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys [2007-08-24 13:45:49 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2007-08-24 13:45:41 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007-08-24 13:45:41 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-08-24 13:45:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007-08-24 13:45:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007-08-24 13:45:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007-08-24 10:44:46 | 000,068,840 | ---- | C] () -- C:\Documents and Settings\Winiarski\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2007-08-24 10:40:30 | 001,574,088 | -H-- | C] () -- C:\Documents and Settings\Winiarski\Ustawienia lokalne\Dane aplikacji\IconCache.db [2007-08-24 10:40:30 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Winiarski\Dane aplikacji\desktop.ini [2007-07-23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007-07-23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007-07-23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007-04-26 08:02:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007-04-25 16:45:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll [2007-04-25 16:45:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll [2007-04-25 16:45:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll [2007-04-25 16:45:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll [2007-04-25 16:45:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll [2007-04-25 16:45:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll [2007-04-25 16:45:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll [2007-04-25 16:45:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll [2007-04-25 16:45:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll [2007-04-25 16:45:00 | 000,000,793 | ---- | C] () -- C:\WINDOWS\win.ini [2007-04-25 16:45:00 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2007-04-25 16:45:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2007-04-25 16:44:57 | 001,126,744 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2007-04-25 16:44:57 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2007-04-25 16:44:56 | 000,000,998 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007-04-25 16:44:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2007-04-25 16:44:34 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007-04-25 16:44:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2007-04-25 16:44:01 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2007-04-25 16:43:08 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2007-04-25 16:43:02 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2007-04-25 16:43:02 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2007-04-25 16:43:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2007-04-25 16:42:58 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2007-04-25 16:42:58 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2007-04-25 16:42:57 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2007-04-25 16:42:57 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2007-04-25 16:42:56 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2007-04-25 16:42:56 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2007-04-25 16:42:56 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2007-04-25 16:42:56 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2007-04-25 16:42:56 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2007-04-25 16:42:50 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2007-04-25 16:42:50 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2007-04-25 16:42:50 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2007-04-25 16:42:50 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2007-04-25 16:42:50 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2007-04-25 16:42:50 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2007-04-25 16:42:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2007-04-25 16:42:50 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2007-04-25 16:42:50 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2007-04-25 16:42:50 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2007-04-25 16:42:47 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2007-04-25 16:42:46 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2007-04-25 16:42:46 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2007-04-25 16:42:46 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2007-04-25 16:42:40 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2007-04-25 16:42:40 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2007-04-25 16:42:40 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2007-04-25 16:42:37 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2007-04-25 16:42:36 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2007-04-25 16:42:36 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2007-04-25 16:42:29 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2007-04-25 16:42:28 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2007-04-25 16:42:25 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2007-04-25 16:42:25 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2007-04-25 16:41:55 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2006-09-26 11:49:16 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2004-07-26 20:24:52 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\hackman2.dll [2001-08-13 20:09:48 | 000,659,520 | ---- | C] () -- C:\WINDOWS\System32\vbid3lib.dll [2001-04-20 19:23:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PManager.dll [1998-09-07 01:03:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\System32\Cdio16.dll [1998-09-07 00:55:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cdio32.dll [color=#E56717]========== LOP Check ==========[/color] [2011-01-16 12:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2007-08-24 14:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2010-10-11 14:16:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\d4acac [2011-01-15 15:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-09-02 08:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-10-11 15:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft [2010-12-08 17:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2007-12-30 15:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks [2010-10-11 16:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2010-10-11 14:16:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SMKKIYUE [2011-01-12 18:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit [2011-01-12 18:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2007-04-26 08:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2010-08-15 14:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\Nowe Gadu-Gadu [2008-08-09 11:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Alawar [2011-01-13 10:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\BITS [2008-06-29 11:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\DAEMON Tools [2008-07-20 13:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\dBpoweramp [2009-06-16 15:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Dev-Cpp [2010-10-06 12:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\DMCache [2009-05-02 09:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\EDGEdialer [2009-02-28 16:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\ESET [2009-03-01 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\FarmingSimulator2008 [2011-01-12 22:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\FlashGet [2011-01-12 22:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\FlashGetBHO [2007-08-27 12:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Gadu-Gadu [2010-12-17 15:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Gadu-Gadu 10 [2010-12-26 21:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\GameRanger [2009-03-03 18:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\GanymedeNet [2010-06-08 20:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\GHISLER [2008-06-21 14:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\gtk-2.0 [2011-01-13 10:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\IDM [2010-12-16 10:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\ipla [2010-10-30 13:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Leadertech [2010-06-09 14:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Notepad++ [2009-02-12 21:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Nowe Gadu-Gadu [2009-08-24 11:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Program Files [2010-12-08 17:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\RDRM [2010-10-11 16:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Simply Super Software [2010-10-11 14:16:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Smart Engine [2010-10-14 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\Toolbar4 [2008-01-02 18:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winiarski\Dane aplikacji\uTorrent [2007-06-04 06:31:04 | 000,001,946 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2B11E0DF @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report >

**Posty:** 18165 · przez **wojtas** 16 Sty 2011, 22:52

niech jeszcze raz wklej skrypt do OTL i odpali, może się uda pokazać raport i nowy log z OTL, ps . macie płytkę od Windowsa?

**Posty:** 584 · przez **Piotrek1993** 16 Sty 2011, 23:58

Płyty do Windowsa nie posiada, ale ma płytę do przywracania systemu. Nie wiem czy coś to pomoże :roll:

Co do raportu - dalej nic.
Może to przez tego explorera? Bo jak już wcześniej mówiłem, brat po włączeniu komputera nie ma żadnych ikon na pulpicie, nie ma paska startu. Jest samiusieńka tapeta.

**Posty:** 18165 · przez **wojtas** 17 Sty 2011, 00:02

a spróbuj poprostu ten plik explorer.exe co masz na dysku C wrzucić do C:/Windows i reset kompa i zobacz czy pomogło..

**Posty:** 584 · przez **Piotrek1993** 17 Sty 2011, 00:05

No właśnie próbowaliśmy tego, niestety nic z tego. Wrzucaliśmy to również do Start->Programy->Autostart i też nic. W tym momencie dalej kombinujemy jak zrobić aby explorer się włączał przy starcie i w Internecie znalazłem coś takiego:

Kod: Zaznacz wszystko: 1. Odblokowanie możliwosci reinstalacji Internet Explorera przez edycję rejestru. Start >> Uruchom >> regedit Przechodzimy do klucza: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} Zmieniamy wartość wpisu IsInstalled z 1 na 0 Ściągamy i instalujemy Internet Explorer ze strony downloadu M$ bądź wkładamy płytę z odpowiednią wersją systemu do czytnika i w uruchom wpisujemy: sfc /scannow

I na razie czekamy...

**Posty:** 18165 · przez **wojtas** 17 Sty 2011, 00:09

hmm wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....
reset i napisz czy pomogło

Uruchom SystemLook , w oknie wklej:

:filefind
explorer.exe

i dajesz look

pokazujesz raport

**Posty:** 584 · przez **Piotrek1993** 17 Sty 2011, 14:42

Raport z SystemLooka:

Kod: Zaznacz wszystko: SystemLook 04.09.10 by jpshortstuff Log created at 13:38 on 17/01/2011 by Winiarski Administrator - Elevation successful ========== filefind ========== Searching for "explorer.exe" C:\explorer.exe --a---- 1035264 bytes [19:12 16/01/2011] [21:51 14/04/2008] C791ED9EAC5E76D9525E157B1D7A599A C:\Windows\$hf_mig$\KB938828\SP2QFE\explorer.exe --a---- 1034752 bytes [13:12 13/06/2007] [13:12 13/06/2007] 8DB0650B211425B9CDB7D1C4A8F6B482 C:\Windows\$NtServicePackUninstall$\explorer.exe -----c- 1034752 bytes [16:26 16/11/2008] [13:23 13/06/2007] 029A562E81BBEE088C61D418BF408F44 C:\Windows\$NtUninstallKB938828$\explorer.exe -----c- 1033728 bytes [17:55 30/08/2007] [12:00 02/03/2006] 379098A96E6C165B659DE7E4328010EA C:\Windows\ServicePackFiles\i386\explorer.exe ------- 1035264 bytes [17:21 14/04/2008] [17:21 14/04/2008] C791ED9EAC5E76D9525E157B1D7A599A C:\Windows\system32\dllcache\explorer.exe --a---- 1035264 bytes [14:00 16/01/2011] [17:21 14/04/2008] (Unable to calculate MD5) -= EOF =-

EDIT:
Z tym edytowaniem rejestru nie wypaliło.

**Posty:** 18165 · przez **wojtas** 17 Sty 2011, 20:48

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:Files
C:\WINDOWS\explorer.exe|C:\Windows\$NtServicePackUninstall$\explorer.exe /replace

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .
napisz jak sytuacja...

**Posty:** 584 · przez **Piotrek1993** 17 Sty 2011, 21:03

Brat zrobił tak jak mówiłeś i po restarcie wywaliło blue screena... Teraz każdy restart kończy się blue screenem.

**Posty:** 18165 · przez **wojtas** 17 Sty 2011, 21:21

podaj kod błędu... spróbuj wejść do konsoli odzyskiwania a jak już bedziesz to wpisz :

CHKDSK /P/R

jak się skończy to wpisz exit i napisz jak sytuacja...

**Posty:** 584 · przez **Piotrek1993** 17 Sty 2011, 21:36

Bsod wyskakuje tylko na moment, nawet nie ma jak zdjęcia zrobić. Do konsoli też brat nie wejdzie bo nie ma płyty do Windowsa. Da radę jakoś inaczej wejść?

**Posty:** 18165 · przez **wojtas** 17 Sty 2011, 21:41

tam jest wejście przez dyskietki

w linku opisane

**Posty:** 584 · przez **Piotrek1993** 17 Sty 2011, 21:44

W którym linku? Brat ma laptopa więc nie ma stacji dyskietek.

**Posty:** 18165 · przez **wojtas** 17 Sty 2011, 22:01

to niech zbootuje płytka odzyskiwania systemu.. nie wiem jakie dokładnie opcje będzie miał

powinna być opcja naprawy systemu (coś podobnego )

to akurat z Visty jest ^^
zapytaj się jakie ma opcje

**Posty:** 584 · przez **Piotrek1993** 17 Sty 2011, 22:18

Takie cuś ma:

Co dalej?

**Posty:** 18165 · przez **wojtas** 17 Sty 2011, 22:21

dajesz R : wyskoczy okienko

pyta się która wersję windows wybrać dajesz 1 i enter;
jak będzie wybrane wpisujesz :

CHKDSK /P/R

odbędzie się skanowanie, jak skończy piszesz exit i dajesz info co i jak

**Posty:** 584 · przez **Piotrek1993** 17 Sty 2011, 22:35

Zrobione tak jak kazałeś, ale nadal pupa zbita. Dalej wywala blue screena

**Posty:** 18165 · przez **wojtas** 17 Sty 2011, 23:04

dzialają już ikonki ?

Pobierz to

Start - programy - Debugging Tools for Windows - WinDbg

File Open Crash Dump

Pojawia sie okienko, w którym wskazujesz plik *.dmp
Znajduje sie w windows\minidump\ (najnowszy)
Na pytanie: Save information for workspace odpowiadasz no , następnie wklej zawartość na forum treść z programu

Kto jest na forum