• Ogłoszenie:

Jak odblokować komputer i usunąć wirus ukash?

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Jak odblokować komputer i usunąć wirus ukash?

Postprzez PiotrU 05 Sie 2012, 21:48

reklama
Jak w przypadku podobnych tematów. Komputer w kilka sekund po załadowaniu systemu zostaje zablokowany. Pojawia się ekran ze starym logo policji i żądanie o zapłatę 500 zł. Przeskanowałem komputer programem OTL. Poniżej w załączniku przesyłam pliki po zeskanowaniu i proszę o dalszą pomoc, jeżeli to możliwe krok po kroku co zrobić by się tego pozbyć, bo sam nie mam pojęcia.
Załączniki
OTL.Txt
(73.72 KiB) Ściągnięto 989 razy
Extras.Txt
(41.83 KiB) Ściągnięto 328 razy
PiotrU
~user
 
Posty: 13
Dołączenie: 05 Sie 2012, 21:41



Jak odblokować komputer i usunąć wirus ukash?

Postprzez defacto19 05 Sie 2012, 22:17

Odinstaluj:
vShare.tv plugin 1.3

Zastosuj Adwcleaner -> http://general-changelog-team.fr/en/tools/15-adwcleaner (ściągnij na Pulpit i kliknij w nim Delete.
Pokaż raport z niego C:\AdwCleaner[S1].txt

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

:OTL
O4 - HKLM..\Run: [cdbjzrlcvsdpsca] D:\Documents and Settings\All Users\Dane aplikacji\cdbjzrlc.exe (Arima Computer Corporation)
O4 - HKU\.DEFAULT..\Run: [cdbjzrlcvsdpsca] D:\Documents and Settings\All Users\Dane aplikacji\cdbjzrlc.exe (Arima Computer Corporation)
O4 - HKU\S-1-5-18..\Run: [cdbjzrlcvsdpsca] D:\Documents and Settings\All Users\Dane aplikacji\cdbjzrlc.exe (Arima Computer Corporation)
[2012-08-02 09:04:10 | 000,078,336 | ---- | C] (Arima Computer Corporation) -- D:\Documents and Settings\All Users\Dane aplikacji\cdbjzrlc.exe
[2012-08-02 09:04:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\bqvrhitgvnwodcz
[2012-08-02 09:03:58 | 000,078,336 | ---- | C] (Arima Computer Corporation) -- D:\Documents and Settings\All Users\Dane aplikacji\txkbswwr.exe
[2012-08-02 09:04:11 | 000,000,051 | ---- | M] () -- D:\Documents and Settings\All Users\Dane aplikacji\eiriajrlrebpyzh
[2012-03-06 20:42:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Piotr\Dane aplikacji\80948

:Commands
[emptytemp]


Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który powstanie po restarcie. Następnie uruchom OTL ponownie, i kliknij skanuj.
Pokaż nowy log OTL.txt, oraz raport z usuwania.
defacto19
~user
 
Posty: 205
Dołączenie: 23 Cze 2012, 11:51
Pochwały: 42



Jak odblokować komputer i usunąć wirus ukash?

Postprzez longin1983 05 Sie 2012, 23:14

Podepne sie. :wink: u mnie na lapku to samo ale odrazu po zalogowaniu sie blokuje.
Image
90% problemów z komputerem siedzi przed monitorem
Awatar użytkownika
longin1983
~user
 
Posty: 681
Dołączenie: 12 Kwi 2008, 10:16
Miejscowość: Łódź
Pochwały: 19



Jak odblokować komputer i usunąć wirus ukash?

Postprzez PiotrU 06 Sie 2012, 00:17

Postąpiłem zgodnie z instrukcją. Oto raporty:
z Adwcleaner oraz log OTL.txt po restarcie ( podczas pierwszego skanowania nie zaznaczyłem opcji ,,Infekcja LOP - sprawdzenie,, oraz ,,Infekcja Purity - sprawdzenie,, ) potem przeskanowałem jeszcze raz uprzednio zaznaczając te opcje. Nie wiem czy to coś zmienia, ale przesyłam raporty z 1 i 2 skanowania.
Załączniki
Extras.Txt po restarcie 2.txt
(41.63 KiB) Ściągnięto 254 razy
AdwCleaner[S1].txt
(2.15 KiB) Ściągnięto 160 razy
08052012_234927 raport po wykonaniu skryptu olt.txt
(4.61 KiB) Ściągnięto 108 razy
Extras.Txt po restarcie.txt
(41.64 KiB) Ściągnięto 89 razy
PiotrU
~user
 
Posty: 13
Dołączenie: 05 Sie 2012, 21:41



Jak odblokować komputer i usunąć wirus ukash?

Postprzez defacto19 06 Sie 2012, 00:32

Dlaczego dałeś dwa logi Extras ? Przecież napisałem jasno. Pokaż nowy log OTL.txt, oraz raport z usuwania.
defacto19
~user
 
Posty: 205
Dołączenie: 23 Cze 2012, 11:51
Pochwały: 42



Jak odblokować komputer i usunąć wirus ukash?

Postprzez PiotrU 06 Sie 2012, 02:10

O rany... pomyliłem. Już wrzucam OLT.txt natomiast raport z usuwania to zapewne ten: 08052012_234927 raport po wykonaniu skryptu olt.

Komp chodzi już normalnie, ale czy to ustrojstwo zostało całkowicie usunięte?
Załączniki
08052012_234927 raport po wykonaniu skryptu olt.txt
(4.61 KiB) Ściągnięto 185 razy
OTL.Txt po restarcie.txt
(106.97 KiB) Ściągnięto 108 razy
PiotrU
~user
 
Posty: 13
Dołączenie: 05 Sie 2012, 21:41



Jak odblokować komputer i usunąć wirus ukash?

Postprzez defacto19 06 Sie 2012, 09:08

Zostały jeszcze tylko małe poprawki:

Przez Panel sterowania odinstaluj:
Spyware Doctor 7.0
Java(TM) 6 Update 21
Java(TM) 7 Update 4
Adobe Reader 8.1.1

Zaktualizuj do najnowszej wersji:
Java -> http://java.com/pl/
Adobe Reader -> http://get.adobe.com/reader/

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

:OTL
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689: "URL" = http://startsear.ch/?aff=1&src=sp&cf=3473b918-421b-11e1-a9b7-000ee8e30408&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63030
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63030
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O33 - MountPoints2\{4133c149-e68c-11df-a4bd-000ee8e30408}\Shell\AutoRun\command - "" = D:\WINDOWS\System32\setup.exe -- [2008-04-14 22:51:40 | 000,023,040 | ---- | M] (Microsoft Corporation)
[2012-08-06 01:36:00 | 000,000,930 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-08-06 01:19:01 | 000,001,034 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-06 00:20:20 | 000,000,260 | ---- | M] () -- D:\WINDOWS\tasks\WGASetup.job
[2012-08-06 00:20:13 | 000,001,030 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-23 20:57:35 | 000,000,618 | ---- | M] () -- D:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Piotr.job

:Commands
[emptytemp]


Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie, i przedstaw go na forum.
defacto19
~user
 
Posty: 205
Dołączenie: 23 Cze 2012, 11:51
Pochwały: 42



Jak odblokować komputer i usunąć wirus ukash?

Postprzez PiotrU 06 Sie 2012, 10:27

Zrobiłem wszystko zgodnie z instrukcją. Oto raport po restarcie:
Załączniki
08062012_095612 raport po wykonaniu skryptu olt.txt
(8.01 KiB) Ściągnięto 274 razy
PiotrU
~user
 
Posty: 13
Dołączenie: 05 Sie 2012, 21:41



Jak odblokować komputer i usunąć wirus ukash?

Postprzez defacto19 06 Sie 2012, 11:32

Uruchom OTL i użyj opcji Sprzątanie to go usunie wraz z jego kwarantanną.
Przeczyść system, oraz rejestr programem CCleaner -> http://www.piriform.com/CCLEANER

Autor postu otrzymał pochwałę
defacto19
~user
 
Posty: 205
Dołączenie: 23 Cze 2012, 11:51
Pochwały: 42



Jak odblokować komputer i usunąć wirus ukash?

Postprzez Jamro0909 09 Sie 2012, 17:47

witam mam pytanie pomoże mi ktoś :) bo mi komputer zablokowali
Jamro0909
~user
 
Posty: 2
Dołączenie: 09 Sie 2012, 17:42



Jak odblokować komputer i usunąć wirus ukash?

Postprzez wojtas 09 Sie 2012, 18:07

załóż swój temat, wstaw logi zgodnie z zasadami
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656



Jak odblokować komputer i usunąć wirus ukash?

Postprzez Jamro0909 09 Sie 2012, 18:22

a masz gg

Dodano Dzisiaj, 18:32:
OTL Extras logfile created on: 2012-08-09 18:18:01 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Paweł\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,25 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 59,62% Memory free
1,48 Gb Paging File | 1,15 Gb Available in Paging File | 77,88% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,32 Gb Total Space | 0,53 Gb Free Space | 5,66% Space Free | Partition Type: NTFS
Drive D: | 18,99 Gb Total Space | 0,63 Gb Free Space | 3,32% Space Free | Partition Type: NTFS
Drive E: | 108,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PAWE-E6ABF9EB3E | User Name: Paweł | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
"D:\Gadu-Gadu 10\gg.exe" = D:\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
"C:\Program Files\XtremeZone\Counter Strike 1.6\hl.exe" = C:\Program Files\XtremeZone\Counter Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher
"D:\hamachi.exe" = D:\hamachi.exe:*:Enabled:Hamachi Client
"D:\hl.exe" = D:\hl.exe:*:Enabled:Half-Life Launcher
"D:\Ares\Ares.exe" = D:\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe" = C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe:*:Enabled:Panda permanent protection
"C:\Program Files\YourFileDownloader\Downloader.exe" = C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Program Files\YourFileDownloader\YourFile.exe" = C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader
"C:\Documents and Settings\Paweł\Pulpit\Nowy folder\samp-server.exe" = C:\Documents and Settings\Paweł\Pulpit\Nowy folder\samp-server.exe:*:Enabled:SA-MP dedicated server
"C:\Documents and Settings\Paweł\Pulpit\Nowy folder (2)\samp-server.exe" = C:\Documents and Settings\Paweł\Pulpit\Nowy folder (2)\samp-server.exe:*:Enabled:SA-MP dedicated server
"D:\Postal 10th Anniversary\System\Postal2.exe" = D:\Postal 10th Anniversary\System\Postal2.exe:*:Enabled:Postal2
"C:\Documents and Settings\Paweł\Pulpit\serv gta\samp-server.exe" = C:\Documents and Settings\Paweł\Pulpit\serv gta\samp-server.exe:*:Enabled:SA-MP dedicated server
"C:\Documents and Settings\Paweł\Pulpit\Server Polskie party 03c - Orginał\samp-server.exe" = C:\Documents and Settings\Paweł\Pulpit\Server Polskie party 03c - Orginał\samp-server.exe:*:Enabled:SA-MP dedicated server
"D:\cs 1.6\hl.exe" = D:\cs 1.6\hl.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Paweł\Moje dokumenty\Pobieranie\uTorrent.exe" = C:\Documents and Settings\Paweł\Moje dokumenty\Pobieranie\uTorrent.exe:*:Enabled:µTorrent
"D:\need for speed\Medal Of Honor Allied Assualt\MOHAA_server.exe" = D:\need for speed\Medal Of Honor Allied Assualt\MOHAA_server.exe:*:Enabled:Medal of Honor Allied Assault(tm)
"D:\need for speed\Medal Of Honor Allied Assualt\MOHAA.exe" = D:\need for speed\Medal Of Honor Allied Assualt\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault
"D:\need for speed\Need for Speed Underground 2\Need for Speed Underground 2\SPEED2.EXE" = D:\need for speed\Need for Speed Underground 2\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2 -- ()
"D:\CoD2MP_s.exe" = D:\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"D:\need for speed\Lead and Gold\lag_win32_public_dev.exe" = D:\need for speed\Lead and Gold\lag_win32_public_dev.exe:*:Enabled:Engine
"D:\need for speed\Counter-Strike 1.6 + Half-Life\Counter-Strike 1.6 + Half-Life\hl.exe" = D:\need for speed\Counter-Strike 1.6 + Half-Life\Counter-Strike 1.6 + Half-Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Paweł\M-10-6897-8685-3464\winmgr.exe" = C:\Documents and Settings\Paweł\M-10-6897-8685-3464\winmgr.exe:*:Enabled:Microsoft Windows Manager -- ()
"C:\Documents and Settings\Paweł\M-10-8754-86589-55555\windogz.exe" = C:\Documents and Settings\Paweł\M-10-8754-86589-55555\windogz.exe:*:Enabled:Mjjicrtugug ddd Manager -- ()
"C:\Documents and Settings\Paweł\M-10-8754-86589-5555h5\windogr.exe" = C:\Documents and Settings\Paweł\M-10-8754-86589-5555h5\windogr.exe:*:Enabled:Mjjicrtuhgug ddd Manager -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C9221F6-1EA9-4D92-892D-A5FEB3084A75}" = Need for Speed Undeground 2
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65356EEA-6ABF-437B-A7C7-5AAA0C6086F2}_is1" = Minecraft Auto wersja 1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D32D4182-DE6C-457E-838C-8D7B9CE332BA}" = InterVideo WinRip
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ares" = Ares 2.1.7
"ATI Display Driver" = ATI Display Driver
"BFlix" = BFlix
"C-Media Audio" = C-Media 3D Audio
"Gadu-Gadu 10" = Gadu-Gadu 10
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Need for Speed Undeground 2" = Need for Speed Undeground 2
"Need for Speed Underground 2" = Need for Speed Underground 2
"Nfs underground 2-spolszczenie by quarter27_is1" = 'spolszczenie tekstów do gry NFS Underground 2'
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-08-09 04:09:57 | Computer Name = PAWE-E6ABF9EB3E | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-08-09 04:40:03 | Computer Name = PAWE-E6ABF9EB3E | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-08-09 05:18:27 | Computer Name = PAWE-E6ABF9EB3E | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Nie można określić nazwy serwera lub adresu

Error - 2012-08-09 05:18:28 | Computer Name = PAWE-E6ABF9EB3E | Source = MsiInstaller | ID = 1008
Description = Instalacja elementu C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky
Lab Setup Files\Kaspersky Internet Security 2011 11.0.0.232\Polish\kavkis.msi jest
niedozwolona z powodu błędu w przetwarzaniu zasad ograniczających oprogramowanie.
Obiektowi nie można zaufać.

Error - 2012-08-09 05:29:09 | Computer Name = PAWE-E6ABF9EB3E | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Nie można określić nazwy serwera lub adresu

Error - 2012-08-09 05:29:09 | Computer Name = PAWE-E6ABF9EB3E | Source = MsiInstaller | ID = 1008
Description = Instalacja elementu C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky
Lab Setup Files\Kaspersky Internet Security 2011 11.0.0.232\Polish\kavkis.msi jest
niedozwolona z powodu błędu w przetwarzaniu zasad ograniczających oprogramowanie.
Obiektowi nie można zaufać.

Error - 2012-08-09 10:57:27 | Computer Name = PAWE-E6ABF9EB3E | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-08-09 11:05:56 | Computer Name = PAWE-E6ABF9EB3E | Source = MsiInstaller | ID = 1008
Description = Instalacja elementu C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky
Lab Setup Files\Kaspersky Internet Security 2011 11.0.0.232\Polish\kavkis.msi jest
niedozwolona z powodu błędu w przetwarzaniu zasad ograniczających oprogramowanie.
Obiektowi nie można zaufać.

Error - 2012-08-09 11:18:26 | Computer Name = PAWE-E6ABF9EB3E | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-08-09 11:49:22 | Computer Name = PAWE-E6ABF9EB3E | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

[ System Events ]
Error - 2012-08-09 12:09:26 | Computer Name = PAWE-E6ABF9EB3E | Source = Service Control Manager | ID = 7001
Description = Usługa Agent SAP zależy od usługi Protokół transportowy zgodny z NWLink
IPX/SPX/NetBIOS, której nie można uruchomić z powodu następującego błędu: %%87

Error - 2012-08-09 12:10:56 | Computer Name = PAWE-E6ABF9EB3E | Source = sptd | ID = 262148
Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla .

Error - 2012-08-09 12:10:56 | Computer Name = PAWE-E6ABF9EB3E | Source = sfsync04 | ID = 262145
Description =

Error - 2012-08-09 12:11:23 | Computer Name = PAWE-E6ABF9EB3E | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-08-09 12:12:21 | Computer Name = PAWE-E6ABF9EB3E | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: AmdK7 eamon ehdrv Fips

Error - 2012-08-09 12:14:47 | Computer Name = PAWE-E6ABF9EB3E | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-08-09 12:16:27 | Computer Name = PAWE-E6ABF9EB3E | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2012-08-09 12:16:30 | Computer Name = PAWE-E6ABF9EB3E | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2012-08-09 12:16:34 | Computer Name = PAWE-E6ABF9EB3E | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2012-08-09 12:16:38 | Computer Name = PAWE-E6ABF9EB3E | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.


< End of report >

Dodano Dzisiaj, 18:39:
OTL logfile created on: 2012-08-09 18:18:01 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Paweł\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,25 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 59,62% Memory free
1,48 Gb Paging File | 1,15 Gb Available in Paging File | 77,88% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,32 Gb Total Space | 0,53 Gb Free Space | 5,66% Space Free | Partition Type: NTFS
Drive D: | 18,99 Gb Total Space | 0,63 Gb Free Space | 3,32% Space Free | Partition Type: NTFS
Drive E: | 108,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PAWE-E6ABF9EB3E | User Name: Paweł | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-09 08:23:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paweł\Pulpit\OTL.exe
PRC - [2012-07-18 19:56:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- D:\Gadu-Gadu 10\gg.exe
PRC - [2007-06-13 15:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-03 17:33:18 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012-07-18 19:56:31 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- D:\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- D:\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- D:\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- D:\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- D:\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- D:\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- D:\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- D:\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- D:\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- D:\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- D:\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- D:\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- D:\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2010-03-19 09:33:38 | 000,059,904 | ---- | M] () -- D:\Gadu-Gadu 10\zlib1.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2004-08-04 00:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004-03-03 06:29:58 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2012-08-03 17:33:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-01-05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\PAWE~1\USTAWI~1\Temp\3019.sys -- (3019)
DRV - [2012-07-05 15:41:24 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-03-14 08:40:04 | 000,104,160 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2012-03-14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012-03-14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-03-20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-03-20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009-03-20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2006-06-14 18:00:34 | 000,059,264 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04)
DRV - [2006-06-14 17:10:38 | 000,058,232 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-03 23:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 22:39:32 | 000,020,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LwAdiHid.sys -- (LwAdiHid)
DRV - [2004-03-03 06:31:22 | 000,679,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003-09-19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002-12-27 04:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2001-08-17 23:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-17 23:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 22:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {1A5A2FFE-F0EB-BF75-02B4-4C1AA0A3C0FB}
IE - HKLM\..\SearchScopes\{1A5A2FFE-F0EB-BF75-02B4-4C1AA0A3C0FB}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtD0ByC0A0AtCyCzy0E0BtA0DtDyBtN0D0TzutBtDtCtBtDyCtDtA&cr=949717494

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://pl.v9.com/?utm_source=b&utm_medium=vlt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{1A5A2FFE-F0EB-BF75-02B4-4C1AA0A3C0FB}: "URL" = http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcSearchScopes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..backup.old.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=112555&tt=200512_ctrl&babsrc=HP_ss&mntrId=c02f3d07000000000000000b6aa169eb"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=ironto"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112555&tt=200512_ctrl&babsrc=KW_ss&mntrId=c02f3d07000000000000000b6aa169eb&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-18 19:56:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-05-13 15:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Extensions
[2012-07-05 14:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\extensions
[2012-07-05 14:39:23 | 000,000,000 | ---D | M] (ADDICT-THING) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\extensions\4ff5854b3d5d8@4ff5854b3d610.info
[2012-07-03 09:48:10 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\extensions\battlefieldheroespatcher@ea.com
[2012-06-03 22:29:26 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\extensions\ffxtlbr@funmoods.com
[2012-07-05 15:40:47 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\searchplugins\funmoods.xml
[2012-06-03 22:25:43 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\m98kx616.default\searchplugins\Search.xml
[2012-07-07 23:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PAWEĹ‚\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\M98KX616.DEFAULT\EXTENSIONS\4FF5854B3D5D8@4FF5854B3D610.INFO
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PAWEĹ‚\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\M98KX616.DEFAULT\EXTENSIONS\BATTLEFIELDHEROESPATCHER@EA.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PAWEĹ‚\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\M98KX616.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
[2012-07-18 19:56:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-08-05 16:48:25 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BFlix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files\BFlix\BFlix.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [systemcpl] C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1866\systemcpl.exe ()
O4 - HKLM..\Run: [VDownloader] D:\VDownloader\VDownloader.exe /silent File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ares] D:\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [Gadu-Gadu 10] D:\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun File not found
O4 - HKCU..\Run: [Microsoft Windows Manager] C:\Documents and Settings\Paweł\M-10-6897-8685-3464\winmgr.exe ()
O4 - HKCU..\Run: [Mjjicrtugug ddd Manager] C:\Documents and Settings\Paweł\M-10-8754-86589-55555\windogz.exe ()
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe File not found
O4 - HKCU..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\tvn-ustawienia.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\Paweł\Menu Start\Programy\Autostart\hamachi.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.12 10.0.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDDDEBE3-A4EC-4131-A3C2-E75C598AD5F4}: DhcpNameServer = 10.0.0.12 10.0.0.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 () - http://www.etapetki.com.pl/galleries/widoki/zachody/zachod_slonca_7.jpg
O24 - Desktop Components:1 () - http://creeper.pl/wp-content/uploads/2011/05/Block-of-Iron1.png
O24 - Desktop Components:2 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-05-18 23:29:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-01-07 17:48:52 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010-08-17 11:34:02 | 000,520,704 | R--- | M] () - E:\autostart.exe -- [ CDFS ]
O33 - MountPoints2\{1992f1a5-4b92-11de-ab22-4d6564696130}\Shell\AutoRun\command - "" = F:\h0.exe
O33 - MountPoints2\{1992f1a5-4b92-11de-ab22-4d6564696130}\Shell\open\Command - "" = F:\h0.exe
O33 - MountPoints2\{34f98ac9-ed7e-11de-9675-4d6564696130}\Shell\AutoRun\command - "" = E:\xmor.exe
O33 - MountPoints2\{34f98ac9-ed7e-11de-9675-4d6564696130}\Shell\open\Command - "" = E:\xmor.exe
O33 - MountPoints2\{48380eef-a04f-11de-abc0-4d6564696130}\Shell\AutoRun\command - "" = G:\12gn6id2.exe
O33 - MountPoints2\{48380eef-a04f-11de-abc0-4d6564696130}\Shell\open\Command - "" = G:\12gn6id2.exe
O33 - MountPoints2\{a3fa8aee-9ac7-11de-abad-4d6564696130}\Shell\AutoRun\command - "" = G:\mi9al8rs.exe
O33 - MountPoints2\{a3fa8aee-9ac7-11de-abad-4d6564696130}\Shell\open\Command - "" = G:\mi9al8rs.exe
O33 - MountPoints2\{bd3c2c53-456e-11de-ab06-000b6aa169eb}\Shell\AutoRun\command - "" = G:\mi9al8rs.exe
O33 - MountPoints2\{bd3c2c53-456e-11de-ab06-000b6aa169eb}\Shell\open\Command - "" = G:\mi9al8rs.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autostart.exe -- [2010-08-17 11:34:02 | 000,520,704 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-09 18:02:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paweł\Pulpit\OTL.exe
[2012-08-09 17:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Pulpit\Win XP
[2012-08-09 11:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
[2012-08-09 10:48:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-08-07 17:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Dane aplikacji\hellomoto
[2012-08-07 16:28:01 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Paweł\M-10-8754-86589-5555h5
[2012-08-05 17:29:05 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012-08-05 17:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2012-08-05 17:23:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012-08-05 16:47:32 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Paweł\M-10-8754-86589-55555
[2012-08-03 16:55:36 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Paweł\M-10-6897-8685-3464
[2012-07-31 23:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012-07-31 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Omnius for SE
[2012-07-31 22:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Pulpit\S5230MXEIL2_Leopard
[2012-07-17 20:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft
[2012-07-17 19:08:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012-07-17 19:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Lead and Gold
[2012-07-17 18:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Pulpit\CD Hack
[2012-07-16 17:25:31 | 000,104,160 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2012-07-16 17:25:30 | 000,160,816 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2012-07-16 17:25:11 | 000,120,152 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2012-07-13 18:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Activision
[2012-07-11 21:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paweł\Pulpit\Nowy folder
[2012-07-11 21:15:32 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2012-07-11 21:15:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2012-07-10 20:54:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paweł\Moje dokumenty\Moje obrazy
[90 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-09 18:10:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-09 18:08:57 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-09 18:00:03 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-08-09 17:21:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-08-09 08:23:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paweł\Pulpit\OTL.exe
[2012-08-07 16:33:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-08-07 16:16:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-06 16:57:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-08-06 13:50:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012-08-06 13:50:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012-08-05 17:28:42 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\Windows Media Player.lnk
[2012-08-05 17:24:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012-08-05 17:23:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012-08-05 16:48:25 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-08-04 21:52:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-08-03 17:33:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-08-03 17:33:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-08-03 17:28:37 | 000,074,900 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\575124_185485084910885_1066413851_n.jpg
[2012-07-31 22:45:22 | 085,442,861 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\S5230MXEIL2_Leopard.rar
[2012-07-27 17:08:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2012-07-26 18:30:19 | 000,000,302 | ---- | M] () -- C:\WINDOWS\System\cmicnfg.ini
[2012-07-22 18:29:52 | 000,114,528 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\98950_batman_joker_karta.jpg
[2012-07-22 18:28:05 | 000,231,232 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\30496_joker_batman_dark_knight.jpg
[2012-07-22 18:25:32 | 000,057,689 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\Batman Dark Night.jpg
[2012-07-22 15:17:02 | 004,955,008 | ---- | M] () -- C:\Documents and Settings\Paweł\Moje dokumenty\12.Ex Przyjaciele - CHADA PROCEDER.mp3
[2012-07-19 14:15:11 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-17 21:04:18 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\SWAT4.lnk
[2012-07-17 20:52:54 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Paweł\Moje dokumenty\ax_files.xml
[2012-07-17 18:08:01 | 000,105,596 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\CD Hack.rar
[2012-07-13 18:06:33 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 2 Singleplayer.lnk
[2012-07-13 18:06:33 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 2 Multiplayer.lnk
[2012-07-13 18:04:52 | 000,000,247 | ---- | M] () -- C:\WINDOWS\game.ini
[2012-07-11 21:15:33 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2012-07-11 21:15:31 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2012-07-11 18:54:19 | 000,057,462 | ---- | M] () -- C:\Documents and Settings\Paweł\Pulpit\555300_185485014910892_584739892_n.jpg
[90 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-08-05 17:23:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012-07-31 22:31:02 | 085,442,861 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\S5230MXEIL2_Leopard.rar
[2012-07-22 18:29:51 | 000,114,528 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\98950_batman_joker_karta.jpg
[2012-07-22 18:28:04 | 000,231,232 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\30496_joker_batman_dark_knight.jpg
[2012-07-22 18:25:31 | 000,057,689 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\Batman Dark Night.jpg
[2012-07-22 15:16:59 | 004,955,008 | ---- | C] () -- C:\Documents and Settings\Paweł\Moje dokumenty\12.Ex Przyjaciele - CHADA PROCEDER.mp3
[2012-07-17 21:04:18 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\SWAT4.lnk
[2012-07-17 20:57:01 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader 9.lnk
[2012-07-17 20:57:01 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2012-07-17 18:07:47 | 000,105,596 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\CD Hack.rar
[2012-07-13 18:06:33 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 2 Singleplayer.lnk
[2012-07-13 18:06:33 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 2 Multiplayer.lnk
[2012-07-13 18:04:52 | 000,000,247 | ---- | C] () -- C:\WINDOWS\game.ini
[2012-07-11 18:53:54 | 000,057,462 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\555300_185485014910892_584739892_n.jpg
[2012-07-11 18:52:53 | 000,074,900 | ---- | C] () -- C:\Documents and Settings\Paweł\Pulpit\575124_185485084910885_1066413851_n.jpg
[2012-07-09 00:23:18 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2012-07-07 23:18:59 | 000,000,621 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012-07-03 13:22:15 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-07-03 13:22:14 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Paweł\Dane aplikacji\PnkBstrK.sys
[2012-07-03 13:21:53 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012-07-03 13:21:49 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012-07-02 11:02:17 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2012-06-03 22:32:54 | 000,159,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-06-03 22:27:51 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012-06-03 22:25:06 | 000,031,470 | ---- | C] () -- C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\funmoods.crx
[2012-05-20 19:35:55 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2012-05-16 19:33:56 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Paweł\Dane aplikacji\$_hpcst$.hpc
[2012-05-13 13:37:55 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2012-05-05 14:47:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012-05-05 14:47:37 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012-03-30 21:39:23 | 000,349,696 | ---- | C] () -- C:\WINDOWS\System32\Mss32.dll
[2012-03-20 18:36:43 | 000,144,384 | ---- | C] () -- C:\WINDOWS\System32\miccyhook.dll
[2012-02-10 21:13:00 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2012-02-04 14:21:03 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2012-01-31 17:08:43 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012-01-21 18:36:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-30 21:37:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\SL275044.JPG
[2010-06-30 21:32:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\H (1944 x 1458).jpg
[2010-06-28 22:22:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0261.jpg
[2010-06-28 22:22:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0260.jpg
[2010-06-02 21:30:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\sratata.jpg
[2010-06-02 21:21:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0504 modified.jpg
[2010-06-02 20:53:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0466 modified2.jpg
[2010-06-02 20:39:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0466 modified.jpg
[2010-06-02 19:49:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0504.jpg
[2010-06-02 19:49:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0502.jpg
[2010-06-02 19:49:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0499.jpg
[2010-06-02 19:48:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0498.jpg
[2010-06-02 19:48:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0497.jpg
[2010-06-02 19:47:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0496.jpg
[2010-06-02 19:47:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0495.jpg
[2010-06-02 19:45:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0490.jpg
[2010-06-02 19:44:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0466.jpg
[2010-05-20 20:19:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0476.jpg
[2010-05-20 20:18:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG_0475.jpg
[2010-03-24 20:33:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\DSCN2752.JPG
[2010-02-28 22:44:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\BILD0028.jpg
[2010-02-23 18:25:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\CCF20100223_00000.jpg
[2009-12-20 22:12:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\nk.jpeg
[2009-11-17 20:53:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_076.jpg
[2009-11-17 20:52:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_075.jpg
[2009-11-17 20:52:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_074.jpg
[2009-11-17 20:52:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_073.jpg
[2009-11-17 20:52:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_057.jpg
[2009-11-17 20:23:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_058.jpg
[2009-11-17 20:23:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_050.jpg
[2009-11-17 20:23:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_034.jpg
[2009-11-17 20:23:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_031.jpg
[2009-11-17 20:23:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\MARTA_013.jpg
[2009-10-28 21:21:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\STA43200.JPG
[2009-10-28 21:20:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\STA43199.JPG
[2009-10-24 19:52:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\tapeta w ps'ie.jpg
[2009-10-01 16:58:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\Oliś.jpg
[2009-06-23 15:44:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\jazon mraz ft colbie caillat - lucky.mp3
[2009-06-17 22:29:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE005.jpg
[2009-06-17 22:29:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE004.jpg
[2009-06-17 22:20:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE003.jpg
[2009-06-17 22:16:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE02.jpg
[2009-06-17 22:16:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMAGE01.jpg
[2009-06-14 22:03:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG13.jpg
[2009-06-14 21:58:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG12.jpg
[2009-06-14 21:57:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG11.jpg
[2009-06-14 21:54:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG10.jpg
[2009-06-14 21:48:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG9.jpg
[2009-06-14 21:43:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG8.jpg
[2009-06-14 21:43:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG7.jpg
[2009-06-14 21:42:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG6.jpg
[2009-06-14 21:35:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG5.jpg
[2009-06-14 21:35:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG4.jpg
[2009-06-14 21:34:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG3.jpg
[2009-06-14 21:34:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG2.jpg
[2009-06-14 21:34:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\IMG.jpg
[2009-05-22 19:06:19 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-22 19:03:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\1.bmp
[2009-05-22 18:12:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paweł\Bez tytulu_0001.wmv
[2003-03-21 13:37:56 | 000,016,056 | ---- | C] () -- C:\Program Files\owcstp16.dll

========== Files - Unicode (All) ==========
[2012-06-04 18:31:21 | 006,781,420 | ---- | M] ()(C:\Documents and Settings\Paweł\Moje dokumenty\?Ruska dyskoteka w piaskownicy??.mp4) -- C:\Documents and Settings\Paweł\Moje dokumenty\‪Ruska dyskoteka w piaskownicy‬‏.mp4
[2012-06-04 18:28:44 | 006,781,420 | ---- | C] ()(C:\Documents and Settings\Paweł\Moje dokumenty\?Ruska dyskoteka w piaskownicy??.mp4) -- C:\Documents and Settings\Paweł\Moje dokumenty\‪Ruska dyskoteka w piaskownicy‬‏.mp4
[2012-06-03 22:31:34 | 014,370,798 | ---- | C] ()(C:\Documents and Settings\Paweł\Moje dokumenty\?Ruska dyskoteka w piaskownicy??.3gp) -- C:\Documents and Settings\Paweł\Moje dokumenty\‪Ruska dyskoteka w piaskownicy‬‏.3gp
[2012-06-03 22:31:33 | 014,370,798 | ---- | M] ()(C:\Documents and Settings\Paweł\Moje dokumenty\?Ruska dyskoteka w piaskownicy??.3gp) -- C:\Documents and Settings\Paweł\Moje dokumenty\‪Ruska dyskoteka w piaskownicy‬‏.3gp

========== Alternate Data Streams ==========

@Alternate Data Stream - 2006 bytes -> C:\WINDOWS\System32\drivers\xsgllxof.sys:changelist
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

< End of report >
Jamro0909
~user
 
Posty: 2
Dołączenie: 09 Sie 2012, 17:42



Jak odblokować komputer i usunąć wirus ukash?

Postprzez wojtas 10 Sie 2012, 16:25

Jamro0909,

Proszę zastosować się do obowiązkowych zasad w dziale bezpieczeństwo
- stwórz swój temat
- wstaw wymagane logi zgodnie ze swoim systemem
- wrzuć logi na forum w formie załącznika,
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 8 gości