Jak odblokować komputer i usunąć wirus ukash?

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Jak odblokować komputer i usunąć wirus ukash?

Postprzez PiotrU 05 Sie 2012, 21:48

Jak w przypadku podobnych tematów. Komputer w kilka sekund po załadowaniu systemu zostaje zablokowany. Pojawia się ekran ze starym logo policji i żądanie o zapłatę 500 zł. Przeskanowałem komputer programem OTL. Poniżej w załączniku przesyłam pliki po zeskanowaniu i proszę o dalszą pomoc, jeżeli to możliwe krok po kroku co zrobić by się tego pozbyć, bo sam nie mam pojęcia.
Jak odblokować komputer i usunąć wirus ukash?

Postprzez defacto19 05 Sie 2012, 22:17

vShare.tv plugin 1.3

Zastosuj Adwcleaner -> http://general-changelog-team.fr/en/tools/15-adwcleaner (ściągnij na Pulpit i kliknij w nim Delete.
Pokaż raport z niego C:\AdwCleaner[S1].txt

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

O4 - HKLM..\Run: [cdbjzrlcvsdpsca] D:\Documents and Settings\All Users\Dane aplikacji\cdbjzrlc.exe (Arima Computer Corporation)
O4 - HKU\.DEFAULT..\Run: [cdbjzrlcvsdpsca] D:\Documents and Settings\All Users\Dane aplikacji\cdbjzrlc.exe (Arima Computer Corporation)
O4 - HKU\S-1-5-18..\Run: [cdbjzrlcvsdpsca] D:\Documents and Settings\All Users\Dane aplikacji\cdbjzrlc.exe (Arima Computer Corporation)
[2012-08-02 09:04:10 | 000,078,336 | ---- | C] (Arima Computer Corporation) -- D:\Documents and Settings\All Users\Dane aplikacji\cdbjzrlc.exe
[2012-08-02 09:04:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\bqvrhitgvnwodcz
[2012-08-02 09:03:58 | 000,078,336 | ---- | C] (Arima Computer Corporation) -- D:\Documents and Settings\All Users\Dane aplikacji\txkbswwr.exe
[2012-08-02 09:04:11 | 000,000,051 | ---- | M] () -- D:\Documents and Settings\All Users\Dane aplikacji\eiriajrlrebpyzh
[2012-03-06 20:42:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Piotr\Dane aplikacji\80948


Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który powstanie po restarcie. Następnie uruchom OTL ponownie, i kliknij skanuj.
Pokaż nowy log OTL.txt, oraz raport z usuwania.
Jak odblokować komputer i usunąć wirus ukash?

Postprzez longin1983 05 Sie 2012, 23:14

Podepne sie. :wink: u mnie na lapku to samo ale odrazu po zalogowaniu sie blokuje.
90% problemów z komputerem siedzi przed monitorem
Jak odblokować komputer i usunąć wirus ukash?

Postprzez PiotrU 06 Sie 2012, 00:17

Postąpiłem zgodnie z instrukcją. Oto raporty:
z Adwcleaner oraz log OTL.txt po restarcie ( podczas pierwszego skanowania nie zaznaczyłem opcji ,,Infekcja LOP - sprawdzenie,, oraz ,,Infekcja Purity - sprawdzenie,, ) potem przeskanowałem jeszcze raz uprzednio zaznaczając te opcje. Nie wiem czy to coś zmienia, ale przesyłam raporty z 1 i 2 skanowania.
Extras.Txt po restarcie 2.txt
08052012_234927 raport po wykonaniu skryptu olt.txt
Extras.Txt po restarcie.txt
Jak odblokować komputer i usunąć wirus ukash?

Postprzez defacto19 06 Sie 2012, 00:32

Dlaczego dałeś dwa logi Extras ? Przecież napisałem jasno. Pokaż nowy log OTL.txt, oraz raport z usuwania.
Jak odblokować komputer i usunąć wirus ukash?

Postprzez PiotrU 06 Sie 2012, 02:10

O rany... pomyliłem. Już wrzucam OLT.txt natomiast raport z usuwania to zapewne ten: 08052012_234927 raport po wykonaniu skryptu olt.

Komp chodzi już normalnie, ale czy to ustrojstwo zostało całkowicie usunięte?
08052012_234927 raport po wykonaniu skryptu olt.txt
OTL.Txt po restarcie.txt
(106.97 KiB) Ściągnięto 147 razy
Jak odblokować komputer i usunąć wirus ukash?

Postprzez defacto19 06 Sie 2012, 09:08

Zostały jeszcze tylko małe poprawki:

Przez Panel sterowania odinstaluj:
Spyware Doctor 7.0
Java(TM) 6 Update 21
Java(TM) 7 Update 4
Adobe Reader 8.1.1

Zaktualizuj do najnowszej wersji:
Java -> http://java.com/pl/
Adobe Reader -> http://get.adobe.com/reader/

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689: "URL" = http://startsear.ch/?aff=1&src=sp&cf=3473b918-421b-11e1-a9b7-000ee8e30408&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: 63030
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O33 - MountPoints2\{4133c149-e68c-11df-a4bd-000ee8e30408}\Shell\AutoRun\command - "" = D:\WINDOWS\System32\setup.exe -- [2008-04-14 22:51:40 | 000,023,040 | ---- | M] (Microsoft Corporation)
[2012-08-06 01:36:00 | 000,000,930 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-08-06 01:19:01 | 000,001,034 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-06 00:20:20 | 000,000,260 | ---- | M] () -- D:\WINDOWS\tasks\WGASetup.job
[2012-08-06 00:20:13 | 000,001,030 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-23 20:57:35 | 000,000,618 | ---- | M] () -- D:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Piotr.job


Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie, i przedstaw go na forum.
Jak odblokować komputer i usunąć wirus ukash?

Postprzez PiotrU 06 Sie 2012, 10:27

Zrobiłem wszystko zgodnie z instrukcją. Oto raport po restarcie:
08062012_095612 raport po wykonaniu skryptu olt.txt
Jak odblokować komputer i usunąć wirus ukash?

Postprzez defacto19 06 Sie 2012, 11:32

Uruchom OTL i użyj opcji Sprzątanie to go usunie wraz z jego kwarantanną.
Przeczyść system, oraz rejestr programem CCleaner -> http://www.piriform.com/CCLEANER

Jak odblokować komputer i usunąć wirus ukash?

Postprzez Jamro0909 09 Sie 2012, 17:47

witam mam pytanie pomoże mi ktoś :) bo mi komputer zablokowali
Jak odblokować komputer i usunąć wirus ukash?

Postprzez wojtas 09 Sie 2012, 18:07

załóż swój temat, wstaw logi zgodnie z zasadami
Jak odblokować komputer i usunąć wirus ukash?

Postprzez Jamro0909 09 Sie 2012, 18:22

a masz gg

Dodano Dzisiaj, 18:32:
OTL Extras logfile created on: 2012-08-09 18:18:01 - Run 1
OTL by OldTimer - Version Folder = C:\Documents and Settings\Paweł\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,25 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 59,62% Memory free
1,48 Gb Paging File | 1,15 Gb Available in Paging File | 77,88% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,32 Gb Total Space | 0,53 Gb Free Space | 5,66% Space Free | Partition Type: NTFS
Drive D: | 18,99 Gb Total Space | 0,63 Gb Free Space | 3,32% Space Free | Partition Type: NTFS
Drive E: | 108,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PAWE-E6ABF9EB3E | User Name: Paweł | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

"Start" = 0

"Start" = 2

========== Firewall Settings ==========

"EnableFirewall" = 1

"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========


"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
"D:\Gadu-Gadu 10\gg.exe" = D:\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
"C:\Program Files\XtremeZone\Counter Strike 1.6\hl.exe" = C:\Program Files\XtremeZone\Counter Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher
"D:\hamachi.exe" = D:\hamachi.exe:*:Enabled:Hamachi Client
"D:\hl.exe" = D:\hl.exe:*:Enabled:Half-Life Launcher
"D:\Ares\Ares.exe" = D:\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe" = C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe:*:Enabled:Panda permanent protection
"C:\Program Files\YourFileDownloader\Downloader.exe" = C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Program Files\YourFileDownloader\YourFile.exe" = C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader
"C:\Documents and Settings\Paweł\Pulpit\Nowy folder\samp-server.exe" = C:\Documents and Settings\Paweł\Pulpit\Nowy folder\samp-server.exe:*:Enabled:SA-MP dedicated server
"C:\Documents and Settings\Paweł\Pulpit\Nowy folder (2)\samp-server.exe" = C:\Documents and Settings\Paweł\Pulpit\Nowy folder (2)\samp-server.exe:*:Enabled:SA-MP dedicated server
"D:\Postal 10th Anniversary\System\Postal2.exe" = D:\Postal 10th Anniversary\System\Postal2.exe:*:Enabled:Postal2
"C:\Documents and Settings\Paweł\Pulpit\serv gta\samp-server.exe" = C:\Documents and Settings\Paweł\Pulpit\serv gta\samp-server.exe:*:Enabled:SA-MP dedicated server
"C:\Documents and Settings\Paweł\Pulpit\Server Polskie party 03c - Orginał\samp-server.exe" = C:\Documents and Settings\Paweł\Pulpit\Server Polskie party 03c - Orginał\samp-server.exe:*:Enabled:SA-MP dedicated server
"D:\cs 1.6\hl.exe" = D:\cs 1.6\hl.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Paweł\Moje dokumenty\Pobieranie\uTorrent.exe" = C:\Documents and Settings\Paweł\Moje dokumenty\Pobieranie\uTorrent.exe:*:Enabled:µTorrent
"D:\need for speed\Medal Of Honor Allied Assualt\MOHAA_server.exe" = D:\need for speed\Medal Of Honor Allied Assualt\MOHAA_server.exe:*:Enabled:Medal of Honor Allied Assault(tm)
"D:\need for speed\Medal Of Honor Allied Assualt\MOHAA.exe" = D:\need for speed\Medal Of Honor Allied Assualt\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault
"D:\need for speed\Need for Speed Underground 2\Need for Speed Underground 2\SPEED2.EXE" = D:\need for speed\Need for Speed Underground 2\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2 -- ()
"D:\CoD2MP_s.exe" = D:\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"D:\need for speed\Lead and Gold\lag_win32_public_dev.exe" = D:\need for speed\Lead and Gold\lag_win32_public_dev.exe:*:Enabled:Engine
"D:\need for speed\Counter-Strike 1.6 + Half-Life\Counter-Strike 1.6 + Half-Life\hl.exe" = D:\need for speed\Counter-Strike 1.6 + Half-Life\Counter-Strike 1.6 + Half-Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Paweł\M-10-6897-8685-3464\winmgr.exe" = C:\Documents and Settings\Paweł\M-10-6897-8685-3464\winmgr.exe:*:Enabled:Microsoft Windows Manager -- ()
"C:\Documents and Settings\Paweł\M-10-8754-86589-55555\windogz.exe" = C:\Documents and Settings\Paweł\M-10-8754-86589-55555\windogz.exe:*:Enabled:Mjjicrtugug ddd Manager -- ()
"C:\Documents and Settings\Paweł\M-10-8754-86589-5555h5\windogr.exe" = C:\Documents and Settings\Paweł\M-10-8754-86589-5555h5\windogr.exe:*:Enabled:Mjjicrtuhgug ddd Manager -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C9221F6-1EA9-4D92-892D-A5FEB3084A75}" = Need for Speed Undeground 2
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65356EEA-6ABF-437B-A7C7-5AAA0C6086F2}_is1" = Minecraft Auto wersja 1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D32D4182-DE6C-457E-838C-8D7B9CE332BA}" = InterVideo WinRip
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ares" = Ares 2.1.7
"ATI Display Driver" = ATI Display Driver
"BFlix" = BFlix
"C-Media Audio" = C-Media 3D Audio
"Gadu-Gadu 10" = Gadu-Gadu 10
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Need for Speed Undeground 2" = Need for Speed Undeground 2
"Need for Speed Underground 2" = Need for Speed Underground 2
"Nfs underground 2-spolszczenie by quarter27_is1" = 'spolszczenie tekstów do gry NFS Underground 2'
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-08-09 04:09:57 | Computer Name = PAWE-E6ABF9EB3E | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-08-09 04:40:03 | Computer Name = PAWE-E6ABF9EB3E | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-08-09 05:18:27 | Computer Name = PAWE-E6ABF9EB3E | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Nie można określić nazwy serwera lub adresu

Error - 2012-08-09 05:18:28 | Computer Name = PAWE-E6ABF9EB3E | Source = MsiInstaller | ID = 1008
Description = Instalacja elementu C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky
Lab Setup Files\Kaspersky Internet Security 2011\Polish\kavkis.msi jest
niedozwolona z powodu błędu w przetwarzaniu zasad ograniczających oprogramowanie.
Obiektowi nie można zaufać.

Error - 2012-08-09 05:29:09 | Computer Name = PAWE-E6ABF9EB3E | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Nie można określić nazwy serwera lub adresu

Error - 2012-08-09 05:29:09 | Computer Name = PAWE-E6ABF9EB3E | Source = MsiInstaller | ID = 1008
Description = Instalacja elementu C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky
Lab Setup Files\Kaspersky Internet Security 2011\Polish\kavkis.msi jest
niedozwolona z powodu błędu w przetwarzaniu zasad ograniczających oprogramowanie.
Obiektowi nie można zaufać.

Error - 2012-08-09 10:57:27 | Computer Name = PAWE-E6ABF9EB3E | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-08-09 11:05:56 | Computer Name = PAWE-E6ABF9EB3E | Source = MsiInstaller | ID = 1008
Description = Instalacja elementu C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky
Lab Setup Files\Kaspersky Internet Security 2011\Polish\kavkis.msi jest
niedozwolona z powodu błędu w przetwarzaniu zasad ograniczających oprogramowanie.
Obiektowi nie można zaufać.

Error - 2012-08-09 11:18:26 | Computer Name = PAWE-E6ABF9EB3E | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-08-09 11:49:22 | Computer Name = PAWE-E6ABF9EB3E | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

[ System Events ]
Error - 2012-08-09 12:09:26 | Computer Name = PAWE-E6ABF9EB3E | Source = Service Control Manager | ID = 7001
Description = Usługa Agent SAP zależy od usługi Protokół transportowy zgodny z NWLink
IPX/SPX/NetBIOS, której nie można uruchomić z powodu następującego błędu: %%87

Error - 2012-08-09 12:10:56 | Computer Name = PAWE-E6ABF9EB3E | Source = sptd | ID = 262148
Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla .

Error - 2012-08-09 12:10:56 | Computer Name = PAWE-E6ABF9EB3E | Source = sfsync04 | ID = 262145
Description =

Error - 2012-08-09 12:11:23 | Computer Name = PAWE-E6ABF9EB3E | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-08-09 12:12:21 | Computer Name = PAWE-E6ABF9EB3E | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: AmdK7 eamon ehdrv Fips

Error - 2012-08-09 12:14:47 | Computer Name = PAWE-E6ABF9EB3E | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-08-09 12:16:27 | Computer Name = PAWE-E6ABF9EB3E | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2012-08-09 12:16:30 | Computer Name = PAWE-E6ABF9EB3E | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2012-08-09 12:16:34 | Computer Name = PAWE-E6ABF9EB3E | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2012-08-09 12:16:38 | Computer Name = PAWE-E6ABF9EB3E | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

< End of report >

Dodano Dzisiaj, 18:39:
OTL logfile created on: 2012-08-09 18:18:01 - Run 1
OTL by OldTimer - Version Folder = C:\Documents and Settings\Paweł\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,25 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 59,62% Memory free
1,48 Gb Paging File | 1,15 Gb Available in Paging File | 77,88% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,32 Gb Total Space | 0,53 Gb Free Space | 5,66% Space Free | Partition Type: NTFS
Drive D: | 18,99 Gb Total Space | 0,63 Gb Free Space | 3,32% Space Free | Partition Type: NTFS
Drive E: | 108,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PAWE-E6ABF9EB3E | User Name: Paweł | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-09 08:23:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paweł\Pulpit\OTL.exe
PRC - [2012-07-18 19:56:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- D:\Gadu-Gadu 10\gg.exe
PRC - [2007-06-13 15:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012-08-03 17:33:18 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012-07-18 19:56:31 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- D:\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- D:\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- D:\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- D:\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- D:\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- D:\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- D:\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- D:\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- D:\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- D:\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- D:\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- D:\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2010-03-19 09:33:38 | 000,059,904 | ---- | M] () -- D:\Gadu-Gadu 10\zlib1.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2004-08-04 00:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004-03-03 06:29:58 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2012-08-03 17:33:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-01-05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\PAWE~1\USTAWI~1\Temp\3019.sys -- (3019)
DRV - [2012-07-05 15:41:24 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-03-14 08:40:04 | 000,104,160 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2012-03-14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012-03-14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-03-20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-03-20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009-03-20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2006-06-14 18:00:34 | 000,059,264 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04)
DRV - [2006-06-14 17:10:38 | 000,058,232 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-03 23:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 22:39:32 | 000,020,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LwAdiHid.sys -- (LwAdiHid)
DRV - [2004-03-03 06:31:22 | 000,679,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003-09-19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002-12-27 04:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2001-08-17 23:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-17 23:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 22:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {1A5A2FFE-F0EB-BF75-02B4-4C1AA0A3C0FB}
IE - HKLM\..\SearchScopes\{1A5A2FFE-F0EB-BF75-02B4-4C1AA0A3C0FB}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtD0ByC0A0AtCyCzy0E0BtA0DtDyBtN0D0TzutBtDtCtBtDyCtDtA&cr=949717494

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://pl.v9.com/?utm_source=b&utm_medium=vlt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{1A5A2FFE-F0EB-BF75-02B4-4C1AA0A3C0FB}: "URL" = http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcSearchScopes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..backup.old.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=112555&tt=200512_ctrl&babsrc=HP_ss&mntrId=c02f3d07000000000000000b6aa169eb"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=ironto"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112555&tt=200512_ctrl&babsrc=KW_ss&mntrId=c02f3d07000000000000000b6aa169eb&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-18 19:56:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-05-13 15:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Extensions
[2012-07-05 14:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\extensions
[2012-07-05 14:39:23 | 000,000,000 | ---D | M] (ADDICT-THING) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\extensions\4ff5854b3d5d8@4ff5854b3d610.info
[2012-07-03 09:48:10 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\extensions\battlefieldheroespatcher@ea.com
[2012-06-03 22:29:26 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\extensions\ffxtlbr@funmoods.com
[2012-07-05 15:40:47 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\searchplugins\funmoods.xml
[2012-06-03 22:25:43 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\searchplugins\Search.xml
[2012-07-07 23:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-18 19:56:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-08-05 16:48:25 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BFlix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files\BFlix\BFlix.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [systemcpl] C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1866\systemcpl.exe ()
O4 - HKLM..\Run: [VDownloader] D:\VDownloader\VDownloader.exe /silent File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ares] D:\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [Gadu-Gadu 10] D:\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun File not found
O4 - HKCU..\Run: [Microsoft Windows Manager] C:\Documents and Settings\Paweł\M-10-6897-8685-3464\winmgr.exe ()
O4 - HKCU..\Run: [Mjjicrtugug ddd Manager] C:\Documents and Settings\Paweł\M-10-8754-86589-55555\windogz.exe ()
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe File not found
O4 - HKCU..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\tvn-ustawienia.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\Paweł\Menu Start\Programy\Autostart\hamachi.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDDDEBE3-A4EC-4131-A3C2-E75C598AD5F4}: DhcpNameServer =
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 () - http://www.etapetki.com.pl/galleries/widoki/zachody/zachod_slonca_7.jpg
O24 - Desktop Components:1 () - http://creeper.pl/wp-content/uploads/2011/05/Block-of-Iron1.png
O24 - Desktop Components:2 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-05-18 23:29:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-01-07 17:48:52 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010-08-17 11:34:02 | 000,520,704 | R--- | M] () - E:\autostart.exe -- [ CDFS ]
O33 - MountPoints2\{1992f1a5-4b92-11de-ab22-4d6564696130}\Shell\AutoRun\command - "" = F:\h0.exe
O33 - MountPoints2\{1992f1a5-4b92-11de-ab22-4d6564696130}\Shell\open\Command - "" = F:\h0.exe
O33 - MountPoints2\{34f98ac9-ed7e-11de-9675-4d6564696130}\Shell\AutoRun\command - "" = E:\xmor.exe
O33 - MountPoints2\{34f98ac9-ed7e-11de-9675-4d6564696130}\Shell\open\Command - "" = E:\xmor.exe
O33 - MountPoints2\{48380eef-a04f-11de-abc0-4d6564696130}\Shell\AutoRun\command - "" = G:\12gn6id2.exe
O33 - MountPoints2\{48380eef-a04f-11de-abc0-4d6564696130}\Shell\open\Command - "" = G:\12gn6id2.exe
O33 - MountPoints2\{a3fa8aee-9ac7-11de-abad-4d6564696130}\Shell\AutoRun\command - "" = G:\mi9al8rs.exe
O33 - MountPoints2\{a3fa8aee-9ac7-11de-abad-4d6564696130}\Shell\open\Command - "" = G:\mi9al8rs.exe
O33 - MountPoints2\{bd3c2c53-456e-11de-ab06-000b6aa169eb}\Shell\AutoRun\command - "" = G:\mi9al8rs.exe
O33 - MountPoints2\{bd3c2c53-456e-11de-ab06-000b6aa169eb}\Shell\open\Command - "" = G:\mi9al8rs.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autostart.exe -- [2010-08-17 11:34:02 | 000,520,704 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-09 18:02:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paweł\Pulpit\OTL.exe
[2012-08-09 17:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Pulpit\Win XP
[2012-08-09 11:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
[2012-08-09 10:48:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-08-07 17:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Dane aplikacji\hellomoto
[2012-08-07 16:28:01 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Paweł\M-10-8754-86589-5555h5
[2012-08-05 17:29:05 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012-08-05 17:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2012-08-05 17:23:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012-08-05 16:47:32 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Paweł\M-10-8754-86589-55555
[2012-08-03 16:55:36 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Paweł\M-10-6897-8685-3464
[2012-07-31 23:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012-07-31 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Omnius for SE
[2012-07-31 22:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Pulpit\S5230MXEIL2_Leopard
[2012-07-17 20:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft
[2012-07-17 19:08:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012-07-17 19:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Lead and Gold
[2012-07-17 18:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Pulpit\CD Hack
[2012-07-16 17:25:31 | 000,104,160 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2012-07-16 17:25:30 | 000,160,816 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2012-07-16 17:25:11 | 000,120,152 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2012-07-13 18:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Activision
[2012-07-11 21:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Pulpit\Nowy folder
[2012-07-11 21:15:32 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2012-07-11 21:15:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2012-07-10 20:54:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paweł\Moje dokumenty\Moje obrazy
[90 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-09 18:10:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-09 18:08:57 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-09 18:00:03 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-08-09 17:21:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-08-09 08:23:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paweł\Pulpit\OTL.exe
[2012-08-07 16:33:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-08-07 16:16:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-06 16:57:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-08-06 13:50:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012-08-06 13:50:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012-08-05 17:28:42 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\Windows Media Player.lnk
[2012-08-05 17:24:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012-08-05 17:23:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012-08-05 16:48:25 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-08-04 21:52:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-08-03 17:33:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-08-03 17:33:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-08-03 17:28:37 | 000,074,900 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\575124_185485084910885_1066413851_n.jpg
[2012-07-31 22:45:22 | 085,442,861 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\S5230MXEIL2_Leopard.rar
[2012-07-27 17:08:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2012-07-26 18:30:19 | 000,000,302 | ---- | M] () -- C:\WINDOWS\System\cmicnfg.ini
[2012-07-22 18:29:52 | 000,114,528 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\98950_batman_joker_karta.jpg
[2012-07-22 18:28:05 | 000,231,232 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\30496_joker_batman_dark_knight.jpg
[2012-07-22 18:25:32 | 000,057,689 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\Batman Dark Night.jpg
[2012-07-22 15:17:02 | 004,955,008 | ---- | M] () -- C:\Documents and Settings\Paweł\Moje dokumenty\12.Ex Przyjaciele - CHADA PROCEDER.mp3
[2012-07-19 14:15:11 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-17 21:04:18 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\SWAT4.lnk
[2012-07-17 20:52:54 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Paweł\Moje dokumenty\ax_files.xml
[2012-07-17 18:08:01 | 000,105,596 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\CD Hack.rar
[2012-07-13 18:06:33 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 2 Singleplayer.lnk
[2012-07-13 18:06:33 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 2 Multiplayer.lnk
[2012-07-13 18:04:52 | 000,000,247 | ---- | M] () -- C:\WINDOWS\game.ini
[2012-07-11 21:15:33 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2012-07-11 21:15:31 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2012-07-11 18:54:19 | 000,057,462 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\555300_185485014910892_584739892_n.jpg
[90 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-08-05 17:23:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012-07-31 22:31:02 | 085,442,861 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\S5230MXEIL2_Leopard.rar
[2012-07-22 18:29:51 | 000,114,528 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\98950_batman_joker_karta.jpg
[2012-07-22 18:28:04 | 000,231,232 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\30496_joker_batman_dark_knight.jpg
[2012-07-22 18:25:31 | 000,057,689 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\Batman Dark Night.jpg
[2012-07-22 15:16:59 | 004,955,008 | ---- | C] () -- C:\Documents and Settings\Paweł\Moje dokumenty\12.Ex Przyjaciele - CHADA PROCEDER.mp3
[2012-07-17 21:04:18 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\SWAT4.lnk
[2012-07-17 20:57:01 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader 9.lnk
[2012-07-17 20:57:01 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2012-07-17 18:07:47 | 000,105,596 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\CD Hack.rar
[2012-07-13 18:06:33 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 2 Singleplayer.lnk
[2012-07-13 18:06:33 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 2 Multiplayer.lnk
[2012-07-13 18:04:52 | 000,000,247 | ---- | C] () -- C:\WINDOWS\game.ini
[2012-07-11 18:53:54 | 000,057,462 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\555300_185485014910892_584739892_n.jpg
[2012-07-11 18:52:53 | 000,074,900 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\575124_185485084910885_1066413851_n.jpg
[2012-07-09 00:23:18 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2012-07-07 23:18:59 | 000,000,621 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012-07-03 13:22:15 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-07-03 13:22:14 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Paweł\Dane aplikacji\PnkBstrK.sys
[2012-07-03 13:21:53 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012-07-03 13:21:49 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012-07-02 11:02:17 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2012-06-03 22:32:54 | 000,159,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-06-03 22:27:51 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012-06-03 22:25:06 | 000,031,470 | ---- | C] () -- C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\funmoods.crx
[2012-05-20 19:35:55 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2012-05-16 19:33:56 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Paweł\Dane aplikacji\$_hpcst$.hpc
[2012-05-13 13:37:55 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2012-05-05 14:47:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012-05-05 14:47:37 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012-03-30 21:39:23 | 000,349,696 | ---- | C] () -- C:\WINDOWS\System32\Mss32.dll
[2012-03-20 18:36:43 | 000,144,384 | ---- | C] () -- C:\WINDOWS\System32\miccyhook.dll
[2012-02-10 21:13:00 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2012-02-04 14:21:03 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2012-01-31 17:08:43 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012-01-21 18:36:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-30 21:37:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\SL275044.JPG
[2010-06-30 21:32:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\H (1944 x 1458).jpg
[2010-06-28 22:22:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0261.jpg
[2010-06-28 22:22:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0260.jpg
[2010-06-02 21:30:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\sratata.jpg
[2010-06-02 21:21:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0504 modified.jpg
[2010-06-02 20:53:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0466 modified2.jpg
[2010-06-02 20:39:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0466 modified.jpg
[2010-06-02 19:49:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0504.jpg
[2010-06-02 19:49:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0502.jpg
[2010-06-02 19:49:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0499.jpg
[2010-06-02 19:48:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0498.jpg
[2010-06-02 19:48:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0497.jpg
[2010-06-02 19:47:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0496.jpg
[2010-06-02 19:47:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0495.jpg
[2010-06-02 19:45:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0490.jpg
[2010-06-02 19:44:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0466.jpg
[2010-05-20 20:19:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0476.jpg
[2010-05-20 20:18:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0475.jpg
[2010-03-24 20:33:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\DSCN2752.JPG
[2010-02-28 22:44:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\BILD0028.jpg
[2010-02-23 18:25:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\CCF20100223_00000.jpg
[2009-12-20 22:12:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\nk.jpeg
[2009-11-17 20:53:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_076.jpg
[2009-11-17 20:52:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_075.jpg
[2009-11-17 20:52:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_074.jpg
[2009-11-17 20:52:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_073.jpg
[2009-11-17 20:52:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_057.jpg
[2009-11-17 20:23:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_058.jpg
[2009-11-17 20:23:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_050.jpg
[2009-11-17 20:23:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_034.jpg
[2009-11-17 20:23:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_031.jpg
[2009-11-17 20:23:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_013.jpg
[2009-10-28 21:21:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\STA43200.JPG
[2009-10-28 21:20:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\STA43199.JPG
[2009-10-24 19:52:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\tapeta w ps'ie.jpg
[2009-10-01 16:58:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\Oliś.jpg
[2009-06-23 15:44:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\jazon mraz ft colbie caillat - lucky.mp3
[2009-06-17 22:29:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE005.jpg
[2009-06-17 22:29:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE004.jpg
[2009-06-17 22:20:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE003.jpg
[2009-06-17 22:16:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE02.jpg
[2009-06-17 22:16:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE01.jpg
[2009-06-14 22:03:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG13.jpg
[2009-06-14 21:58:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG12.jpg
[2009-06-14 21:57:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG11.jpg
[2009-06-14 21:54:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG10.jpg
[2009-06-14 21:48:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG9.jpg
[2009-06-14 21:43:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG8.jpg
[2009-06-14 21:43:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG7.jpg
[2009-06-14 21:42:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG6.jpg
[2009-06-14 21:35:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG5.jpg
[2009-06-14 21:35:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG4.jpg
[2009-06-14 21:34:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG3.jpg
[2009-06-14 21:34:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG2.jpg
[2009-06-14 21:34:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG.jpg
[2009-05-22 19:06:19 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-22 19:03:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\1.bmp
[2009-05-22 18:12:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\Bez tytulu_0001.wmv
[2003-03-21 13:37:56 | 000,016,056 | ---- | C] () -- C:\Program Files\owcstp16.dll

========== Files - Unicode (All) ==========
[2012-06-04 18:31:21 | 006,781,420 | ---- | M] ()(C:\Documents and Settings\Paweł\Moje dokumenty\?Ruska dyskoteka w piaskownicy??.mp4) -- C:\Documents and Settings\Paweł\Moje dokumenty\‪Ruska dyskoteka w piaskownicy‬‏.mp4
[2012-06-04 18:28:44 | 006,781,420 | ---- | C] ()(C:\Documents and Settings\Paweł\Moje dokumenty\?Ruska dyskoteka w piaskownicy??.mp4) -- C:\Documents and Settings\Paweł\Moje dokumenty\‪Ruska dyskoteka w piaskownicy‬‏.mp4
[2012-06-03 22:31:34 | 014,370,798 | ---- | C] ()(C:\Documents and Settings\Paweł\Moje dokumenty\?Ruska dyskoteka w piaskownicy??.3gp) -- C:\Documents and Settings\Paweł\Moje dokumenty\‪Ruska dyskoteka w piaskownicy‬‏.3gp
[2012-06-03 22:31:33 | 014,370,798 | ---- | M] ()(C:\Documents and Settings\Paweł\Moje dokumenty\?Ruska dyskoteka w piaskownicy??.3gp) -- C:\Documents and Settings\Paweł\Moje dokumenty\‪Ruska dyskoteka w piaskownicy‬‏.3gp

========== Alternate Data Streams ==========

@Alternate Data Stream - 2006 bytes -> C:\WINDOWS\System32\drivers\xsgllxof.sys:changelist
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

< End of report >
Jak odblokować komputer i usunąć wirus ukash?

Postprzez wojtas 10 Sie 2012, 16:25


Proszę zastosować się do obowiązkowych zasad w dziale bezpieczeństwo
- stwórz swój temat
- wstaw wymagane logi zgodnie ze swoim systemem
- wrzuć logi na forum w formie załącznika,
