Problem ze znikającymi plikami docelowymi i więcej

**Posty:** 6 · przez **Dib** 25 Sie 2010, 11:38

Witam! Ostatnio mam problem, który polega na tym , że po uruchomieniu niektórych programów (steam , mozilla firefox, gadu gadu) po pewnym czasie programy wysypują się i znika ich element docelowy, leczyłem kompa różnymi programami, przyznam , że trochę tego było ale nie pomogło. Proszę o pomoc!

Dodam również, iż na przy starcie wyskakuje komunikat, że wystąpił błąd z aplikacją hidserv.exe i zostanie ona zamknięta.

Kod: Zaznacz wszystko: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-25 16:09:20 Windows 5.1.2600 Dodatek Service Pack 3 Running: cubsn4xs.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\uwndafow.sys ---- System - GMER 1.0.15 ---- SSDT sphl.sys ZwCreateKey [0xF84140E0] SSDT sphl.sys ZwEnumerateKey [0xF8432CA4] SSDT sphl.sys ZwEnumerateValueKey [0xF8433032] SSDT sphl.sys ZwOpenKey [0xF84140C0] SSDT sphl.sys ZwQueryKey [0xF843310A] SSDT sphl.sys ZwQueryValueKey [0xF8432F8A] SSDT sphl.sys ZwSetValueKey [0xF843319C] INT 0x62 ? 8236CBF8 INT 0x63 ? 822EBF00 INT 0x73 ? 822EBF00 INT 0x73 ? 822EBF00 INT 0x82 ? 8236CBF8 INT 0xA4 ? 822EBF00 INT 0xB4 ? 822EBF00 ---- Kernel code sections - GMER 1.0.15 ---- ? sphl.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F7FBF8AC 5 Bytes JMP 822EB4E0 .text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xF8705280, 0x7B04, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB85AC300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF8835300, 0x1B7E, 0xE8000020] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823DD2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8445C4C] sphl.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8445CA0] sphl.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8415042] sphl.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841513E] sphl.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84150C0] sphl.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8415800] sphl.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84156D6] sphl.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 822EB5E0 IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F87C65B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F87C6430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F87C6690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F87C6690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F87C65B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F87C6430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F87C6430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F87C6690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F87C65B0] mksidsa.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F87C6690] mksidsa.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F87C6430] mksidsa.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F87C65B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F87C65B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F87C6690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F87C6430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F87C6690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F87C65B0] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F87C6690] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F87C6430] mksidsa.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F87C65B0] mksidsa.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8236B1F8 AttachedDevice \Driver\Tcpip \Device\Ip mksfwallt.sys Device \Driver\usbuhci \Device\USBPDO-0 8234C1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 823DB1F8 Device \Driver\dmio \Device\DmControl\DmConfig 823DB1F8 Device \Driver\dmio \Device\DmControl\DmPnP 823DB1F8 Device \Driver\dmio \Device\DmControl\DmInfo 823DB1F8 Device \Driver\usbuhci \Device\USBPDO-1 8234C1F8 Device \Driver\usbuhci \Device\USBPDO-2 8234C1F8 Device \Driver\usbuhci \Device\USBPDO-3 8234C1F8 Device \Driver\usbehci \Device\USBPDO-4 822EC500 AttachedDevice \Driver\Tcpip \Device\Tcp mksfwallt.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8236D1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8236D1F8 Device \Driver\Cdrom \Device\CdRom0 822E51F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8367B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F8367B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F8367B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [F8367B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 81ECF1F8 Device \Driver\NetBT \Device\NetbiosSmb 81ECF1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{EBA830AB-907C-4DCA-8334-E772A7B9298D} 81ECF1F8 AttachedDevice \Driver\Tcpip \Device\Udp mksfwallt.sys AttachedDevice \Driver\Tcpip \Device\RawIp mksfwallt.sys Device \Driver\usbuhci \Device\USBFDO-0 8234C1F8 Device \Driver\usbuhci \Device\USBFDO-1 8234C1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81ED9500 Device \Driver\usbuhci \Device\USBFDO-2 8234C1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 81ED9500 Device \Driver\usbuhci \Device\USBFDO-3 8234C1F8 Device \Driver\usbehci \Device\USBFDO-4 822EC500 Device \Driver\Ftdisk \Device\FtControl 8236D1F8 Device \FileSystem\Cdfs \Cdfs 81E8C500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC2 0x88 0x68 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x86 0xFC 0xCC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0xF5 0xC2 0x24 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Hubert\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x37 0xE5 0x30 0xD7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x47 0xF1 0x9D 0xEE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x83 0xF6 0x56 0xB8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0xF5 0xC2 0x24 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC2 0x88 0x68 0x76 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x86 0xFC 0xCC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0xF5 0xC2 0x24 ... ---- EOF - GMER 1.0.15 ----

**Posty:** 2183 · przez **NieWiem** 25 Sie 2010, 11:41

To jest forum o komputerach, a nie dla wróżek. Jasnowidzów też nie mamy na składzie, a z tego co mówisz nie idzie nic wywnioskować.

Zastosuj się do tego poniżej, może wtedy będziemy umieli coś powiedzieć.
obowiazkowe-zasady-wstawiania-logow-wazne-vt117887.html

**Posty:** 6 · przez **Dib** 25 Sie 2010, 17:21

Sorry , że nie wkleiłem od razu logów, ale program był w trakcie sprawdzania dysku, a musiałem odejśc od kompa na dłuższą chwilę to od razu stworzyłem nowy temat , który wczesniej już napisałem, naturalnie z myślą dodania logów jak je tylko będę miał, pozdrawiam i proszę o pomoc. Dodam, że z informatyki jestem trochę słaby i proszę o jakieś uproszczone instrukcje naprawy błędów. :banan:

**Posty:** 12734 · przez **Mikou@j** 25 Sie 2010, 17:32

Nadal brak logów otl.txt i extras.txt :roll:

**Posty:** 6 · przez **Dib** 25 Sie 2010, 18:11

zaraz wrzucę
http://www.wklej.org/id/380986/

Kod: Zaznacz wszystko: OTL logfile created on: 2010-08-25 18:18:36 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 116,00 Mb Available Physical Memory | 23,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,30 Gb Total Space | 7,55 Gb Free Space | 25,78% Space Free | Partition Type: NTFS Drive D: | 45,23 Gb Total Space | 15,52 Gb Free Space | 34,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: X-022A9855914C4 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-08-25 18:17:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-08-24 19:18:57 | 000,054,784 | RHS- | M] ( ) -- C:\Documents and Settings\Administrator\Dane aplikacji\hidserv.exe PRC - [2010-07-23 04:15:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-07-22 01:24:16 | 012,477,024 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2008-11-23 19:03:41 | 000,389,120 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksVirMonSvc.exe PRC - [2008-06-10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-05-24 05:06:00 | 000,570,880 | ---- | M] (MKS Sp. z o. o.) -- C:\Program Files\mks_vir_2007\bin\mksupdate.exe PRC - [2007-05-24 05:06:00 | 000,270,336 | ---- | M] (MKS Sp z o.o.) -- C:\Program Files\mks_vir_2007\bin\MksFwall.exe PRC - [2007-05-24 05:06:00 | 000,253,952 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksPC.exe PRC - [2007-05-15 00:22:22 | 000,035,328 | ---- | M] () -- D:\Hubert\Winamp\winampa.exe PRC - [2006-09-25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2006-08-03 06:12:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2005-09-30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2005-03-19 01:05:00 | 000,100,864 | ---- | M] (FSC ©) -- C:\Program Files\AGC\agc.exe PRC - [2001-10-25 03:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-08-25 18:17:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-03-09 14:49:05 | 000,270,336 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\mks_vir_2007\bin\mks_scan.exe -- (MkS_Scan) SRV - [2008-11-23 19:03:41 | 000,389,120 | ---- | M] () [Auto | Running] -- C:\Program Files\mks_vir_2007\bin\MksVirMonSvc.exe -- (MksVirMonSvc) SRV - [2007-05-24 05:06:00 | 000,570,880 | ---- | M] (MKS Sp. z o. o.) [Auto | Running] -- C:\Program Files\mks_vir_2007\bin\mksupdate.exe -- (MksUpdate) SRV - [2007-05-24 05:06:00 | 000,270,336 | ---- | M] (MKS Sp z o.o.) [Auto | Running] -- C:\Program Files\mks_vir_2007\bin\MksFwall.exe -- (MksFwall) SRV - [2007-05-24 05:06:00 | 000,253,952 | ---- | M] () [Auto | Running] -- C:\Program Files\mks_vir_2007\bin\MksPC.exe -- (MksPC) SRV - [2005-09-30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2001-10-25 03:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys -- (ElbyDelay) DRV - File not found [File_System | On_Demand | Stopped] -- D:\Hubert\Anti Trojan Elite\ATEPMon.sys -- (ATE_PROCMON) DRV - [2009-07-02 13:08:03 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-05-23 01:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone) DRV - [2008-09-27 13:48:41 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32) DRV - [2008-05-14 14:14:21 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Ultra.dll -- (ultra) DRV - [2008-05-02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-01-09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2008-01-03 17:03:47 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2008-01-03 17:03:47 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2007-12-10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) DRV - [2007-12-10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007-12-10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) DRV - [2007-12-10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) DRV - [2007-12-10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007-12-10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007-12-10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM) DRV - [2007-08-13 18:43:32 | 000,385,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\mks_vir_2007\bin\mksmonen.sys -- (MksMonEn) DRV - [2007-05-24 05:06:00 | 000,089,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\mks_vir_2007\bin\mksmonev.sys -- (MksMonEv) DRV - [2007-05-24 05:06:00 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\mks_vir_2007\bin\mksmonfd.sys -- (MksMonFd) DRV - [2007-05-24 05:06:00 | 000,015,360 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\MksFwallt.sys -- (mksfwallt) DRV - [2007-05-24 05:06:00 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\MksFwallf.sys -- (mksfwallf) DRV - [2007-05-24 05:06:00 | 000,011,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\MksIdsf.sys -- (mksidsf) DRV - [2007-05-24 05:06:00 | 000,006,144 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\mksidsa.sys -- (mksidsa) DRV - [2007-04-03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex) DRV - [2007-04-03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) DRV - [2007-04-03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007-04-03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007-04-03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2007-01-31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit) DRV - [2007-01-18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln) DRV - [2006-12-17 04:50:29 | 001,918,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006-09-18 09:59:00 | 000,250,240 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006-08-18 14:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-854245398-1085031214-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = wyborcza.biz/biznes/0,0.html?p=001 IE - HKU\S-1-5-21-854245398-1085031214-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-854245398-1085031214-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/ig?hl=pl" FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.2 FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b2 FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.7.2.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&apn_uid=A55C2E2B-012E-4F6A-8F48-489DC4932451&apn_ptnrs=RY&apn_sauid=18EA8018-9946-47B6-9AC0-D492E612C6C0&apn_dtid=&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-25 11:01:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-25 11:01:07 | 000,000,000 | ---D | M] [2008-08-31 13:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-08-25 00:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions [2010-02-27 21:22:51 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010-08-24 23:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2008-11-04 22:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2) [2010-08-24 23:04:17 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2008-11-04 22:47:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2008-11-04 22:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2008-11-04 22:46:59 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2) [2008-11-04 22:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} [2008-11-04 22:47:00 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}(2) [2010-08-24 23:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\fastdial@telega.phpnet.us [2008-11-04 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\firegestures@xuldev(2).org [2008-11-04 22:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\firegestures@xuldev.org [2010-07-17 11:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\toolbar@ask.com [2010-08-24 19:05:24 | 000,002,555 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\searchplugins\askcom.xml [2009-05-31 19:45:28 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\searchplugins\conduit.xml [2009-07-02 13:11:34 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\searchplugins\daemon-search.xml [2009-01-07 21:27:37 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\searchplugins\userlogos.xml [2010-08-24 23:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-07-23 02:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-23 02:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-07-23 02:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-23 02:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-23 02:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-23 02:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2007-10-02 13:14:52 | 000,000,059 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 212.150.54.250 dv-networks.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Share Accelerator MM Toolbar) - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll (Conduit Ltd.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Share Accelerator MM Toolbar) - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-854245398-1085031214-1801674531-500\..\Toolbar\ShellBrowser: (no name) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - No CLSID value found. O3 - HKU\S-1-5-21-854245398-1085031214-1801674531-500\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-854245398-1085031214-1801674531-500\..\Toolbar\WebBrowser: (Share Accelerator MM Toolbar) - {4596013B-6C31-408B-A266-DEAE5C086DC2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [BearShare] D:\Dominisia\BearShare.exe File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Microsoft Windows Update] File not found O4 - HKLM..\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe (MkS Sp. z o.o.) O4 - HKLM..\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe (MKS Sp z o.o.) O4 - HKLM..\Run: [MSN] C:\WINDOWS\System32\ToolbarNotifiers.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Systemappl] File not found O4 - HKLM..\Run: [WinampAgent] D:\Hubert\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Update System] C:\Documents and Settings\Administrator\Dane aplikacji\hidserv.exe ( ) O4 - HKLM..\Run: [WinXPService] C:\WINDOWS\ie7\kav.com File not found O4 - HKU\.DEFAULT..\Run: [Microsoft Windows Update] File not found O4 - HKU\S-1-5-18..\Run: [Microsoft Windows Update] File not found O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [AlcoholAutomount] D:\Hubert\Alcohol 120\axcmd.exe File not found O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [ares] D:\Dominisia\Ares\Ares.exe File not found O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Microsoft Windows Update] File not found O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Prec] D:\Dominiki ;D\Prec\PrecStarter.exe File not found O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Steam] D:\Hubert\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Systemappl] C:\Documents and Settings\Administrator\Dane aplikacji\cscss.exe File not found O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Windows Update System] C:\Documents and Settings\Administrator\Dane aplikacji\hidserv.exe ( ) O4 - HKU\.DEFAULT..\RunOnce: [Microsoft Windows Update] File not found O4 - HKU\S-1-5-18..\RunOnce: [Microsoft Windows Update] File not found O4 - HKLM..\RunServices: [Microsoft Windows Update] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AGC.lnk = C:\Program Files\AGC\agc.exe (FSC ©) O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-854245398-1085031214-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-854245398-1085031214-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll () O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-854245398-1085031214-1801674531-500 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-03-05 13:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{13727139-5954-11dd-a21f-000d61edf7e8}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe O33 - MountPoints2\{13727139-5954-11dd-a21f-000d61edf7e8}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe O33 - MountPoints2\{43431123-f62c-11de-a66f-000d61edf7e8}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{43431123-f62c-11de-a66f-000d61edf7e8}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{5a4190ec-091e-11dc-a798-000d61edf7e8}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{5a4190ec-091e-11dc-a798-000d61edf7e8}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{5a4190ed-091e-11dc-a798-000d61edf7e8}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{5a4190ed-091e-11dc-a798-000d61edf7e8}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{65a645e6-cd07-11dd-a34c-000d61edf7e8}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{65a645e6-cd07-11dd-a34c-000d61edf7e8}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{b4e71aee-7dfc-11de-a5a5-000d61edf7e8}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{b4e71aee-7dfc-11de-a5a5-000d61edf7e8}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found O33 - MountPoints2\{f8483586-6b99-11de-a575-000d61edf7e8}\Shell\AutoRun\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found O33 - MountPoints2\{f8483586-6b99-11de-a575-000d61edf7e8}\Shell\open\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-08-25 17:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-08-25 17:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2010-08-25 01:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb [2010-08-24 23:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-08-24 23:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010-08-24 22:57:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\recover [2010-08-24 22:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-08-24 22:32:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010-08-24 22:32:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010-08-24 22:32:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010-08-24 19:10:13 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010-08-24 18:41:21 | 009,282,256 | ---- | C] (Mozilla) -- C:\Documents and Settings\Administrator\Pulpit\Firefox Setup 3.6.8.exe [2010-08-24 17:51:26 | 000,054,784 | RHS- | C] ( ) -- C:\Documents and Settings\Administrator\Dane aplikacji\hidserv.exe [2010-05-28 08:16:10 | 000,168,033 | ---- | C] (WORKGROUP) -- C:\Documents and Settings\Administrator\Dane aplikacji\File1.exe [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-08-25 18:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010-08-25 17:12:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-25 17:12:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-25 17:12:18 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2010-08-25 11:01:16 | 000,050,533 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\qghumeaylnlfdxfircvs85.exe [2010-08-25 11:01:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-08-25 10:32:13 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-08-25 10:25:34 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-08-25 01:04:15 | 048,696,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-08-25 00:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-08-25 00:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010-08-25 00:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-08-25 00:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-08-25 00:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-08-25 00:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-08-25 00:11:14 | 000,000,309 | ---- | M] () -- C:\Find_Target.vbs [2010-08-25 00:08:47 | 000,000,719 | ---- | M] () -- C:\Find_Target.bat [2010-08-25 00:01:40 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-08-25 00:01:35 | 000,982,510 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-25 00:01:35 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-25 00:01:35 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-25 00:01:35 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-25 00:01:35 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-24 22:11:59 | 001,588,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\SteamInstall.msi [2010-08-24 19:18:57 | 000,054,784 | RHS- | M] ( ) -- C:\Documents and Settings\Administrator\Dane aplikacji\hidserv.exe [2010-08-24 18:41:22 | 009,282,256 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Pulpit\Firefox Setup 3.6.8.exe [2010-08-24 17:40:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-25 11:00:58 | 000,050,533 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\qghumeaylnlfdxfircvs85.exe [2010-08-25 01:04:14 | 048,696,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-08-25 00:09:34 | 000,000,309 | ---- | C] () -- C:\Find_Target.vbs [2010-08-25 00:08:33 | 000,000,719 | ---- | C] () -- C:\Find_Target.bat [2010-08-24 22:14:43 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-08-24 22:11:51 | 001,588,224 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\SteamInstall.msi [2010-08-24 18:06:32 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-03-25 20:22:32 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Twilight.ini [2008-11-23 18:58:44 | 000,000,270 | ---- | C] () -- C:\WINDOWS\{6ECB6EE7-DF64-4F26-9273-9525FC11A417}_WiseFW.ini [2008-09-27 13:48:41 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2008-07-23 10:12:25 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TMASTER.INI [2008-06-08 14:00:19 | 000,000,154 | ---- | C] () -- C:\WINDOWS\mistrz.ini [2008-05-14 14:14:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll [2008-01-27 17:15:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008-01-03 17:03:47 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008-01-03 17:03:47 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007-11-16 00:59:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2007-10-03 19:56:08 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007-10-03 19:56:08 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys [2007-10-02 15:03:35 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007-07-16 19:32:58 | 000,000,241 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI [2007-05-24 05:06:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\MksFwallt.sys [2007-05-24 05:06:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\MksFwallf.sys [2007-05-24 05:06:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\MksIdsf.sys [2007-05-24 05:06:00 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\MksIdsa.sys [2007-04-24 16:17:07 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2007-03-11 18:59:09 | 000,299,008 | R--- | C] () -- C:\Program Files\Yupi.exe [2007-03-11 18:51:05 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-03-06 21:21:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-03-05 15:34:36 | 000,179,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-03-05 15:34:32 | 000,001,103 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2007-03-05 15:20:03 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2007-03-05 15:19:54 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007-03-05 13:53:28 | 000,001,695 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2007-03-05 13:50:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2007-03-05 13:50:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2007-03-05 13:50:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2007-03-05 13:50:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2007-03-05 13:50:24 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2007-03-05 13:50:23 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2006-06-02 00:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006-06-02 00:06:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2005-08-30 01:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll [2005-08-30 01:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\rgss102e.dll [2005-08-30 01:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll [1998-10-11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [color=#E56717]========== LOP Check ==========[/color] [2010-01-04 23:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Azureus [2009-12-05 17:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Canneverbe_Limited [2009-07-02 13:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite [2008-11-05 22:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ESET [2007-09-10 14:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu [2009-12-19 15:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10 [2009-10-10 16:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GanymedeNet [2009-10-11 12:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0 [2007-10-23 14:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\NetMedia Providers [2009-05-27 19:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu [2010-01-01 21:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM [2007-10-23 14:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Publish Providers [2008-01-15 23:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SecondLife [2007-10-02 13:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ShoppingReport [2007-10-23 14:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sony [2008-01-03 17:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus [2009-12-05 17:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2009-07-02 13:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2009-07-02 16:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-08-25 17:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-01-01 21:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-01-08 22:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru [2009-06-24 19:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010-08-25 18:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 2183 · przez **NieWiem** 25 Sie 2010, 20:49

No trochę śmiecia tu jest.

W sumie to bym Ci pomógł, gdyby chciało Ci się przeczytać zasady i wyinstalować wirtualne napędy. Ale jak nie to nie

**Posty:** 6 · przez **Dib** 26 Sie 2010, 01:18

zebym ja tylko wiedział które to to już by ich nie było ;]

**Posty:** 584 · przez **Andziorka** 26 Sie 2010, 07:33

Jakbyś czytał uważnie regulamin działu: http://forum.programosy.pl/obowiazkowe-zasady-wstawiania-logow-wazne-vt117887.html to byś wiedział, że chodzi o 1 punkt.

**Posty:** 6 · przez **Dib** 26 Sie 2010, 10:49

rozumiem, zaraz się tym zajmę, tylko chwilę na tym traktorku to potrwa , bo chodzi jakby miał już niedługo zejśc z tego świata, za problemy przepraszam na przyszłośc postanawiam poprawę :ok:

>edit< po dostosowaniu się do pkt 1 program sprawdzajacy logi sypie się i zamyka podczas pracy , do tego po najechaniu na ikonki uruchomionych programow na pasku (kolo godziny - np antyvirus), programy zamykają się. postaram się jeszcze raz sprawdzic logi przy zamknietych absolutnie wszystkich zbednych programach, do odbioru

Dodano Dzisiaj, 12:13:
Niestety nie jestem w stanie sprawdzic teraz logów, program wyłącza się po pewnym czasie pracy i nawet znika plik z instalką, skanowałem kompa dr Web CureIt!, co prawda po pełnym skanie znalazło trochę syfu ale niestety nie usprawniło to pracy tego pudła, może mi ktoś doradzic co w zaistniałej sytuacji mogę zrobic, zalezy mi na tym zeby nie przeinstalowywac systemu, pozdrawiam! :ok:

**Posty:** 18165 · przez **wojtas** 28 Sie 2010, 01:04

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&apn_uid=A55C2E2B-012E-4F6A-8F48-489DC4932451&apn_ptnrs=RY&apn_sauid=18EA8018-9946-47B6-9AC0-D492E612C6C0&apn_dtid=&q="
O2 - BHO: (Share Accelerator MM Toolbar) - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Share Accelerator MM Toolbar) - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-854245398-1085031214-1801674531-500\..\Toolbar\ShellBrowser: (no name) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1085031214-1801674531-500\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-854245398-1085031214-1801674531-500\..\Toolbar\WebBrowser: (Share Accelerator MM Toolbar) - {4596013B-6C31-408B-A266-DEAE5C086DC2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BearShare] D:\Dominisia\BearShare.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Windows Update] File not found
O4 - HKLM..\Run: [MSN] C:\WINDOWS\System32\ToolbarNotifiers.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [Systemappl] File not found
O4 - HKLM..\Run: [Windows Update System] C:\Documents and Settings\Administrator\Dane aplikacji\hidserv.exe ( )
O4 - HKLM..\Run: [WinXPService] C:\WINDOWS\ie7\kav.com File not found
O4 - HKU\.DEFAULT..\Run: [Microsoft Windows Update] File not found
O4 - HKU\S-1-5-18..\Run: [Microsoft Windows Update] File not found
O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [AlcoholAutomount] D:\Hubert\Alcohol 120\axcmd.exe File not found
O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [ares] D:\Dominisia\Ares\Ares.exe File not found
O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Microsoft Windows Update] File not found
O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Prec] D:\Dominiki ;D\Prec\PrecStarter.exe File not found
O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Systemappl] C:\Documents and Settings\Administrator\Dane aplikacji\cscss.exe File not found
O4 - HKU\S-1-5-21-854245398-1085031214-1801674531-500..\Run: [Windows Update System] C:\Documents and Settings\Administrator\Dane aplikacji\hidserv.exe ( )
O4 - HKU\.DEFAULT..\RunOnce: [Microsoft Windows Update] File not found
O4 - HKU\S-1-5-18..\RunOnce: [Microsoft Windows Update] File not found
O4 - HKLM..\RunServices: [Microsoft Windows Update] File not found
O33 - MountPoints2\{13727139-5954-11dd-a21f-000d61edf7e8}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O33 - MountPoints2\{13727139-5954-11dd-a21f-000d61edf7e8}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O33 - MountPoints2\{43431123-f62c-11de-a66f-000d61edf7e8}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{43431123-f62c-11de-a66f-000d61edf7e8}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{5a4190ec-091e-11dc-a798-000d61edf7e8}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{5a4190ec-091e-11dc-a798-000d61edf7e8}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{5a4190ed-091e-11dc-a798-000d61edf7e8}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{5a4190ed-091e-11dc-a798-000d61edf7e8}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{65a645e6-cd07-11dd-a34c-000d61edf7e8}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{65a645e6-cd07-11dd-a34c-000d61edf7e8}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{b4e71aee-7dfc-11de-a5a5-000d61edf7e8}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{b4e71aee-7dfc-11de-a5a5-000d61edf7e8}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\Drive.exe -- File not found
O33 - MountPoints2\{f8483586-6b99-11de-a575-000d61edf7e8}\Shell\AutoRun\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found
O33 - MountPoints2\{f8483586-6b99-11de-a575-000d61edf7e8}\Shell\open\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found

:Files
C:\Documents and Settings\Administrator\Dane aplikacji\hidserv.exe
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}(2)
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\extensions\toolbar@ask.com
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\searchplugins\askcom.xml
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\searchplugins\conduit.xml
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\searchplugins\daemon-search.xml
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cm4u20c0.default\searchplugins\userlogos.xml
C:\Program Files\Share_Accelerator_MM
C:\Program Files\DAEMON Tools Toolbar
C:\Documents and Settings\Administrator\Dane aplikacji\File1.exe
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\Program Files\Yupi.exe
C:\Documents and Settings\Administrator\Dane aplikacji\ShoppingReport
C:\Documents and Settings\All Users\Dane aplikacji\Wru
C:\Documents and Settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe"=-
"D:\Dominiki ;D\Wru\Wru.exe"
"C:\Documents and Settings\Administrator\test.exe"=-
"C:\Documents and Settings\Administrator\winlogin.exe"=-
"C:\Documents and Settings\Administrator\sx1.exe"=-
"C:\WINDOWS\system32\apps.exe"=-
"Windows Update System"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt [b]oraz raport z czyszczenia komputera

**Posty:** 6 · przez **Dib** 06 Wrz 2010, 10:58

System zacina się w czasie wykonywania skryptu, przy starcie wyskakuje komunikat, że brakuje pamięci wirtualnej, jest coraz gorzej, czasami sam się wyłącza, co mogę zrobić ? pomocy! :oops:

**Posty:** 2183 · przez **NieWiem** 06 Wrz 2010, 11:01

Trzeba wziąć większego młotka w takim razie.

Zamknij wszystko nad czym aktualnie pracujesz, także wyłącz swój program antywirusowy, zaporę, programy antyspyware. To ważne. Jak to zrobić, opisane tutaj.

Pamiętaj także o wyinstalowaniu wirtualnych napędów i usunięciu ich sterownika: klik

Pobierz ComboFixa od sUBs'a:
stąd lub stąd

ZANIM UŻYJESZ - Przeczytaj dokładnie jego instrukcję:
http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

Zalecam instalowanie Konsoli Odzyskiwania (XP, 2000), lub zaopatrzenie się w płytę WinRE (Vista, Se7en). Mimo wszystko ComboFix nie jest doskonały.

Przeklej na forum wyniki pracy narzędzia. Będą automatycznie otwarte w notatniku, znajdziesz je także w pliku C:\ComboFix.txt

Kto jest na forum