[problem][log]brak procesu explorer.exe (brak startu/pulpitu

**Posty:** 54 · przez **szatan15** 26 Cze 2009, 17:52

Mam poważny problem od wczoraj od kąd zainstalowałem acelerator pobierania Fresh Download komputer często się wiesza lub samemu nagle wyłącza i włącza podejrzewam że przyczyną jest owy program jednak co do moich potrzeb to jest on aktualnie najlepszy ponieważ nie zwalnia systemu przy pobieraniu z ftp pełnym łączem dlatego też nie chciałbym z niego rezygnowac bo prubowałem już wielu tzn internet download menager, flash get, download accelerator plus każdy w kilku wersjach i albo mi strasznie zwalniały komputer albo miały problemy z pobieraniem kolejką albo nie wznawiały połączeń... fresh download działa za to bez zarzutu jednak komputer coś sie resetuje... poniżej daje kilka logów

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:45:46, on 2009-06-26 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\WScript.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing) O2 - BHO: (no name) - {206e52e0-d52e-11d4-ad54-0000e86c26f6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll O2 - BHO: FGCatchUrl - {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: My Global Search Bar BHO - {37b85a21-692b-4205-9cad-2626e4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreshDownload] "C:\Program Files\FreshDevices\FreshDownload\FD.EXE" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: rncsys32.exe O4 - Global Startup: icwsetup.exe O8 - Extra context menu item: &pobierz wszystko przez flashget - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &pobrane przez flashget - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: &Ściągnij przy pomocy flashget'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy flashget'a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: FreshDownload - {793519b5-cad5-479f-94f2-8c8e833dc589} - C:\Program Files\FreshDevices\FreshDownload\fd.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 5733 bytes

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "FreshDownload" = ""C:\Program Files\FreshDevices\FreshDownload\FD.EXE"" ["FreshDevices Corp."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Internet Connection Wizard Setup Tool" = "C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe" ["http://www.softella.com/"] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {206e52e0-d52e-11d4-ad54-0000e86c26f6}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll" ["FreshDevices Corp."] {2f364306-aa45-47b5-9f9d-39a8b94e7ef7}\(Default) = (no title provided) -> {HKLM...CLSID} = "FGCatchUrl" \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"] {37b85a21-692b-4205-9cad-2626e4993404}\(Default) = (no title provided) -> {HKLM...CLSID} = "My Global Search Bar BHO" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"] {72853161-30c5-4d22-b7f9-0bbc1d38a37e}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] {bf00e119-21a3-4fd1-b178-3b8537e75c92}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeMonitorBho Class" \InProcServer32\(Default) = "C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll" [file not found] {dbc80044-a445-435b-bc74-9c25c1c588a9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {e7e6f031-17ce-4c07-bc86-eabfe594f69c}\(Default) = (no title provided) -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] {f156768e-81ef-470c-9057-481ba8380dba}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashGet GetFlash Class" \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{71A466B0-65CC-4B41-9043-6090F2C830D3}" = "QCD IconHandler" -> {HKLM...CLSID} = "QIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Quintessential Media Player\QMPShell.dll" [file not found] "{71A068F3-2DC9-438D-8944-6B4FF540D2F5}" = "QCD ContextMenu" -> {HKLM...CLSID} = "QContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Quintessential Media Player\QMPShell.dll" [file not found] "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{97F6E51A-2934-4297-B06C-1CCCA326C5E6}" = "Find Target 2" -> {HKLM...CLSID} = "SHFindTarget Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\MediaLibraryNSE.dll" [empty string] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ "LowRiskFileTypes" = (REG_SZ) .exe;.EXE; {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ "SaveZoneInformation" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\WYGASZ~2.SCR" (wygaszacz zima.scr) ["ScreenTime Media"] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" [file not found] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" [file not found] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" [file not found] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" [file not found] NeroAutoPlayEmptyCD\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay" "InvokeVerb" = "EmptyCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L" [file not found] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" [file not found] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" [file not found] Startup items in "XP" & "All Users" startup folders: ---------------------------------------------------- C:\Documents and Settings\XP\Menu Start\Programy\Autostart <<!>> "rncsys32.exe" ["Ptxalay Buhqjsjmnub"] C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts <<!>> "icwsetup.exe" ["http://www.softella.com/"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\idmmbc.dll ["Tonec Inc."], 01 - 06, 12 %SystemRoot%\system32\mswsock.dll [MS], 07 - 09, 13 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{37B85A29-692B-4205-9CAD-2626E4993404}" -> {HKLM...CLSID} = "My Global Search Bar" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided) -> {HKLM...CLSID} = "My Global Search Bar" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"] "{ED0E8CA5-42FB-4B18-997B-769E0408E79D}" = "FreshDownload Bar" -> {HKLM...CLSID} = "FreshDownload Bar" \InProcServer32\(Default) = "C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll" ["FreshDevices Corp."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {793519B5-CAD5-479F-94F2-8C8E833DC589}\ "ButtonText" = "FreshDownload" "Exec" = "C:\Program Files\FreshDevices\FreshDownload\fd.exe" ["FreshDevices Corp."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "FlashGet" "Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{F4F10C1D-87C7-404A-B4B3-000000000000}" = (no title provided) -> {HKLM...CLSID} = "SrchHook Class" \InProcServer32\(Default) = "C:\PROGRA~1\DAP\SBSearch.dll" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] Usługa Pomocnik IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]} Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2009-06-26 17:45:07) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 107 seconds, including 9 seconds for message boxes)

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by XP at 2009-06-26 17:51:15 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 2 GB (6%) free of 39 GB Total RAM: 1022 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:51:16, on 2009-06-26 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\XP\Pulpit\RSIT.exe C:\Program Files\Trend Micro\HijackThis\XP.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing) O2 - BHO: (no name) - {206e52e0-d52e-11d4-ad54-0000e86c26f6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll O2 - BHO: FGCatchUrl - {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: My Global Search Bar BHO - {37b85a21-692b-4205-9cad-2626e4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreshDownload] "C:\Program Files\FreshDevices\FreshDownload\FD.EXE" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: rncsys32.exe O4 - Global Startup: icwsetup.exe O8 - Extra context menu item: &pobierz wszystko przez flashget - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &pobrane przez flashget - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: &Ściągnij przy pomocy flashget'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy flashget'a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: FreshDownload - {793519b5-cad5-479f-94f2-8c8e833dc589} - C:\Program Files\FreshDevices\FreshDownload\fd.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 5794 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{206e52e0-d52e-11d4-ad54-0000e86c26f6}] C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll [2007-04-25 452608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7}] FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404}] My Global Search Bar BHO - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL [2009-06-02 225280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30c5-4d22-b7f9-0bbc1d38a37e}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}] IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-07 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-07 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f156768e-81ef-470c-9057-481ba8380dba}] FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {37B85A29-692B-4205-9CAD-2626E4993404} - My Global Search Bar - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL [2009-06-02 225280] {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - FreshDownload Bar - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll [2009-06-15 685568] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Internet Connection Wizard Setup Tool"=C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe [2009-06-19 19968] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "FreshDownload"=C:\Program Files\FreshDevices\FreshDownload\FD.EXE [2009-06-15 3152904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe -h [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] C:\Program Files\BearShare Test\BearShare.exe /pause [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-02-06 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flashget] C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe /min [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoD] C:\Documents and Settings\XP\Moje dokumenty\GoD\GoD.exe /tray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\groovemonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe [2003-04-06 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idman] C:\Program Files\Internet Download Manager\IDMan.exe [2009-05-27 2815408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\System32\igfxtray.exe [2003-04-06 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internet connection wizard setup tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe [2009-06-19 19968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!] C:\Program Files\ipla\ipla.exe [2009-05-12 3955096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-02-16 9302632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-07 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^application data^microsoft^shortcuts^icwsetup.exe] C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe [2009-06-19 19968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^xp^menu start^programy^autostart^rncsys32.exe] C:\Documents and Settings\XP\Menu Start\Programy\Autostart\rncsys32.exe [2008-04-14 29184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^xp^menu start^programy^autostart^tworzenie wycinków ekranu i uruchamianie programu onenote 2007.lnk] C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632] C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts icwsetup.exe C:\Documents and Settings\XP\Menu Start\Programy\Autostart rncsys32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\csmania.eu\Condition Zero csmania.eu\Condition Zero\hl.exe"="C:\Program Files\csmania.eu\Condition Zero csmania.eu\Condition Zero\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\XP\Pulpit\utorrent(2).exe"="C:\Documents and Settings\XP\Pulpit\utorrent(2).exe:*:Enabled:µTorrent" "C:\Documents and Settings\XP\Pulpit\utorrent.exe"="C:\Documents and Settings\XP\Pulpit\utorrent.exe:*:Enabled:µTorrent" "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-06-26 17:51:15 ----D---- C:\rsit 2009-06-26 17:44:53 ----D---- C:\Program Files\Trend Micro 2009-06-26 17:44:25 ----A---- C:\WINDOWS\_MSRSTRT.EXE 2009-06-25 23:39:39 ----D---- C:\WINDOWS\Desktop 2009-06-25 23:39:05 ----D---- C:\Program Files\FreshDevices 2009-06-25 16:49:34 ----D---- C:\Program Files\FlashGet 2009-06-24 18:23:12 ----D---- C:\Downloads 2009-06-24 18:17:57 ----D---- C:\Program Files\FlashGet Network 2009-06-22 12:52:18 ----D---- C:\Program Files\Gabest 2009-06-22 12:08:14 ----D---- C:\Documents and Settings\XP\Dane aplikacji\Aegisub 2009-06-22 12:07:14 ----D---- C:\Program Files\Aegisub 2009-06-21 11:03:02 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2009-06-21 11:02:44 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit 2009-06-21 11:02:33 ----D---- C:\Program Files\DAP 2009-06-10 22:14:06 ----D---- C:\Documents and Settings\XP\Dane aplikacji\Ahead 2009-06-10 19:08:04 ----D---- C:\Program Files\Metin2_PL 2009-06-08 11:19:41 ----D---- C:\Program Files\VirtualDubMod 2009-06-08 08:34:30 ----D---- C:\Setup 2009-06-08 08:34:30 ----D---- C:\Redist 2009-06-08 08:34:30 ----D---- C:\Program Files\Nero 2009-06-08 08:34:30 ----D---- C:\Cab 2009-06-07 07:36:29 ----D---- C:\Program Files\Gadu-Gadu 2009-06-07 07:33:17 ----D---- C:\haker 2009-06-07 07:31:10 ----A---- C:\sd.txt 2009-06-07 07:31:09 ----A---- C:\dfsfdfsff.txt 2009-06-07 07:31:08 ----A---- C:\hhbhh.txt 2009-06-07 07:31:07 ----A---- C:\anime szukam.txt 2009-06-07 07:31:06 ----A---- C:\szukam.txt 2009-06-07 07:31:05 ----A---- C:\gryps2.txt 2009-06-07 07:30:34 ----A---- C:\anime.txt 2009-06-07 07:30:31 ----A---- C:\bajki.txt 2009-06-07 07:29:29 ----A---- C:\spis.txt 2009-06-07 07:29:15 ----A---- C:\trigun.txt 2009-06-06 20:28:28 ----D---- C:\Documents and Settings\XP\Dane aplikacji\uTorrent 2009-06-06 19:46:07 ----D---- C:\Program Files\MKVtoolnix 2009-06-05 16:49:50 ----D---- C:\Documents and Settings\XP\Dane aplikacji\IDM 2009-06-05 16:14:35 ----HD---- C:\WINDOWS\PIF 2009-06-05 03:14:43 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-06-05 03:14:42 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-06-05 03:14:42 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-06-05 03:14:40 ----A---- C:\WINDOWS\system32\divx.dll 2009-06-05 03:14:37 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-06-05 03:14:37 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-06-05 03:14:34 ----A---- C:\WINDOWS\system32\pthreadGC2.dll 2009-06-04 22:40:00 ----D---- C:\Program Files\Combined Community Codec Pack 2009-06-04 19:20:50 ----A---- C:\WINDOWS\IDMan.INI 2009-06-04 19:19:15 ----D---- C:\Documents and Settings\XP\Dane aplikacji\DMCache 2009-06-04 19:19:12 ----D---- C:\Program Files\Internet Download Manager 2009-06-04 18:58:49 ----D---- C:\Documents and Settings\XP\Dane aplikacji\BITS 2009-06-04 18:58:40 ----D---- C:\profiles 2009-06-02 18:34:28 ----D---- C:\Program Files\MyGlobalSearch 2009-05-31 14:32:41 ----D---- C:\WINDOWS\wygaszacz zima dir 2009-05-31 14:32:13 ----D---- C:\WINDOWS\wygaszacz_luty_v2 dir 2009-05-31 14:32:13 ----A---- C:\WINDOWS\impborl.dll 2009-05-30 19:24:08 ----D---- C:\Documents and Settings\XP\Dane aplikacji\Canon 2009-05-30 19:23:58 ----D---- C:\Documents and Settings\XP\Dane aplikacji\ArcSoft 2009-05-30 19:10:58 ----D---- C:\Documents and Settings\XP\Dane aplikacji\ScanSoft 2009-05-30 19:10:57 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SSScanWizard 2009-05-30 19:10:57 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SSScanAppDataDir 2009-05-30 19:10:56 ----A---- C:\WINDOWS\MAXLINK.INI 2009-05-30 19:10:47 ----D---- C:\Program Files\Common Files\ScanSoft Shared 2009-05-30 19:10:28 ----D---- C:\Program Files\ScanSoft 2009-05-30 19:09:31 ----D---- C:\Program Files\Canon 2009-05-30 19:09:14 ----A---- C:\WINDOWS\system32\TWAIN_32.DLL 2009-05-30 19:09:13 ----A---- C:\WINDOWS\system32\PCDLIB32.DLL 2009-05-30 19:08:48 ----A---- C:\WINDOWS\pcdlib32.dll 2009-05-30 19:08:38 ----D---- C:\Program Files\ArcSoft 2009-05-30 19:07:39 ----A---- C:\WINDOWS\system32\UCS32P.DLL 2009-05-30 19:07:38 ----HD---- C:\CanoScan 2009-05-30 19:07:38 ----A---- C:\WINDOWS\system32\CNQU83.DLL 2009-05-30 19:07:38 ----A---- C:\WINDOWS\system32\CNQL1209.DLL 2009-05-30 19:07:38 ----A---- C:\WINDOWS\system32\CNQA1209.DLL 2009-05-27 17:44:37 ----D---- C:\Program Files\Microsoft Silverlight ======List of files/folders modified in the last 1 months====== 2009-06-26 17:45:00 ----D---- C:\Program Files\Mozilla Firefox 2009-06-26 17:44:53 ----RD---- C:\Program Files 2009-06-26 17:44:25 ----D---- C:\WINDOWS 2009-06-26 17:41:53 ----D---- C:\WINDOWS\system32 2009-06-26 17:40:17 ----A---- C:\WINDOWS\wincmd.ini 2009-06-26 17:38:44 ----D---- C:\WINDOWS\Temp 2009-06-26 17:15:33 ----RASH---- C:\boot.ini 2009-06-26 17:15:33 ----A---- C:\WINDOWS\win.ini 2009-06-26 17:15:33 ----A---- C:\WINDOWS\system.ini 2009-06-26 14:23:35 ----D---- C:\WINDOWS\system32\CatRoot2 2009-06-26 12:24:35 ----D---- C:\WINDOWS\Minidump 2009-06-26 05:44:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-25 18:41:12 ----D---- C:\WINDOWS\Prefetch 2009-06-25 02:54:08 ----D---- C:\WINDOWS\pss 2009-06-24 20:28:31 ----D---- C:\Documents and Settings\XP\Dane aplikacji\foobar2000 2009-06-22 18:25:13 ----A---- C:\WINDOWS\wcx_ftp.ini 2009-06-22 12:48:55 ----A---- C:\WINDOWS\NeroDigital.ini 2009-06-22 12:07:59 ----SHD---- C:\WINDOWS\Installer 2009-06-22 12:07:58 ----D---- C:\WINDOWS\WinSxS 2009-06-16 14:49:02 ----D---- C:\WINDOWS\system32\drivers 2009-06-16 14:48:54 ----HD---- C:\WINDOWS\inf 2009-06-10 17:29:57 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-06-10 15:34:33 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-06-10 10:54:04 ----D---- C:\Program Files\PowerISO 2009-06-10 10:52:30 ----D---- C:\Program Files\Movie Maker 2009-06-10 10:51:10 ----D---- C:\Program Files\Adobe 2009-06-10 10:49:46 ----D---- C:\my downloads 2009-06-08 10:46:32 ----D---- C:\muza 2009-06-08 08:35:46 ----SD---- C:\Documents and Settings\XP\Dane aplikacji\Microsoft 2009-06-08 08:35:03 ----D---- C:\Program Files\Common Files\Ahead 2009-06-07 02:05:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-06-07 02:04:27 ----D---- C:\WINDOWS\security 2009-06-06 15:51:17 ----D---- C:\Documents and Settings\XP\Dane aplikacji\Nowe Gadu-Gadu 2009-06-04 20:22:45 ----HD---- C:\Program Files\InstallShield Installation Information 2009-05-31 00:49:44 ----D---- C:\Documents and Settings\XP\Dane aplikacji\Adobe 2009-05-31 00:31:54 ----D---- C:\Program Files\Common Files\Adobe 2009-05-30 19:21:08 ----D---- C:\WINDOWS\twain_32 2009-05-30 19:10:47 ----D---- C:\Program Files\Common Files 2009-05-30 12:58:49 ----D---- C:\Documents and Settings\XP\Dane aplikacji\ipla ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268] R1 Tcpip6;Sterownik protokołu IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-14 225664] R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032] R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504] R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-05-01 743367] R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976] R3 tunmp;Sterownik karty Microsoft Tun Miniport; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] S1 a7a6279a;a7a6279a; C:\WINDOWS\System32\drivers\a7a6279a.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys [] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys [] S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys [] S3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Usługa Pomocnik IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-07 152984] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------

**Posty:** 18165 · przez **wojtas** 26 Cze 2009, 18:34

Pobierz OTL i daj z niego loga

**Posty:** 54 · przez **szatan15** 26 Cze 2009, 18:37

Kod: Zaznacz wszystko: OTL logfile created on: 2009-06-26 18:07:46 - Run 1 OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\XP\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,48 Mb Total Physical Memory | 511,68 Mb Available Physical Memory | 50,04% Memory free 2,40 Gb Paging File | 2,04 Gb Available in Paging File | 84,81% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38,16 Gb Total Space | 2,36 Gb Free Space | 6,18% Space Free | Partition Type: NTFS Drive D: | 4,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 4,65 Gb Total Space | 0,59 Gb Free Space | 12,67% Space Free | Partition Type: NTFS Drive F: | 4,88 Gb Total Space | 1,81 Gb Free Space | 37,05% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XP-OLMWF7U33DFU Current User Name: XP Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-05-07 11:18:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2005-01-28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2008-08-08 07:04:10 | 01,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE PRC - [2009-06-13 09:32:56 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-04-14 22:51:20 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-06-26 18:01:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-04-14 22:49:54 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running]) SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-05-07 11:18:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2005-01-28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-06-26 12:47:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\a7a6279a.sys -- (a7a6279a [System | Stopped]) DRV - [2003-05-01 12:08:52 | 00,743,367 | ---- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand | Running]) DRV - [2008-04-14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2003-04-15 04:39:46 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2002-10-04 04:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS -- (rtl8139 [On_Demand | Running]) DRV - [2009-03-15 12:25:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2008-04-14 00:30:04 | 00,225,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running]) DRV - [2003-04-15 04:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) DRV - [2003-04-15 04:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ IE - URLSearchHook: {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official" FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - prefs.js..keyword.URL: "http://search.speedbit.com/searchresults.asp?src=default&q=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-07 11:18:44 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\mozilla firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-24 21:59:26 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\mozilla firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-13 09:33:06 | 00,000,000 | ---D | M] [2009-05-06 23:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\mozilla\Extensions [2009-05-06 23:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-06-26 17:55:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\mozilla\Firefox\Profiles\dsackb59.default\extensions [2009-06-04 18:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\mozilla\Firefox\Profiles\dsackb59.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009-06-26 17:55:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-06-13 09:33:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-05-07 11:18:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-06-13 09:32:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-06-13 09:32:55 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-05-07 11:18:44 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2007-03-27 09:48:51 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007-03-27 09:49:32 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-06-02 18:34:28 | 00,024,576 | ---- | M] (My Global Search) -- C:\Program Files\mozilla firefox\plugins\NPMyGlSh.dll [2009-06-13 09:32:58 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2003-05-15 10:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-09-10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: () - {206e52e0-d52e-11d4-ad54-0000e86c26f6} - C:\Program Files\FreshDevices\FreshDownload\fdcatch.dll (FreshDevices Corp.) O2 - BHO: (FGCatchUrl) - {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (My Global Search Bar BHO) - {37b85a21-692b-4205-9cad-2626e4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (FlashGet GetFlash Class) - {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Program Files\FreshDevices\FreshDownload\fdiebar.dll (FreshDevices Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O4 - HKLM..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe (http://www.softella.com/) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKCU..\Run: [FreshDownload] C:\Program Files\FreshDevices\FreshDownload\FD.EXE (FreshDevices Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &pobierz wszystko przez flashget - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm File not found O8 - Extra context menu item: &pobrane przez flashget - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm File not found O8 - Extra context menu item: &Ściągnij przy pomocy flashget'a - C:\Program Files\FlashGet\jc_link.htm () O8 - Extra context menu item: &Ściągnij wszystko przy pomocy flashget'a - C:\Program Files\FlashGet\jc_all.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm () O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: FreshDownload - {793519b5-cad5-479f-94f2-8c8e833dc589} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (FreshDevices Corp.) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.113.224.35 217.113.224.36 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-05-01 19:04:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-02-27 20:29:03 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [4 C:\WINDOWS\*.tmp files] [2009-06-26 18:01:07 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe [2009-06-26 17:54:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2009-06-26 17:54:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2009-06-26 17:44:54 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\HijackThis.lnk [2009-06-26 17:44:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-06-26 17:44:25 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE [2009-06-26 17:43:41 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\XP\Pulpit\HJTInstall.exe [2009-06-26 00:42:33 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\s131.xls [2009-06-25 23:39:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Desktop [2009-06-25 23:39:07 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\FreshDownload.lnk [2009-06-25 23:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\FreshDevices [2009-06-25 23:38:33 | 02,129,325 | ---- | C] ( ) -- C:\Documents and Settings\XP\Pulpit\freshdow.exe [2009-06-25 18:30:44 | 00,000,162 | ---- | C] () -- C:\Documents and Settings\XP\Moje dokumenty\flash.lst [2009-06-25 16:49:41 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\FlashGet.lnk [2009-06-25 16:49:34 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet [2009-06-25 16:29:54 | 04,653,240 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\flashget196(DobrePliki.pl).exe [2009-06-24 18:32:35 | 00,114,230 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\FGXL_SPOL_(www.programs.pl).exe [2009-06-24 18:23:12 | 00,000,000 | ---D | C] -- C:\Downloads [2009-06-24 18:17:57 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet Network [2009-06-24 18:16:41 | 05,631,288 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\flashget20en_(www.programs.pl).exe [2009-06-22 12:52:18 | 00,000,000 | ---D | C] -- C:\Program Files\Gabest [2009-06-22 12:52:04 | 00,734,160 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\VobSub_2.23.exe [2009-06-22 12:44:21 | 06,833,525 | ---- | C] (CCCP Project ) -- C:\Documents and Settings\XP\Pulpit\Combined-Community-Codec-Pack-2008-09-21.exe [2009-06-22 12:08:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\Aegisub [2009-06-22 12:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Aegisub [2009-06-22 12:03:18 | 25,265,044 | ---- | C] (Aegisub Team ) -- C:\Documents and Settings\XP\Pulpit\aegisub-r2494-setup.exe [2009-06-21 13:01:12 | 58,238,213 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\_gg__Code_Geass_-_Picture_Book_9.33__394DC3FF_.mkv [2009-06-21 12:42:40 | 35,471,034 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.9.75.rar [2009-06-21 12:36:44 | 37,677,197 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.8.75.rar [2009-06-21 12:31:46 | 31,639,402 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.6.75.rar [2009-06-21 12:29:16 | 16,641,284 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.4.33.rar [2009-06-21 12:26:46 | 16,613,151 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.3.5.rar [2009-06-21 11:03:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-06-21 11:02:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Moje dokumenty\My Completed Downloads [2009-06-21 11:02:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit [2009-06-21 11:02:33 | 00,000,000 | ---D | C] -- C:\Program Files\DAP [2009-06-21 10:57:24 | 09,437,208 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\dap91.exe [2009-06-21 10:28:42 | 00,210,049 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\aegikc4.jpg [2009-06-20 19:00:03 | 00,400,405 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\tydzien.mp3 [2009-06-20 17:31:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Pulpit\sita [2009-06-20 11:17:06 | 00,019,968 | ---- | C] (http://www.softella.com/) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe [2009-06-18 23:10:30 | 01,739,720 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\444.jpg [2009-06-18 23:10:02 | 01,678,298 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\299.jpg [2009-06-18 23:09:18 | 01,246,400 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\179.jpg [2009-06-16 14:50:43 | 03,241,307 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\DSC00572.JPG [2009-06-16 14:48:59 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS [2009-06-15 10:30:56 | 05,409,448 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\2009-06-15_Express_Ilustrowany.pdf [2009-06-14 21:29:06 | 00,015,962 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Baśń.docx [2009-06-14 21:23:36 | 00,002,513 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Microsoft Office Word 2007.lnk [2009-06-14 00:01:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Moje dokumenty\Notesy programu OneNote [2009-06-12 00:33:08 | 00,961,525 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-1936-en.jpg [2009-06-12 00:32:58 | 01,008,087 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2036-fr.jpg [2009-06-12 00:32:49 | 00,972,010 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2034-fr.jpg [2009-06-12 00:32:36 | 01,278,036 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2033-fr.jpg [2009-06-11 21:58:46 | 00,159,430 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Zakladki 2009-06-11.json [2009-06-11 16:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Moje dokumenty\NeroVision [2009-06-10 22:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\Ahead [2009-06-10 19:12:02 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Metin2 PL.lnk [2009-06-10 19:08:04 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2_PL [2009-06-10 17:29:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\a7a6279a.sys [2009-06-10 10:53:07 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Skrót do NeroStartSmart.lnk [2009-06-10 10:52:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\Ahead [2009-06-09 10:22:21 | 00,274,224 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\XP\Pulpit\utorrent.exe [2009-06-08 11:19:43 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\VirtualDubMod.lnk [2009-06-08 11:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDubMod [2009-06-08 08:34:30 | 00,000,000 | ---D | C] -- C:\Setup [2009-06-08 08:34:30 | 00,000,000 | ---D | C] -- C:\Redist [2009-06-08 08:34:30 | 00,000,000 | ---D | C] -- C:\Program Files\Nero [2009-06-08 08:34:30 | 00,000,000 | ---D | C] -- C:\Cab [2009-06-07 07:36:32 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Gadu-Gadu.lnk [2009-06-07 07:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2009-06-07 07:33:17 | 00,000,000 | ---D | C] -- C:\haker [2009-06-06 20:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\uTorrent [2009-06-06 19:46:20 | 00,001,557 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\mkvmerge GUI.lnk [2009-06-06 19:46:07 | 00,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix [2009-06-05 16:55:16 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\XP\Moje dokumenty\Internet.lnk [2009-06-05 16:49:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\IDM [2009-06-05 16:17:09 | 00,000,788 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Skrót do IDMan.lnk [2009-06-05 16:14:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2009-06-05 16:11:09 | 00,046,695 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\lista.ef2 [2009-06-05 03:14:44 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2009-06-05 03:14:44 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2009-06-05 03:14:43 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2009-06-05 03:14:43 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2009-06-05 03:14:42 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-06-05 03:14:42 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-06-05 03:14:40 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll [2009-06-05 03:14:37 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-06-05 03:14:37 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-06-05 03:14:34 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll [2009-06-04 22:40:00 | 00,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack [2009-06-04 20:52:35 | 00,000,348 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Moje dokumenty.lnk [2009-06-04 19:20:50 | 00,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI [2009-06-04 19:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Moje dokumenty\Downloads [2009-06-04 19:19:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\DMCache [2009-06-04 19:19:12 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager [2009-06-04 18:58:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\BITS [2009-06-04 18:58:40 | 00,000,000 | ---D | C] -- C:\profiles [2009-06-04 03:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Pulpit\poszukiwanianr5 [2009-06-03 14:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Moje dokumenty\GoD [2009-06-02 18:35:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\Ares [2009-06-02 18:34:28 | 00,000,000 | ---D | C] -- C:\Program Files\MyGlobalSearch [2009-06-01 11:50:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\eGazety [2009-06-01 11:20:18 | 00,111,382 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\jess25a.jpg [2009-06-01 11:19:31 | 00,021,447 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\maximusbanner.jpg [2009-06-01 09:33:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Pulpit\skany [2009-05-31 14:32:46 | 00,471,040 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\wygaszacz zima.scr [2009-05-31 14:32:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\wygaszacz zima dir [2009-05-31 14:32:19 | 00,471,040 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\wygaszacz_luty_v2.scr [2009-05-31 14:32:13 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2009-05-31 14:32:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\wygaszacz_luty_v2 dir [2009-05-31 13:14:57 | 01,600,674 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\wygaszacz_XII07.exe [2009-05-31 13:14:50 | 01,749,656 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\wygaszacz4.exe [2009-05-31 13:14:38 | 01,569,818 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\wygaszacz2.exe [2009-05-31 13:14:26 | 01,509,932 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\wygaszacz3.exe [2009-05-30 19:24:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\Canon [2009-05-30 19:23:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Moje dokumenty\My Albums [2009-05-30 19:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\ArcSoft [2009-05-30 19:21:07 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys [2009-05-30 19:21:07 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2009-05-30 19:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\ScanSoft [2009-05-30 19:10:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SSScanWizard [2009-05-30 19:10:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SSScanAppDataDir [2009-05-30 19:10:56 | 00,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009-05-30 19:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared [2009-05-30 19:10:28 | 00,000,000 | ---D | C] -- C:\Program Files\ScanSoft [2009-05-30 19:09:35 | 00,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PhotoBase 3.lnk [2009-05-30 19:09:31 | 00,000,000 | ---D | C] -- C:\Program Files\Canon [2009-05-30 19:09:14 | 00,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PhotoStudio 5.lnk [2009-05-30 19:09:13 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL [2009-05-30 19:08:48 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\pcdlib32.dll [2009-05-30 19:08:38 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft [2009-05-30 19:07:39 | 00,389,180 | ---- | C] (Canon) -- C:\WINDOWS\System32\UCS32P.DLL [2009-05-30 19:07:38 | 00,393,225 | ---- | C] () -- C:\WINDOWS\System32\CNQ1209F.PLG [2009-05-30 19:07:38 | 00,393,225 | ---- | C] () -- C:\WINDOWS\System32\CNQ1209B.PLG [2009-05-30 19:07:38 | 00,393,225 | ---- | C] () -- C:\WINDOWS\System32\CNQ12091.PLG [2009-05-30 19:07:38 | 00,000,000 | -H-D | C] -- C:\CanoScan [2009-05-28 04:39:05 | 03,489,978 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\f9543b7d204a65feb42f6066b7966537.pdf [2009-05-17 12:04:43 | 00,000,267 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-05-09 22:28:55 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009-05-08 08:30:32 | 00,000,118 | ---- | C] () -- C:\WINDOWS\holzed.ini [2009-05-07 23:15:32 | 00,974,848 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll [2009-05-07 23:15:32 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2009-05-07 23:15:31 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll [2009-05-07 00:00:39 | 00,003,992 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-05-02 22:21:25 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-05-01 19:44:35 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-05-01 19:14:57 | 01,900,544 | ---- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll [2009-05-01 19:14:57 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2009-05-01 19:14:57 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2009-05-01 19:14:57 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2009-05-01 19:14:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2009-05-01 19:14:43 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2009-01-05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007-03-27 09:55:48 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2002-10-16 00:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2001-07-22 00:16:20 | 00,000,687 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009-06-26 18:01:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe [2009-06-26 17:44:54 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\HijackThis.lnk [2009-06-26 17:44:26 | 00,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE [2009-06-26 17:44:10 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\XP\Pulpit\HJTInstall.exe [2009-06-26 17:40:17 | 00,003,992 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009-06-26 17:38:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-06-26 17:38:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-06-26 17:15:33 | 00,000,687 | ---- | M] () -- C:\WINDOWS\win.ini [2009-06-26 17:15:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-06-26 17:15:33 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2009-06-26 14:23:28 | 00,002,725 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Condition Zero csmania.eu.exe.lnk [2009-06-26 14:07:20 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-26 12:47:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\a7a6279a.sys [2009-06-26 00:42:29 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\s131.xls [2009-06-25 23:39:07 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\FreshDownload.lnk [2009-06-25 23:38:50 | 02,129,325 | ---- | M] ( ) -- C:\Documents and Settings\XP\Pulpit\freshdow.exe [2009-06-25 18:30:45 | 00,000,162 | ---- | M] () -- C:\Documents and Settings\XP\Moje dokumenty\flash.lst [2009-06-25 16:49:41 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\FlashGet.lnk [2009-06-25 16:31:16 | 04,653,240 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\flashget196(DobrePliki.pl).exe [2009-06-24 18:32:41 | 00,114,230 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\FGXL_SPOL_(www.programs.pl).exe [2009-06-24 18:17:23 | 05,631,288 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\flashget20en_(www.programs.pl).exe [2009-06-22 18:25:13 | 00,000,267 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini [2009-06-22 12:52:09 | 00,734,160 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\VobSub_2.23.exe [2009-06-22 12:48:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-06-22 12:45:14 | 06,833,525 | ---- | M] (CCCP Project ) -- C:\Documents and Settings\XP\Pulpit\Combined-Community-Codec-Pack-2008-09-21.exe [2009-06-22 12:06:55 | 25,265,044 | ---- | M] (Aegisub Team ) -- C:\Documents and Settings\XP\Pulpit\aegisub-r2494-setup.exe [2009-06-21 13:12:14 | 58,238,213 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\_gg__Code_Geass_-_Picture_Book_9.33__394DC3FF_.mkv [2009-06-21 12:48:10 | 35,471,034 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.9.75.rar [2009-06-21 12:42:32 | 37,677,197 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.8.75.rar [2009-06-21 12:36:29 | 31,639,402 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.6.75.rar [2009-06-21 12:31:30 | 16,641,284 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.4.33.rar [2009-06-21 12:29:00 | 16,613,151 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\CoGe.PB.Odc.3.5.rar [2009-06-21 11:00:20 | 09,437,208 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\dap91.exe [2009-06-21 10:28:44 | 00,210,049 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\aegikc4.jpg [2009-06-20 18:59:59 | 00,400,405 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\tydzien.mp3 [2009-06-20 04:44:54 | 00,002,513 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Microsoft Office Word 2007.lnk [2009-06-19 21:22:35 | 00,019,968 | ---- | M] (http://www.softella.com/) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe [2009-06-18 23:10:31 | 01,739,720 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\444.jpg [2009-06-18 23:10:03 | 01,678,298 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\299.jpg [2009-06-18 23:09:24 | 01,246,400 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\179.jpg [2009-06-16 03:39:02 | 02,107,710 | -H-- | M] () -- C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-06-15 10:33:08 | 05,409,448 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\2009-06-15_Express_Ilustrowany.pdf [2009-06-15 10:08:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-06-14 22:39:41 | 00,015,962 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Baśń.docx [2009-06-12 00:33:10 | 00,961,525 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-1936-en.jpg [2009-06-12 00:33:03 | 01,008,087 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2036-fr.jpg [2009-06-12 00:32:58 | 00,972,010 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2034-fr.jpg [2009-06-12 00:32:52 | 01,278,036 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2033-fr.jpg [2009-06-11 21:58:46 | 00,159,430 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Zakladki 2009-06-11.json [2009-06-10 19:12:02 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Metin2 PL.lnk [2009-06-10 10:53:07 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Skrót do NeroStartSmart.lnk [2009-06-09 10:22:22 | 00,274,224 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\XP\Pulpit\utorrent.exe [2009-06-08 15:13:49 | 00,000,067 | ---- | M] () -- C:\WINDOWS\IDMan.INI [2009-06-08 11:19:43 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\VirtualDubMod.lnk [2009-06-07 07:36:32 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Gadu-Gadu.lnk [2009-06-07 02:05:45 | 00,451,696 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-06-07 02:05:45 | 00,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-06-07 02:05:45 | 00,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-06-07 02:05:45 | 00,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-06-07 02:05:44 | 00,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-06-06 19:46:20 | 00,001,557 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\mkvmerge GUI.lnk [2009-06-05 16:55:16 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\XP\Moje dokumenty\Internet.lnk [2009-06-05 16:17:09 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Skrót do IDMan.lnk [2009-06-05 16:11:09 | 00,046,695 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\lista.ef2 [2009-06-04 20:52:35 | 00,000,348 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Moje dokumenty.lnk [2009-06-01 11:20:20 | 00,111,382 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\jess25a.jpg [2009-06-01 11:19:33 | 00,021,447 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\maximusbanner.jpg [2009-05-31 14:32:46 | 00,471,040 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\wygaszacz zima.scr [2009-05-31 14:32:41 | 00,012,288 | ---- | M] () -- C:\WINDOWS\impborl.dll [2009-05-31 14:32:19 | 00,471,040 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\wygaszacz_luty_v2.scr [2009-05-31 13:15:17 | 01,600,674 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\wygaszacz_XII07.exe [2009-05-31 13:15:16 | 01,749,656 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\wygaszacz4.exe [2009-05-31 13:14:47 | 01,569,818 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\wygaszacz2.exe [2009-05-31 13:14:34 | 01,509,932 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\wygaszacz3.exe [2009-05-30 19:10:56 | 00,000,525 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI [2009-05-30 19:09:35 | 00,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PhotoBase 3.lnk [2009-05-30 19:09:14 | 00,001,658 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PhotoStudio 5.lnk [2009-05-28 04:39:25 | 03,489,978 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\f9543b7d204a65feb42f6066b7966537.pdf [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0 < End of report >

**Posty:** 18165 · przez **wojtas** 26 Cze 2009, 18:41

w dodaj usun odinstaluj MyGlobalSearch

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji

**Posty:** 54 · przez **szatan15** 26 Cze 2009, 21:09

zrobiłem wszystko tak jak napisałeś... jednak komputer dalej sie wiesza i resetuje... z trudem wykonałem powyższe czynności.. zamieszczam poniżej log z Malwarebytes Anti-Malware

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.38 Wersja bazy definicji: 2338 Windows 5.1.2600 Dodatek Service Pack 3 2009-06-26 20:47:08 mbam-log-2009-06-26 (20-47-05).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 93471 Upłynęło: 12 minute(s), 28 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 14 Zainfekowane wartości rejestru: 1 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 6 Zainfekowane pliki: 15 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken. Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\History (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Settings (Adware.MyWebSearch) -> No action taken. Zainfekowane pliki: c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\0061FEF9.bin (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\006200BE.bin (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\00620206.bin (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\023024D9 (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\History\search (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> No action taken. c:\WINDOWS\Temp\wpv101243627542.exe (Trojan.Agent) -> No action taken. c:\documents and settings\XP\Dane aplikacji\wiaserva.log (Malware.Trace) -> No action taken.

log był wykonany zanim kliknąłem usunięcie tych wpisów... po zrobieniu tego nadal są problemy:/

**Posty:** 18165 · przez **wojtas** 27 Cze 2009, 11:53

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

**Posty:** 54 · przez **szatan15** 27 Cze 2009, 18:49

Kod: Zaznacz wszystko: ComboFix 09-06-26.02 - XP 2009-06-27 18:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1022.744 [GMT 2:00] Uruchomiony z: c:\documents and settings\XP\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\XP\Dane aplikacji\BITS c:\documents and settings\XP\Dane aplikacji\BITS\BITS.ini c:\documents and settings\XP\Dane aplikacji\BITS\DHTTable.dat c:\documents and settings\XP\Dane aplikacji\BITS\ProxyList.ini c:\program files\FlashGet Network c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose - 2009.06.25 18.31.15.log c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log c:\program files\FlashGet Network\FlashGet universal\fgoption.ini c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat c:\program files\FlashGet Network\FlashGet universal\transaction - 2009.06.25 18.31.15.log c:\program files\FlashGet Network\FlashGet universal\transaction.log . ((((((((((((((((((((((((( Pliki utworzone od 2009-05-27 do 2009-06-27 ))))))))))))))))))))))))))))))) . 2009-06-26 18:30 . 2009-06-26 18:30 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Malwarebytes 2009-06-26 18:30 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-26 18:30 . 2009-06-26 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-26 18:30 . 2009-06-26 18:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-06-26 18:30 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-26 17:26 . 2009-06-26 17:26 -------- d-----w- c:\documents and settings\XP\DoctorWeb 2009-06-26 15:54 . 2009-06-26 16:02 -------- d-----w- c:\windows\BDOSCAN8 2009-06-26 15:44 . 2009-06-26 15:44 -------- d-----w- c:\program files\Trend Micro 2009-06-25 21:39 . 2009-06-27 16:34 -------- d-----w- c:\windows\Desktop 2009-06-25 21:39 . 2009-06-25 21:39 -------- d-----w- c:\program files\FreshDevices 2009-06-25 14:49 . 2009-06-25 21:27 -------- d-----w- c:\program files\FlashGet 2009-06-24 16:23 . 2009-06-27 16:34 -------- d-----w- C:\Downloads 2009-06-22 10:52 . 2009-06-22 10:52 -------- d-----w- c:\program files\Gabest 2009-06-22 10:08 . 2009-06-22 15:15 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Aegisub 2009-06-22 10:07 . 2009-06-22 10:07 -------- d-----w- c:\program files\Aegisub 2009-06-21 09:03 . 2009-06-21 09:25 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-06-21 09:02 . 2009-06-26 15:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SpeedBit 2009-06-21 09:02 . 2009-06-26 15:44 -------- d-----w- c:\program files\DAP 2009-06-10 20:14 . 2009-06-11 14:36 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Ahead 2009-06-10 17:08 . 2009-06-14 11:29 -------- d-----w- c:\program files\Metin2_PL 2009-06-10 15:29 . 2009-06-26 10:47 0 ----a-w- c:\windows\system32\drivers\a7a6279a.sys 2009-06-10 08:52 . 2009-06-10 20:31 -------- d-----w- c:\documents and settings\XP\Ustawienia lokalne\Dane aplikacji\Ahead 2009-06-08 09:19 . 2009-06-08 09:19 -------- d-----w- c:\program files\VirtualDubMod 2009-06-08 06:35 . 2009-06-08 06:35 69632 ----a-r- c:\documents and settings\XP\Dane aplikacji\Microsoft\Installer\{61EF78E2-C33A-4924-85B9-A12FBE16E0F5}\ARPPRODUCTICON.exe 2009-06-08 06:35 . 2009-06-08 06:35 492544 ----a-r- c:\documents and settings\XP\Dane aplikacji\Microsoft\Installer\{61EF78E2-C33A-4924-85B9-A12FBE16E0F5}\Icon61EF78E2.exe 2009-06-08 06:34 . 2009-06-08 06:34 -------- d-----w- C:\Setup 2009-06-08 06:34 . 2009-06-08 06:34 -------- d-----w- C:\Redist 2009-06-08 06:34 . 2009-06-08 06:34 -------- d-----w- c:\program files\Nero 2009-06-08 06:34 . 2009-06-08 06:34 -------- d-----w- C:\Cab 2009-06-07 05:36 . 2009-06-07 05:36 -------- d-----w- c:\documents and settings\XP\Gadu-Gadu 2009-06-07 05:36 . 2009-06-07 05:36 -------- d-----w- c:\program files\Gadu-Gadu 2009-06-07 05:33 . 2009-06-07 05:34 -------- d-----w- C:\haker 2009-06-06 18:28 . 2009-06-11 19:37 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\uTorrent 2009-06-06 17:46 . 2009-06-06 17:46 -------- d-----w- c:\program files\MKVtoolnix 2009-06-05 14:49 . 2009-06-08 13:28 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\IDM 2009-06-05 14:14 . 2009-06-05 14:14 -------- d--h--w- c:\windows\PIF 2009-06-05 01:14 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-06-05 01:14 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll 2009-06-05 01:14 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll 2009-06-05 01:14 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll 2009-06-05 01:14 . 2009-03-02 18:10 67584 ----a-w- c:\windows\system32\ff_vfw.dll 2009-06-05 01:14 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2009-06-04 20:40 . 2009-06-22 10:46 -------- d-----w- c:\program files\Combined Community Codec Pack 2009-06-04 17:19 . 2009-06-26 15:38 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\DMCache 2009-06-04 17:19 . 2009-06-08 13:27 -------- d-----w- c:\program files\Internet Download Manager 2009-06-04 16:58 . 2009-06-04 16:58 167376 ----a-w- c:\documents and settings\XP\Dane aplikacji\Mozilla\Firefox\Profiles\dsackb59.default\FlashGot.exe 2009-06-04 16:58 . 2009-06-04 16:58 -------- d-----w- C:\profiles 2009-06-02 16:35 . 2009-06-02 16:35 -------- d-----w- c:\documents and settings\XP\Ustawienia lokalne\Dane aplikacji\Ares 2009-06-01 09:50 . 2009-06-01 09:50 -------- d-----w- c:\documents and settings\XP\Ustawienia lokalne\Dane aplikacji\eGazety 2009-05-31 12:32 . 2009-05-31 12:32 471040 ----a-w- c:\windows\wygaszacz zima.scr 2009-05-31 12:32 . 2009-05-31 12:32 -------- d-----w- c:\windows\wygaszacz zima dir 2009-05-31 12:32 . 2009-05-31 12:32 471040 ----a-w- c:\windows\wygaszacz_luty_v2.scr 2009-05-31 12:32 . 2009-05-31 12:32 12288 ----a-w- c:\windows\impborl.dll 2009-05-31 12:32 . 2009-05-31 12:32 -------- d-----w- c:\windows\wygaszacz_luty_v2 dir 2009-05-30 17:24 . 2009-06-25 16:19 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Canon 2009-05-30 17:23 . 2009-05-30 17:23 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\ArcSoft 2009-05-30 17:21 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-05-30 17:21 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-05-30 17:10 . 2009-05-30 17:10 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\ScanSoft 2009-05-30 17:10 . 2009-05-30 17:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SSScanWizard 2009-05-30 17:10 . 2009-05-30 17:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SSScanAppDataDir 2009-05-30 17:10 . 2009-05-30 17:11 -------- d-----w- c:\program files\Common Files\ScanSoft Shared 2009-05-30 17:10 . 2009-05-30 17:10 -------- d-----w- c:\program files\ScanSoft 2009-05-30 17:09 . 2009-05-30 17:09 -------- d-----w- c:\program files\Canon 2009-05-30 17:09 . 1996-06-30 22:00 77312 ----a-w- c:\windows\system32\TWAIN_32.DLL 2009-05-30 17:09 . 1995-07-31 11:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL 2009-05-30 17:08 . 1999-05-26 07:46 212480 ----a-w- c:\windows\pcdlib32.dll 2009-05-30 17:08 . 2009-05-30 17:08 -------- d-----w- c:\program files\ArcSoft 2009-05-30 17:07 . 2002-05-24 01:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL 2009-05-30 17:07 . 2009-05-30 17:07 -------- d--h--w- C:\CanoScan 2009-05-30 17:07 . 2002-11-20 13:15 729088 ----a-w- c:\windows\system32\CNQA1209.DLL 2009-05-30 17:07 . 2002-11-20 11:42 507904 ----a-w- c:\windows\system32\CNQL1209.DLL 2009-05-30 17:07 . 2002-11-15 08:15 40960 ----a-w- c:\windows\system32\CNQU83.DLL . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 18:28 . 2009-05-06 22:03 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\foobar2000 2009-06-10 08:54 . 2009-05-07 21:07 -------- d-----w- c:\program files\PowerISO 2009-06-08 06:35 . 2009-05-02 10:53 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-07 00:05 . 2001-10-26 16:15 75706 ----a-w- c:\windows\system32\perfc015.dat 2009-06-07 00:05 . 2001-10-26 16:15 451696 ----a-w- c:\windows\system32\perfh015.dat 2009-06-06 13:51 . 2009-05-07 17:18 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Nowe Gadu-Gadu 2009-06-04 18:22 . 2009-05-01 17:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-30 22:31 . 2009-05-01 17:53 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-30 10:58 . 2009-05-15 07:19 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\ipla 2009-05-27 15:44 . 2009-05-27 15:44 -------- d-----w- c:\program files\Microsoft Silverlight 2009-05-18 19:28 . 2009-05-15 07:19 70136 ----a-w- c:\documents and settings\XP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-05-17 15:04 . 2009-05-17 12:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-05-17 12:19 . 2009-05-17 12:19 -------- d-----w- c:\program files\Microsoft Works 2009-05-17 12:18 . 2009-05-17 12:18 -------- d-----w- c:\program files\MSBuild 2009-05-17 12:14 . 2009-05-17 12:14 -------- d-----w- c:\program files\Microsoft.NET 2009-05-17 12:09 . 2009-05-17 12:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-05-17 11:56 . 2009-05-17 11:56 -------- d-----w- c:\program files\Common Files\DirectX 2009-05-17 09:27 . 2009-05-17 09:27 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Megaupload 2009-05-16 16:10 . 2009-05-01 17:03 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-05-16 12:12 . 2009-05-01 17:05 -------- d-----w- c:\program files\microsoft frontpage 2009-05-15 07:19 . 2009-05-15 07:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-05-15 07:18 . 2009-05-15 07:18 -------- d-----w- c:\program files\ipla 2009-05-15 07:18 . 2009-05-15 07:18 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2009-05-13 20:47 . 2009-05-13 20:47 -------- d-----w- c:\program files\SubEdit-Player 2009-05-11 09:16 . 2009-05-11 09:16 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\InstallShield 2009-05-10 19:39 . 2009-05-10 19:39 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Media Player Classic 2009-05-09 20:28 . 2009-05-09 20:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-05-09 20:15 . 2009-05-01 17:11 -------- d-----w- c:\program files\Common Files\InstallShield 2009-05-08 07:13 . 2009-05-07 17:11 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Winamp 2009-05-07 21:19 . 2009-05-07 21:15 -------- d-----w- c:\program files\GhostMaster 2009-05-07 21:19 . 2009-05-07 21:19 -------- d-----w- c:\program files\directx 2009-05-07 17:58 . 2009-05-07 17:58 -------- d-----w- c:\program files\csmania.eu 2009-05-07 17:27 . 2009-05-07 17:27 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\DivX 2009-05-07 17:25 . 2009-05-07 17:25 -------- d-----w- c:\program files\Real Alternative 2009-05-07 17:17 . 2009-05-07 17:16 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-05-07 09:18 . 2009-05-07 09:18 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-07 09:18 . 2009-05-07 09:18 -------- d-----w- c:\program files\Java 2009-05-07 09:18 . 2009-05-07 09:18 152576 ----a-w- c:\documents and settings\XP\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-06 22:03 . 2009-05-06 22:03 -------- d-----w- c:\program files\foobar2000 2009-05-06 21:56 . 2009-05-06 21:56 0 ----a-w- c:\windows\nsreg.dat 2009-05-01 17:59 . 2009-05-01 17:59 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\IrfanView 2009-05-01 17:55 . 2009-05-01 17:55 -------- d-----w- c:\program files\IrfanView 2009-05-01 17:53 . 2009-05-01 17:53 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\InterTrust 2009-05-01 17:33 . 2009-05-01 17:33 2232 ----a-w- c:\windows\java\Packages\Data\JPBB7LJ3.DAT 2009-05-01 17:33 . 2009-05-01 17:33 155995 ----a-w- c:\windows\java\Packages\A1N9J7B9.ZIP 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\T7ZBNJBL.DAT 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\NR7ZFJNZ.DAT 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\RTRR1ND7.DAT 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\MISXB37T.DAT 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\5VHN9FL7.DAT 2009-05-01 17:14 . 2009-05-01 17:14 -------- d-----w- c:\program files\C-Media 3D Audio 2009-05-01 17:12 . 2009-05-01 17:12 -------- d-----w- c:\program files\Intel 2009-05-01 17:01 . 2009-05-01 17:01 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w- c:\program files\Usługi online . ------- Sigcheck ------- [-] 2001-10-26 17:30 12800 B3C95BFEEF6781A82A1C429F466A3A11 c:\windows\$NtServicePackUninstall$\svchost.exe [7] 2008-04-14 20:51 14336 8607D35D92528E2DF386F19A960D23CE c:\windows\ServicePackFiles\i386\svchost.exe [7] 2008-04-14 20:51 14336 8607D35D92528E2DF386F19A960D23CE c:\windows\system32\svchost.exe [7] 2002-09-20 16:04 561664 3A4892A57CFE05D61E4BBC3EC3E24A63 c:\windows\$NtServicePackUninstall$\user32.dll [7] 2008-04-14 20:50 580096 A435C5C069AFD901751AC323AD238793 c:\windows\ServicePackFiles\i386\user32.dll [7] 2008-04-14 20:50 580096 A435C5C069AFD901751AC323AD238793 c:\windows\system32\user32.dll [-] 2001-10-26 17:29 75264 9B7D1C56CC12D806314B853BF52ECB4C c:\windows\$NtServicePackUninstall$\ws2_32.dll [7] 2008-04-14 20:51 82432 C0AA2AB856680C44739B41E01F5BD4E9 c:\windows\ServicePackFiles\i386\ws2_32.dll [7] 2008-04-14 20:51 82432 C0AA2AB856680C44739B41E01F5BD4E9 c:\windows\system32\ws2_32.dll [7] 2002-09-20 16:05 601600 4965C02574610E9B2D1E18D63D11A772 c:\windows\$NtServicePackUninstall$\wininet.dll [7] 2008-04-14 20:50 668672 0457F0AFD6EE10445D8CF721FB5FA4EB c:\windows\ServicePackFiles\i386\wininet.dll [7] 2008-04-14 20:50 668672 0457F0AFD6EE10445D8CF721FB5FA4EB c:\windows\system32\wininet.dll [7] 2002-08-28 23:58 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys [7] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\system32\drivers\tcpip.sys [7] 2002-09-20 16:05 519168 8B6E6BB5D451F8BBC0621203B687D993 c:\windows\$NtServicePackUninstall$\winlogon.exe [7] 2008-04-14 20:51 510464 51FD2E13D723857B9CA239AE77150F48 c:\windows\ServicePackFiles\i386\winlogon.exe [7] 2008-04-14 20:51 510464 51FD2E13D723857B9CA239AE77150F48 c:\windows\system32\winlogon.exe [7] 2002-08-29 00:09 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtServicePackUninstall$\ndis.sys [7] 2008-04-13 22:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys [7] 2008-04-13 22:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys [7] 2008-04-13 22:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys [7] 2008-04-13 22:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys [7] 2002-09-20 15:12 1949184 79D262478C985E736DEB38CE2224FC75 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [7] 2008-04-14 19:59 2067200 4BBA965664FAA56B187C27F4CAD7E7C5 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [7] 2008-04-14 19:59 2067200 4BBA965664FAA56B187C27F4CAD7E7C5 c:\windows\system32\ntkrnlpa.exe [7] 2002-09-20 15:12 2043520 AE94AE0DA6ED874CE08912FC63F8C6C2 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [7] 2008-04-14 20:00 2190336 8CA14ECF04594EABBE93C9FF2E3CBFB1 c:\windows\ServicePackFiles\i386\ntoskrnl.exe [7] 2008-04-14 20:00 2190336 8CA14ECF04594EABBE93C9FF2E3CBFB1 c:\windows\system32\ntoskrnl.exe [7] 2008-04-14 20:51 1035264 C791ED9EAC5E76D9525E157B1D7A599A c:\windows\explorer.exe [7] 2002-09-20 16:05 1005568 F4AF85D918E83D71341FCE2AA5318181 c:\windows\$NtServicePackUninstall$\explorer.exe [7] 2008-04-14 20:51 1035264 C791ED9EAC5E76D9525E157B1D7A599A c:\windows\ServicePackFiles\i386\explorer.exe [-] 2001-10-26 17:30 101888 BF4CBEFDCE42A699389791647CB95CA2 c:\windows\$NtServicePackUninstall$\services.exe [7] 2008-04-14 20:51 109056 3E3AE424E27C4CEFE4CAB368C7B570EA c:\windows\ServicePackFiles\i386\services.exe [7] 2008-04-14 20:51 109056 3E3AE424E27C4CEFE4CAB368C7B570EA c:\windows\system32\services.exe [7] 2002-09-20 16:05 11776 FA2C871F57352339F0A1802BB9AEA6E7 c:\windows\$NtServicePackUninstall$\lsass.exe [7] 2008-04-14 20:51 13312 88296F7943F30A1EE3AF735440B92268 c:\windows\ServicePackFiles\i386\lsass.exe [7] 2008-04-14 20:51 13312 88296F7943F30A1EE3AF735440B92268 c:\windows\system32\lsass.exe [7] 2002-09-20 16:05 13312 0C4C012B0A8960F48A666C240A7BAA3D c:\windows\$NtServicePackUninstall$\ctfmon.exe [7] 2008-04-14 20:51 15360 1BD41EDA5B869AFC99895C39A8DE36E1 c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2008-04-14 20:51 15360 1BD41EDA5B869AFC99895C39A8DE36E1 c:\windows\system32\ctfmon.exe [-] 2001-10-26 17:30 51200 414AF353E9EEED8637D90370FD0C3B68 c:\windows\$NtServicePackUninstall$\spoolsv.exe [7] 2008-04-14 20:51 57856 DD69EC597AB942C39B950D9C3CE1375D c:\windows\ServicePackFiles\i386\spoolsv.exe [7] 2008-04-14 20:51 57856 DD69EC597AB942C39B950D9C3CE1375D c:\windows\system32\spoolsv.exe [7] 2002-09-20 16:05 142336 2BDCBF19C5222FDA21B049D1FBAC7B36 c:\windows\$NtServicePackUninstall$\wuauclt.exe [7] 2008-04-14 20:51 112128 9A19BA6D99B8EC3DB5B3EFF71B0A0BB5 c:\windows\ServicePackFiles\i386\wuauclt.exe [7] 2008-04-14 20:51 112128 9A19BA6D99B8EC3DB5B3EFF71B0A0BB5 c:\windows\system32\wuauclt.exe [7] 2002-09-20 16:05 22528 323D3FFCBF99C59B2D20B4C5A7ECE347 c:\windows\$NtServicePackUninstall$\userinit.exe [7] 2008-04-14 20:51 26624 2A5B37D520508BE6570A3EA79695F5B5 c:\windows\ServicePackFiles\i386\userinit.exe [7] 2008-04-14 20:51 26624 2A5B37D520508BE6570A3EA79695F5B5 c:\windows\system32\userinit.exe [7] 2002-09-20 16:04 201216 C4EE140F5EDCF2FC20099B56DDBE5445 c:\windows\$NtServicePackUninstall$\termsrv.dll [7] 2008-04-14 20:50 296448 52E0505408EDD4AB5CCC7F83B67B4299 c:\windows\ServicePackFiles\i386\termsrv.dll [7] 2008-04-14 20:50 296448 52E0505408EDD4AB5CCC7F83B67B4299 c:\windows\system32\termsrv.dll [7] 2002-09-20 16:04 958976 8D452C28D7CAD9B5BBDB3C41730305E9 c:\windows\$NtServicePackUninstall$\kernel32.dll [7] 2008-04-14 20:50 1018368 FCE4ECC34A36EDACF03DBE8DE5E28910 c:\windows\ServicePackFiles\i386\kernel32.dll [7] 2008-04-14 20:50 1018368 FCE4ECC34A36EDACF03DBE8DE5E28910 c:\windows\system32\kernel32.dll [-] 2001-10-26 17:29 14848 CF06FF4307712677DD2EA86921CCD52F c:\windows\$NtServicePackUninstall$\powrprof.dll [7] 2008-04-14 20:50 17408 414C17A2958AEDAC700BBAAFBF999F94 c:\windows\ServicePackFiles\i386\powrprof.dll [7] 2008-04-14 20:50 17408 414C17A2958AEDAC700BBAAFBF999F94 c:\windows\system32\powrprof.dll [7] 2002-09-20 16:03 103936 B85F29A061F7D554C8F8092ADE4EC107 c:\windows\$NtServicePackUninstall$\imm32.dll [7] 2008-04-14 20:50 110080 2E9A03268E609917B83921EE16FD9CFB c:\windows\ServicePackFiles\i386\imm32.dll [7] 2008-04-14 20:50 110080 2E9A03268E609917B83921EE16FD9CFB c:\windows\system32\imm32.dll [7] 2002-09-20 16:04 1145856 E77F6154BF8E41D74B80603701C3B9AA c:\windows\$NtServicePackUninstall$\sfcfiles.dll [7] 2008-04-14 20:50 1571840 A9ED600F08A92143253C10EDB5651ECF c:\windows\ServicePackFiles\i386\sfcfiles.dll [7] 2008-04-14 20:50 1571840 A9ED600F08A92143253C10EDB5651ECF c:\windows\system32\sfcfiles.dll [7] 2002-09-20 16:03 160768 26C5A28804C27CCBE3C406AFE2691C24 c:\windows\$NtServicePackUninstall$\appmgmts.dll [7] 2008-04-14 20:50 172032 1561430DA2F2AB81CC0CE71AF95A778D c:\windows\ServicePackFiles\i386\appmgmts.dll [7] 2008-04-14 20:50 172032 1561430DA2F2AB81CC0CE71AF95A778D c:\windows\system32\appmgmts.dll [7] 2002-09-20 15:40 23808 FF7EFE2843AC5DCA6AE0DDA14593FE70 c:\windows\$NtServicePackUninstall$\kbdclass.sys [7] 2008-04-14 19:50 24960 2AECA45D4AEAACBDCB77AD11184E4601 c:\windows\ServicePackFiles\i386\kbdclass.sys [7] 2008-04-14 19:50 24960 2AECA45D4AEAACBDCB77AD11184E4601 c:\windows\system32\drivers\kbdclass.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreshDownload"="c:\program files\FreshDevices\FreshDownload\FD.EXE" [2009-06-15 3152904] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\c:^documents and settings^all users^application data^microsoft^shortcuts^icwsetup.exe] path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe backup=c:\windows\pss\icwsetup.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\c:^documents and settings^xp^menu start^programy^autostart^rncsys32.exe] path=c:\documents and settings\XP\Menu Start\Programy\Autostart\rncsys32.exe backup=c:\windows\pss\rncsys32.exeStartup [HKLM\~\startupfolder\c:^documents and settings^xp^menu start^programy^autostart^tworzenie wycinków ekranu i uruchamianie programu onenote 2007.lnk] path=c:\documents and settings\XP\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\csmania.eu\\Condition Zero csmania.eu\\Condition Zero\\hl.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Documents and Settings\\XP\\Pulpit\\utorrent.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port S0 pusyjq;pusyjq;c:\windows\system32\drivers\rjpzlcjc.sys --> c:\windows\system32\drivers\rjpzlcjc.sys [?] S1 a7a6279a;a7a6279a;c:\windows\system32\drivers\a7a6279a.sys [2009-06-10 0] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.speedbit.com/ uInternet Connection Wizard,ShellNext = iexplore IE: &pobierz wszystko przez flashget - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm IE: &pobrane przez flashget - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm IE: &Ściągnij przy pomocy flashget'a - c:\program files\FlashGet\jc_link.htm IE: &Ściągnij wszystko przy pomocy flashget'a - c:\program files\FlashGet\jc_all.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: {{793519b5-cad5-479f-94f2-8c8e833dc589} - c:\program files\FreshDevices\FreshDownload\fd.exe LSP: c:\windows\system32\idmmbc.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\XP\Dane aplikacji\Mozilla\Firefox\Profiles\dsackb59.default\ FF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-27 18:42 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3abccc94-346e-4099-b8cb-f2d09015ad10}] @Denied: (Full) (Everyone) "Model"=dword:000000b0 "Therad"=dword:00000017 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):34,ca,2b,2d,b5,79,88,8f,13,68,1d,eb,e1,3b,f7,fe,89,03,5e,a1,41, 4e,93,96,eb,89,07,a0,b8,47,97,6c,b3,3b,db,7c,4d,d5,af,61,00,00,00,00,00,00,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(720) c:\windows\system32\idmmbc.dll . Czas ukończenia: 2009-06-27 18:46 ComboFix-quarantined-files.txt 2009-06-27 16:45 Przed: 3 720 757 248 bajtów wolnych Po: 4 798 414 848 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 326

po combofixie nadal są te same problemy :cry:

**Posty:** 18165 · przez **wojtas** 27 Cze 2009, 19:50

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\drivers\a7a6279a.sys
c:\windows\system32\drivers\rjpzlcjc.sys

Driver::
a7a6279a
pusyjq

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 54 · przez **szatan15** 27 Cze 2009, 20:18

Kod: Zaznacz wszystko: ComboFix 09-06-26.02 - XP 2009-06-27 19:59.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1022.751 [GMT 2:00] Uruchomiony z: c:\documents and settings\XP\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\XP\Pulpit\CFScript.txt FILE :: "c:\windows\system32\drivers\a7a6279a.sys" "c:\windows\system32\drivers\rjpzlcjc.sys" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\a7a6279a.sys . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_a7a6279a -------\Service_pusyjq ((((((((((((((((((((((((( Pliki utworzone od 2009-05-27 do 2009-06-27 ))))))))))))))))))))))))))))))) . 2009-06-27 16:43 . 2009-06-27 16:43 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-26 18:30 . 2009-06-26 18:30 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Malwarebytes 2009-06-26 18:30 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-26 18:30 . 2009-06-26 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-26 18:30 . 2009-06-26 18:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-06-26 18:30 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-26 17:26 . 2009-06-26 17:26 -------- d-----w- c:\documents and settings\XP\DoctorWeb 2009-06-26 15:54 . 2009-06-26 16:02 -------- d-----w- c:\windows\BDOSCAN8 2009-06-26 15:44 . 2009-06-26 15:44 -------- d-----w- c:\program files\Trend Micro 2009-06-25 21:39 . 2009-06-27 17:44 -------- d-----w- c:\windows\Desktop 2009-06-25 21:39 . 2009-06-25 21:39 -------- d-----w- c:\program files\FreshDevices 2009-06-25 14:49 . 2009-06-25 21:27 -------- d-----w- c:\program files\FlashGet 2009-06-24 16:23 . 2009-06-27 18:07 -------- d-----w- C:\Downloads 2009-06-22 10:52 . 2009-06-22 10:52 -------- d-----w- c:\program files\Gabest 2009-06-22 10:08 . 2009-06-22 15:15 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Aegisub 2009-06-22 10:07 . 2009-06-22 10:07 -------- d-----w- c:\program files\Aegisub 2009-06-21 09:03 . 2009-06-21 09:25 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-06-21 09:02 . 2009-06-26 15:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SpeedBit 2009-06-21 09:02 . 2009-06-26 15:44 -------- d-----w- c:\program files\DAP 2009-06-10 20:14 . 2009-06-11 14:36 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Ahead 2009-06-10 17:08 . 2009-06-14 11:29 -------- d-----w- c:\program files\Metin2_PL 2009-06-10 08:52 . 2009-06-10 20:31 -------- d-----w- c:\documents and settings\XP\Ustawienia lokalne\Dane aplikacji\Ahead 2009-06-08 09:19 . 2009-06-08 09:19 -------- d-----w- c:\program files\VirtualDubMod 2009-06-08 06:35 . 2009-06-08 06:35 69632 ----a-r- c:\documents and settings\XP\Dane aplikacji\Microsoft\Installer\{61EF78E2-C33A-4924-85B9-A12FBE16E0F5}\ARPPRODUCTICON.exe 2009-06-08 06:35 . 2009-06-08 06:35 492544 ----a-r- c:\documents and settings\XP\Dane aplikacji\Microsoft\Installer\{61EF78E2-C33A-4924-85B9-A12FBE16E0F5}\Icon61EF78E2.exe 2009-06-08 06:34 . 2009-06-08 06:34 -------- d-----w- C:\Setup 2009-06-08 06:34 . 2009-06-08 06:34 -------- d-----w- C:\Redist 2009-06-08 06:34 . 2009-06-08 06:34 -------- d-----w- c:\program files\Nero 2009-06-08 06:34 . 2009-06-08 06:34 -------- d-----w- C:\Cab 2009-06-07 05:36 . 2009-06-07 05:36 -------- d-----w- c:\documents and settings\XP\Gadu-Gadu 2009-06-07 05:36 . 2009-06-07 05:36 -------- d-----w- c:\program files\Gadu-Gadu 2009-06-07 05:33 . 2009-06-07 05:34 -------- d-----w- C:\haker 2009-06-06 18:28 . 2009-06-11 19:37 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\uTorrent 2009-06-06 17:46 . 2009-06-06 17:46 -------- d-----w- c:\program files\MKVtoolnix 2009-06-05 14:49 . 2009-06-08 13:28 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\IDM 2009-06-05 14:14 . 2009-06-05 14:14 -------- d--h--w- c:\windows\PIF 2009-06-05 01:14 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-06-05 01:14 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll 2009-06-05 01:14 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll 2009-06-05 01:14 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll 2009-06-05 01:14 . 2009-03-02 18:10 67584 ----a-w- c:\windows\system32\ff_vfw.dll 2009-06-05 01:14 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2009-06-04 20:40 . 2009-06-22 10:46 -------- d-----w- c:\program files\Combined Community Codec Pack 2009-06-04 17:19 . 2009-06-26 15:38 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\DMCache 2009-06-04 17:19 . 2009-06-08 13:27 -------- d-----w- c:\program files\Internet Download Manager 2009-06-04 16:58 . 2009-06-04 16:58 167376 ----a-w- c:\documents and settings\XP\Dane aplikacji\Mozilla\Firefox\Profiles\dsackb59.default\FlashGot.exe 2009-06-04 16:58 . 2009-06-04 16:58 -------- d-----w- C:\profiles 2009-06-02 16:35 . 2009-06-02 16:35 -------- d-----w- c:\documents and settings\XP\Ustawienia lokalne\Dane aplikacji\Ares 2009-06-01 09:50 . 2009-06-01 09:50 -------- d-----w- c:\documents and settings\XP\Ustawienia lokalne\Dane aplikacji\eGazety 2009-05-31 12:32 . 2009-05-31 12:32 471040 ----a-w- c:\windows\wygaszacz zima.scr 2009-05-31 12:32 . 2009-05-31 12:32 -------- d-----w- c:\windows\wygaszacz zima dir 2009-05-31 12:32 . 2009-05-31 12:32 471040 ----a-w- c:\windows\wygaszacz_luty_v2.scr 2009-05-31 12:32 . 2009-05-31 12:32 12288 ----a-w- c:\windows\impborl.dll 2009-05-31 12:32 . 2009-05-31 12:32 -------- d-----w- c:\windows\wygaszacz_luty_v2 dir 2009-05-30 17:24 . 2009-06-25 16:19 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Canon 2009-05-30 17:23 . 2009-05-30 17:23 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\ArcSoft 2009-05-30 17:21 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-05-30 17:21 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-05-30 17:10 . 2009-05-30 17:10 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\ScanSoft 2009-05-30 17:10 . 2009-05-30 17:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SSScanWizard 2009-05-30 17:10 . 2009-05-30 17:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SSScanAppDataDir 2009-05-30 17:10 . 2009-05-30 17:11 -------- d-----w- c:\program files\Common Files\ScanSoft Shared 2009-05-30 17:10 . 2009-05-30 17:10 -------- d-----w- c:\program files\ScanSoft 2009-05-30 17:09 . 2009-05-30 17:09 -------- d-----w- c:\program files\Canon 2009-05-30 17:09 . 1996-06-30 22:00 77312 ----a-w- c:\windows\system32\TWAIN_32.DLL 2009-05-30 17:09 . 1995-07-31 11:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL 2009-05-30 17:08 . 1999-05-26 07:46 212480 ----a-w- c:\windows\pcdlib32.dll 2009-05-30 17:08 . 2009-05-30 17:08 -------- d-----w- c:\program files\ArcSoft 2009-05-30 17:07 . 2002-05-24 01:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL 2009-05-30 17:07 . 2009-05-30 17:07 -------- d--h--w- C:\CanoScan 2009-05-30 17:07 . 2002-11-20 13:15 729088 ----a-w- c:\windows\system32\CNQA1209.DLL 2009-05-30 17:07 . 2002-11-20 11:42 507904 ----a-w- c:\windows\system32\CNQL1209.DLL 2009-05-30 17:07 . 2002-11-15 08:15 40960 ----a-w- c:\windows\system32\CNQU83.DLL . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 18:28 . 2009-05-06 22:03 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\foobar2000 2009-06-10 08:54 . 2009-05-07 21:07 -------- d-----w- c:\program files\PowerISO 2009-06-08 06:35 . 2009-05-02 10:53 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-07 00:05 . 2001-10-26 16:15 75706 ----a-w- c:\windows\system32\perfc015.dat 2009-06-07 00:05 . 2001-10-26 16:15 451696 ----a-w- c:\windows\system32\perfh015.dat 2009-06-06 13:51 . 2009-05-07 17:18 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Nowe Gadu-Gadu 2009-06-04 18:22 . 2009-05-01 17:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-30 22:31 . 2009-05-01 17:53 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-30 10:58 . 2009-05-15 07:19 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\ipla 2009-05-27 15:44 . 2009-05-27 15:44 -------- d-----w- c:\program files\Microsoft Silverlight 2009-05-18 19:28 . 2009-05-15 07:19 70136 ----a-w- c:\documents and settings\XP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-05-17 15:04 . 2009-05-17 12:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-05-17 12:19 . 2009-05-17 12:19 -------- d-----w- c:\program files\Microsoft Works 2009-05-17 12:18 . 2009-05-17 12:18 -------- d-----w- c:\program files\MSBuild 2009-05-17 12:14 . 2009-05-17 12:14 -------- d-----w- c:\program files\Microsoft.NET 2009-05-17 12:09 . 2009-05-17 12:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-05-17 11:56 . 2009-05-17 11:56 -------- d-----w- c:\program files\Common Files\DirectX 2009-05-17 09:27 . 2009-05-17 09:27 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Megaupload 2009-05-16 16:10 . 2009-05-01 17:03 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-05-16 12:12 . 2009-05-01 17:05 -------- d-----w- c:\program files\microsoft frontpage 2009-05-15 07:19 . 2009-05-15 07:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-05-15 07:18 . 2009-05-15 07:18 -------- d-----w- c:\program files\ipla 2009-05-15 07:18 . 2009-05-15 07:18 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2009-05-13 20:47 . 2009-05-13 20:47 -------- d-----w- c:\program files\SubEdit-Player 2009-05-11 09:16 . 2009-05-11 09:16 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\InstallShield 2009-05-10 19:39 . 2009-05-10 19:39 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Media Player Classic 2009-05-09 20:28 . 2009-05-09 20:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-05-09 20:15 . 2009-05-01 17:11 -------- d-----w- c:\program files\Common Files\InstallShield 2009-05-08 07:13 . 2009-05-07 17:11 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\Winamp 2009-05-07 21:19 . 2009-05-07 21:15 -------- d-----w- c:\program files\GhostMaster 2009-05-07 21:19 . 2009-05-07 21:19 -------- d-----w- c:\program files\directx 2009-05-07 17:58 . 2009-05-07 17:58 -------- d-----w- c:\program files\csmania.eu 2009-05-07 17:27 . 2009-05-07 17:27 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\DivX 2009-05-07 17:25 . 2009-05-07 17:25 -------- d-----w- c:\program files\Real Alternative 2009-05-07 17:17 . 2009-05-07 17:16 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-05-07 09:18 . 2009-05-07 09:18 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-07 09:18 . 2009-05-07 09:18 -------- d-----w- c:\program files\Java 2009-05-07 09:18 . 2009-05-07 09:18 152576 ----a-w- c:\documents and settings\XP\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-06 22:03 . 2009-05-06 22:03 -------- d-----w- c:\program files\foobar2000 2009-05-06 21:56 . 2009-05-06 21:56 0 ----a-w- c:\windows\nsreg.dat 2009-05-01 17:59 . 2009-05-01 17:59 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\IrfanView 2009-05-01 17:55 . 2009-05-01 17:55 -------- d-----w- c:\program files\IrfanView 2009-05-01 17:53 . 2009-05-01 17:53 -------- d-----w- c:\documents and settings\XP\Dane aplikacji\InterTrust 2009-05-01 17:33 . 2009-05-01 17:33 2232 ----a-w- c:\windows\java\Packages\Data\JPBB7LJ3.DAT 2009-05-01 17:33 . 2009-05-01 17:33 155995 ----a-w- c:\windows\java\Packages\A1N9J7B9.ZIP 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\T7ZBNJBL.DAT 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\NR7ZFJNZ.DAT 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\RTRR1ND7.DAT 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\MISXB37T.DAT 2009-05-01 17:33 . 2009-05-01 17:33 2678 ----a-w- c:\windows\java\Packages\Data\5VHN9FL7.DAT 2009-05-01 17:14 . 2009-05-01 17:14 -------- d-----w- c:\program files\C-Media 3D Audio 2009-05-01 17:12 . 2009-05-01 17:12 -------- d-----w- c:\program files\Intel 2009-05-01 17:01 . 2009-05-01 17:01 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w- c:\program files\Usługi online . ------- Sigcheck ------- [-] 2001-10-26 17:30 12800 B3C95BFEEF6781A82A1C429F466A3A11 c:\windows\$NtServicePackUninstall$\svchost.exe [7] 2008-04-14 20:51 14336 8607D35D92528E2DF386F19A960D23CE c:\windows\ServicePackFiles\i386\svchost.exe [7] 2008-04-14 20:51 14336 8607D35D92528E2DF386F19A960D23CE c:\windows\system32\svchost.exe [7] 2002-09-20 16:04 561664 3A4892A57CFE05D61E4BBC3EC3E24A63 c:\windows\$NtServicePackUninstall$\user32.dll [7] 2008-04-14 20:50 580096 A435C5C069AFD901751AC323AD238793 c:\windows\ServicePackFiles\i386\user32.dll [7] 2008-04-14 20:50 580096 A435C5C069AFD901751AC323AD238793 c:\windows\system32\user32.dll [-] 2001-10-26 17:29 75264 9B7D1C56CC12D806314B853BF52ECB4C c:\windows\$NtServicePackUninstall$\ws2_32.dll [7] 2008-04-14 20:51 82432 C0AA2AB856680C44739B41E01F5BD4E9 c:\windows\ServicePackFiles\i386\ws2_32.dll [7] 2008-04-14 20:51 82432 C0AA2AB856680C44739B41E01F5BD4E9 c:\windows\system32\ws2_32.dll [7] 2002-09-20 16:05 601600 4965C02574610E9B2D1E18D63D11A772 c:\windows\$NtServicePackUninstall$\wininet.dll [7] 2008-04-14 20:50 668672 0457F0AFD6EE10445D8CF721FB5FA4EB c:\windows\ServicePackFiles\i386\wininet.dll [7] 2008-04-14 20:50 668672 0457F0AFD6EE10445D8CF721FB5FA4EB c:\windows\system32\wininet.dll [7] 2002-08-28 23:58 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys [7] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\system32\drivers\tcpip.sys [7] 2002-09-20 16:05 519168 8B6E6BB5D451F8BBC0621203B687D993 c:\windows\$NtServicePackUninstall$\winlogon.exe [7] 2008-04-14 20:51 510464 51FD2E13D723857B9CA239AE77150F48 c:\windows\ServicePackFiles\i386\winlogon.exe [7] 2008-04-14 20:51 510464 51FD2E13D723857B9CA239AE77150F48 c:\windows\system32\winlogon.exe [7] 2002-08-29 00:09 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtServicePackUninstall$\ndis.sys [7] 2008-04-13 22:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys [7] 2008-04-13 22:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys [7] 2008-04-13 22:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys [7] 2008-04-13 22:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys [7] 2002-09-20 15:12 1949184 79D262478C985E736DEB38CE2224FC75 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [7] 2008-04-14 19:59 2067200 4BBA965664FAA56B187C27F4CAD7E7C5 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [7] 2008-04-14 19:59 2067200 4BBA965664FAA56B187C27F4CAD7E7C5 c:\windows\system32\ntkrnlpa.exe [7] 2002-09-20 15:12 2043520 AE94AE0DA6ED874CE08912FC63F8C6C2 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [7] 2008-04-14 20:00 2190336 8CA14ECF04594EABBE93C9FF2E3CBFB1 c:\windows\ServicePackFiles\i386\ntoskrnl.exe [7] 2008-04-14 20:00 2190336 8CA14ECF04594EABBE93C9FF2E3CBFB1 c:\windows\system32\ntoskrnl.exe [7] 2008-04-14 20:51 1035264 C791ED9EAC5E76D9525E157B1D7A599A c:\windows\explorer.exe [7] 2002-09-20 16:05 1005568 F4AF85D918E83D71341FCE2AA5318181 c:\windows\$NtServicePackUninstall$\explorer.exe [7] 2008-04-14 20:51 1035264 C791ED9EAC5E76D9525E157B1D7A599A c:\windows\ServicePackFiles\i386\explorer.exe [-] 2001-10-26 17:30 101888 BF4CBEFDCE42A699389791647CB95CA2 c:\windows\$NtServicePackUninstall$\services.exe [7] 2008-04-14 20:51 109056 3E3AE424E27C4CEFE4CAB368C7B570EA c:\windows\ServicePackFiles\i386\services.exe [7] 2008-04-14 20:51 109056 3E3AE424E27C4CEFE4CAB368C7B570EA c:\windows\system32\services.exe [7] 2002-09-20 16:05 11776 FA2C871F57352339F0A1802BB9AEA6E7 c:\windows\$NtServicePackUninstall$\lsass.exe [7] 2008-04-14 20:51 13312 88296F7943F30A1EE3AF735440B92268 c:\windows\ServicePackFiles\i386\lsass.exe [7] 2008-04-14 20:51 13312 88296F7943F30A1EE3AF735440B92268 c:\windows\system32\lsass.exe [7] 2002-09-20 16:05 13312 0C4C012B0A8960F48A666C240A7BAA3D c:\windows\$NtServicePackUninstall$\ctfmon.exe [7] 2008-04-14 20:51 15360 1BD41EDA5B869AFC99895C39A8DE36E1 c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2008-04-14 20:51 15360 1BD41EDA5B869AFC99895C39A8DE36E1 c:\windows\system32\ctfmon.exe [-] 2001-10-26 17:30 51200 414AF353E9EEED8637D90370FD0C3B68 c:\windows\$NtServicePackUninstall$\spoolsv.exe [7] 2008-04-14 20:51 57856 DD69EC597AB942C39B950D9C3CE1375D c:\windows\ServicePackFiles\i386\spoolsv.exe [7] 2008-04-14 20:51 57856 DD69EC597AB942C39B950D9C3CE1375D c:\windows\system32\spoolsv.exe [7] 2002-09-20 16:05 142336 2BDCBF19C5222FDA21B049D1FBAC7B36 c:\windows\$NtServicePackUninstall$\wuauclt.exe [7] 2008-04-14 20:51 112128 9A19BA6D99B8EC3DB5B3EFF71B0A0BB5 c:\windows\ServicePackFiles\i386\wuauclt.exe [7] 2008-04-14 20:51 112128 9A19BA6D99B8EC3DB5B3EFF71B0A0BB5 c:\windows\system32\wuauclt.exe [7] 2002-09-20 16:05 22528 323D3FFCBF99C59B2D20B4C5A7ECE347 c:\windows\$NtServicePackUninstall$\userinit.exe [7] 2008-04-14 20:51 26624 2A5B37D520508BE6570A3EA79695F5B5 c:\windows\ServicePackFiles\i386\userinit.exe [7] 2008-04-14 20:51 26624 2A5B37D520508BE6570A3EA79695F5B5 c:\windows\system32\userinit.exe [7] 2002-09-20 16:04 201216 C4EE140F5EDCF2FC20099B56DDBE5445 c:\windows\$NtServicePackUninstall$\termsrv.dll [7] 2008-04-14 20:50 296448 52E0505408EDD4AB5CCC7F83B67B4299 c:\windows\ServicePackFiles\i386\termsrv.dll [7] 2008-04-14 20:50 296448 52E0505408EDD4AB5CCC7F83B67B4299 c:\windows\system32\termsrv.dll [7] 2002-09-20 16:04 958976 8D452C28D7CAD9B5BBDB3C41730305E9 c:\windows\$NtServicePackUninstall$\kernel32.dll [7] 2008-04-14 20:50 1018368 FCE4ECC34A36EDACF03DBE8DE5E28910 c:\windows\ServicePackFiles\i386\kernel32.dll [7] 2008-04-14 20:50 1018368 FCE4ECC34A36EDACF03DBE8DE5E28910 c:\windows\system32\kernel32.dll [-] 2001-10-26 17:29 14848 CF06FF4307712677DD2EA86921CCD52F c:\windows\$NtServicePackUninstall$\powrprof.dll [7] 2008-04-14 20:50 17408 414C17A2958AEDAC700BBAAFBF999F94 c:\windows\ServicePackFiles\i386\powrprof.dll [7] 2008-04-14 20:50 17408 414C17A2958AEDAC700BBAAFBF999F94 c:\windows\system32\powrprof.dll [7] 2002-09-20 16:03 103936 B85F29A061F7D554C8F8092ADE4EC107 c:\windows\$NtServicePackUninstall$\imm32.dll [7] 2008-04-14 20:50 110080 2E9A03268E609917B83921EE16FD9CFB c:\windows\ServicePackFiles\i386\imm32.dll [7] 2008-04-14 20:50 110080 2E9A03268E609917B83921EE16FD9CFB c:\windows\system32\imm32.dll [7] 2002-09-20 16:04 1145856 E77F6154BF8E41D74B80603701C3B9AA c:\windows\$NtServicePackUninstall$\sfcfiles.dll [7] 2008-04-14 20:50 1571840 A9ED600F08A92143253C10EDB5651ECF c:\windows\ServicePackFiles\i386\sfcfiles.dll [7] 2008-04-14 20:50 1571840 A9ED600F08A92143253C10EDB5651ECF c:\windows\system32\sfcfiles.dll [7] 2002-09-20 16:03 160768 26C5A28804C27CCBE3C406AFE2691C24 c:\windows\$NtServicePackUninstall$\appmgmts.dll [7] 2008-04-14 20:50 172032 1561430DA2F2AB81CC0CE71AF95A778D c:\windows\ServicePackFiles\i386\appmgmts.dll [7] 2008-04-14 20:50 172032 1561430DA2F2AB81CC0CE71AF95A778D c:\windows\system32\appmgmts.dll [7] 2002-09-20 15:40 23808 FF7EFE2843AC5DCA6AE0DDA14593FE70 c:\windows\$NtServicePackUninstall$\kbdclass.sys [7] 2008-04-14 19:50 24960 2AECA45D4AEAACBDCB77AD11184E4601 c:\windows\ServicePackFiles\i386\kbdclass.sys [7] 2008-04-14 19:50 24960 2AECA45D4AEAACBDCB77AD11184E4601 c:\windows\system32\drivers\kbdclass.sys . ((((((((((((((((((((((((((((( SnapShot@2009-06-27_16.42.38 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-27 18:07 . 2009-06-27 18:07 16384 c:\windows\Temp\Perflib_Perfdata_d4.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreshDownload"="c:\program files\FreshDevices\FreshDownload\FD.EXE" [2009-06-15 3152904] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\c:^documents and settings^all users^application data^microsoft^shortcuts^icwsetup.exe] path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe backup=c:\windows\pss\icwsetup.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\c:^documents and settings^xp^menu start^programy^autostart^rncsys32.exe] path=c:\documents and settings\XP\Menu Start\Programy\Autostart\rncsys32.exe backup=c:\windows\pss\rncsys32.exeStartup [HKLM\~\startupfolder\c:^documents and settings^xp^menu start^programy^autostart^tworzenie wycinków ekranu i uruchamianie programu onenote 2007.lnk] path=c:\documents and settings\XP\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\csmania.eu\\Condition Zero csmania.eu\\Condition Zero\\hl.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Documents and Settings\\XP\\Pulpit\\utorrent.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.speedbit.com/ uInternet Connection Wizard,ShellNext = iexplore IE: &pobierz wszystko przez flashget - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm IE: &pobrane przez flashget - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm IE: &Ściągnij przy pomocy flashget'a - c:\program files\FlashGet\jc_link.htm IE: &Ściągnij wszystko przy pomocy flashget'a - c:\program files\FlashGet\jc_all.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: {{793519b5-cad5-479f-94f2-8c8e833dc589} - c:\program files\FreshDevices\FreshDownload\fd.exe LSP: c:\windows\system32\idmmbc.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\XP\Dane aplikacji\Mozilla\Firefox\Profiles\dsackb59.default\ FF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-27 20:07 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3abccc94-346e-4099-b8cb-f2d09015ad10}] @Denied: (Full) (Everyone) "Model"=dword:000000b0 "Therad"=dword:00000017 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):34,ca,2b,2d,b5,79,88,8f,13,68,1d,eb,e1,3b,f7,fe,89,03,5e,a1,41, 4e,93,96,eb,89,07,a0,b8,47,97,6c,b3,3b,db,7c,4d,d5,af,61,00,00,00,00,00,00,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(720) c:\windows\system32\idmmbc.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\FreshDevices\FreshDownload\fdgo.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-06-27 20:17 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-06-27 18:16 ComboFix2.txt 2009-06-27 16:46 Przed: 4 404 375 552 bajtów wolnych Po: 4 266 557 440 bajtów wolnych 325

pokombinowałem chwilę sam bo efektów nadal nie było... za to co zauważyłem komputer zawiesza się bądź resetuje jak otworze kilka stron w ff, jak otworzę jakiś plik video lub włączę counter-strika... wszystko przy włączonym fresh download w tle... jednak jak wyłączę go to odziwo moge grać oglądać i nie ma najmniejszych problemów więc chyba wynika że to wszystko wina programu do pobierania...

**Posty:** 18165 · przez **wojtas** 29 Cze 2009, 19:25

Prawym na ,,Mój komputer">właściwości>Zakładka "Zaawansowane" -> Uruchamianie i odzyskiwanie i klikamy "ustawienia">
w części "Awaria systemu" odznaczamy pole "Automatycznie uruchom ponownie"

teraz zamiast resetu pojawi sie bluescreen przepisz kod bledu z dolu strony bluescreena

**Posty:** 54 · przez **szatan15** 03 Lip 2009, 09:39

nie chce zamieszczać nowego tematu i robić bałaganu więc opisze wszystko tutaj tamten problem to był chyba problem programu do pobierania fresh download gdy go usunąłem i zmieniłem na inny problemu nie ma ale za to dzisiaj pojawił się inny wczoraj szukałem trochę na googlach na zagranicznych stronkach i wpadło mi trochę nieprzyjaznego oprogramowania czego efektem po dzisiejszym włączeniu komputera był brak ikonek oraz pasku startu czyli w menadżerze brak procesu explorer.exe wyświetlił się też komunikat że nie może go znaleźć... próbowałem uruchomić go samemu ale się nie udało więc zabrałem się za skanowanie komputera bo zauważyłem kilka nieznanych mi wcześniej procesów po kolei zrobiłem skan F-Secure Online Virus Scanner wykrył trochę szkodliwego oprogramowania i usunął dalej Kaspersky Anti-Virus Web Scanner także coś znalazł coś usunoł... potem zrobiłem skan programem który mi wcześniej poleciłeś Dr. Web CureIt ten z kolei znalazł najwięcej bo powyrzej 20plików które też usunoł jednak problem nie zniknoł... znikneło kilka niepokojących mnie procesów ale jak nie było tak dalej nie ma explorera dlatego podaje kilka logów

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2009-07-03 08:55:02 - Run 2 OTL by OldTimer - Version 3.0.6.3 Folder = C:\Documents and Settings\XP\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,48 Mb Total Physical Memory | 692,03 Mb Available Physical Memory | 67,68% Memory free 2,40 Gb Paging File | 2,21 Gb Available in Paging File | 91,84% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38,16 Gb Total Space | 4,06 Gb Free Space | 10,65% Space Free | Partition Type: NTFS Drive D: | 524,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 4,65 Gb Total Space | 0,38 Gb Free Space | 8,09% Space Free | Partition Type: NTFS Drive F: | 4,88 Gb Total Space | 1,69 Gb Free Space | 34,54% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XP-OLMWF7U33DFU Current User Name: XP Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-07-03 07:58:00 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe PRC - [2009-05-07 11:18:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2005-01-28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2009-07-03 07:58:05 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVGLS\avgnsx.exe PRC - [2008-04-14 22:51:52 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008-04-14 22:51:52 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2009-06-13 09:32:56 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-08-08 07:04:10 | 01,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE PRC - [2009-07-03 08:54:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-04-14 22:49:54 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running]) SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-07-03 07:58:00 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe -- (avg8wd [Auto | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-05-07 11:18:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2007-11-06 22:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped]) SRV - [2005-01-28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-07-03 07:58:23 | 00,253,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running]) DRV - [2009-07-03 07:58:22 | 00,108,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running]) DRV - [2003-05-01 12:08:52 | 00,743,367 | ---- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand | Running]) DRV - [2009-07-03 08:04:00 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\XP\Ustawienia lokalne\temp\OnlineScanner\Anti-Virus\fsgk.sys -- (F-Secure Standalone Minifilter [On_Demand | Stopped]) DRV - [2008-04-14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2003-04-15 04:39:46 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running]) DRV - [2008-04-14 00:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped]) DRV - [2007-11-06 22:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2002-10-04 04:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS -- (rtl8139 [On_Demand | Running]) DRV - [2009-03-15 12:25:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2008-04-14 00:30:04 | 00,225,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running]) DRV - [2003-04-15 04:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) DRV - [2003-04-15 04:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101687&l=dis IE - URLSearchHook: {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=GGSV5&o=101684&locale=en_US&q=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-07 11:18:44 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVGLS\Firefox [2009-07-03 07:58:00 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\mozilla firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-07-02 21:01:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\mozilla firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-26 19:32:42 | 00,000,000 | ---D | M] [2009-05-06 23:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\mozilla\Extensions [2009-05-06 23:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-07-03 08:51:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\mozilla\Firefox\Profiles\dsackb59.default\extensions [2009-06-04 18:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\mozilla\Firefox\Profiles\dsackb59.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009-07-02 21:01:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dane aplikacji\mozilla\Firefox\Profiles\dsackb59.default\extensions\toolbar@ask.com [2009-07-02 21:06:19 | 00,002,240 | ---- | M] () -- C:\Documents and Settings\XP\Dane aplikacji\Mozilla\FireFox\Profiles\dsackb59.default\searchplugins\askcom.xml [2009-07-03 08:51:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-06-13 09:33:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-05-07 11:18:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-06-13 09:32:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-06-13 09:32:55 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-05-07 11:18:44 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2007-03-27 09:48:51 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007-03-27 09:49:32 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-06-13 09:32:58 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2003-05-15 10:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-09-10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll File not found O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98C92840-EB1C-40BD-B6A5-395EC9CD6510} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVGLS\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation) O4 - HKLM..\RunOnce: [AVG frw] File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: FreshDownload - {793519b5-cad5-479f-94f2-8c8e833dc589} - C:\Program Files\FreshDevices\FreshDownload\fd.exe File not found O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner 4.0 Launcher) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.113.224.35 217.113.224.36 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-05-01 19:04:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001-10-26 18:12:38 | 00,000,112 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009-02-27 20:29:03 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [4 C:\WINDOWS\*.tmp files] [2009-07-03 08:54:57 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe [2009-07-03 08:30:07 | 00,000,000 | ---D | C] -- C:\Avenger [2009-07-03 07:58:24 | 00,001,520 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG LinkScanner®.lnk [2009-07-03 07:58:23 | 00,253,832 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009-07-03 07:58:22 | 00,108,296 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2009-07-03 07:58:00 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009-07-03 07:57:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\avg8ls [2009-07-03 07:42:09 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\HijackThis.lnk [2009-07-03 07:41:18 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3090.exe [2009-07-03 07:41:18 | 00,000,000 | --SD | C] -- C:\ComboFix [2009-07-03 00:46:48 | 01,106,807 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Full_Metal_Panic!-1090-fr.jpg [2009-07-03 00:46:31 | 01,226,884 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Full_Metal_Panic!-1089-fr.jpg [2009-07-03 00:42:29 | 01,100,123 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Full_Metal_Panic!-1088-fr.jpg [2009-07-03 00:35:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Pulpit\Full_Metal_Panic_ep01_24_Rahvin_AnimeSubInfo_id16993 [2009-07-03 00:35:31 | 00,140,364 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Full_Metal_Panic_ep01_24_Rahvin_AnimeSubInfo_id16993.zip [2009-07-02 22:00:55 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\lcb.exe [2009-07-02 21:39:43 | 00,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI [2009-07-02 21:27:25 | 00,000,000 | ---D | C] -- C:\Program Files\LeechGet 2009 [2009-07-02 21:26:05 | 03,054,220 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\LeechGet_2.1_2009.exe [2009-07-02 21:03:51 | 00,000,000 | ---D | C] -- C:\Program Files\LeechGet 2007 [2009-07-02 21:02:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\AskToolbar [2009-07-02 21:01:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\GetGo Software [2009-07-02 21:01:41 | 00,000,000 | ---D | C] -- C:\Program Files\GetGo Software [2009-07-02 21:01:34 | 00,000,228 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2009-07-02 21:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com [2009-07-02 20:53:57 | 02,695,444 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\LeechGet2.1.exe [2009-07-02 20:53:02 | 04,060,312 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\GetGoSetup.exe [2009-07-02 20:51:14 | 00,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI [2009-07-02 20:51:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\Conceiva [2009-07-02 20:50:54 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap [2009-07-02 20:33:25 | 03,224,463 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\fgf173.exe [2009-07-02 20:33:05 | 02,129,325 | ---- | C] ( ) -- C:\Documents and Settings\XP\Pulpit\freshdow.exe [2009-07-02 20:31:45 | 26,019,088 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\XP\Pulpit\downloadstudio-setup.exe [2009-07-01 02:00:40 | 00,315,973 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Panstwowa Inspekcja Pracy.jpg [2009-06-30 08:37:06 | 00,402,833 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Tokkô-2460-fr.jpg [2009-06-30 08:36:55 | 00,900,167 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Tokkô-2466-fr.jpg [2009-06-30 08:36:31 | 00,929,855 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Tokkô-2465-en.jpg [2009-06-30 08:36:12 | 00,323,837 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Tokkô-2459-en.jpg [2009-06-29 15:40:36 | 07,855,890 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\P53_S36_PIKUJ_300dpi.jpg zwinin.jpg [2009-06-28 20:21:06 | 00,005,808 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\_gg__Code_Geass_-_Picture_Book_22.25__E776C879_.mkv [2009-06-28 00:07:11 | 00,045,903 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\grill-12.jpg [2009-06-27 20:56:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\ReGet Software [2009-06-27 20:56:01 | 00,001,672 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\ReGet Deluxe.lnk [2009-06-27 20:55:58 | 00,000,065 | ---- | C] () -- C:\WINDOWS\english.lng [2009-06-27 20:55:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ReGet Shared [2009-06-27 20:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\ReGet Software [2009-06-27 20:44:08 | 00,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe [2009-06-27 20:36:50 | 00,000,000 | ---D | C] -- C:\Program Files\GetRight [2009-06-27 20:20:51 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-06-27 18:43:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache [2009-06-27 18:36:35 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009-06-27 18:36:32 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-06-27 18:36:28 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-06-27 18:30:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-06-27 18:30:42 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-06-27 18:30:42 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-06-27 18:30:42 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-06-27 18:30:42 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-06-27 18:30:42 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-06-27 18:30:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-06-27 18:30:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-06-27 18:30:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-06-27 18:30:01 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-06-27 18:25:23 | 03,042,087 | R--- | C] () -- C:\Documents and Settings\XP\Pulpit\ComboFix.exe [2009-06-26 20:30:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\Malwarebytes [2009-06-26 20:30:34 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-06-26 20:30:32 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-06-26 20:30:30 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-06-26 20:30:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-06-26 20:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-06-26 17:54:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2009-06-26 17:44:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-06-26 00:42:33 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\s131.xls [2009-06-25 23:39:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Desktop [2009-06-25 23:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\FreshDevices [2009-06-25 18:30:44 | 00,000,162 | ---- | C] () -- C:\Documents and Settings\XP\Moje dokumenty\flash.lst [2009-06-25 16:49:34 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet [2009-06-24 18:32:35 | 00,114,230 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\FGXL_SPOL_(www.programs.pl).exe [2009-06-22 12:52:18 | 00,000,000 | ---D | C] -- C:\Program Files\Gabest [2009-06-22 12:44:21 | 06,833,525 | ---- | C] (CCCP Project ) -- C:\Documents and Settings\XP\Pulpit\Combined-Community-Codec-Pack-2008-09-21.exe [2009-06-22 12:08:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\Aegisub [2009-06-22 12:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Aegisub [2009-06-22 12:03:18 | 25,265,044 | ---- | C] (Aegisub Team ) -- C:\Documents and Settings\XP\Pulpit\aegisub-r2494-setup.exe [2009-06-21 11:03:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-06-21 11:02:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit [2009-06-21 11:02:33 | 00,000,000 | ---D | C] -- C:\Program Files\DAP [2009-06-21 10:57:24 | 09,437,208 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\dap91.exe [2009-06-21 10:28:42 | 00,210,049 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\aegikc4.jpg [2009-06-20 19:00:03 | 00,400,405 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\tydzien.mp3 [2009-06-20 17:31:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Pulpit\sita [2009-06-18 23:10:30 | 01,739,720 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\444.jpg [2009-06-18 23:10:02 | 01,678,298 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\299.jpg [2009-06-18 23:09:18 | 01,246,400 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\179.jpg [2009-06-16 14:50:43 | 03,241,307 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\DSC00572.JPG [2009-06-16 14:48:59 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS [2009-06-14 21:29:06 | 00,015,962 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Baśń.docx [2009-06-14 21:23:36 | 00,002,513 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Microsoft Office Word 2007.lnk [2009-06-14 00:01:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Moje dokumenty\Notesy programu OneNote [2009-06-12 00:33:08 | 00,961,525 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-1936-en.jpg [2009-06-12 00:32:58 | 01,008,087 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2036-fr.jpg [2009-06-12 00:32:49 | 00,972,010 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2034-fr.jpg [2009-06-12 00:32:36 | 01,278,036 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2033-fr.jpg [2009-06-11 21:58:46 | 00,159,430 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Zakladki 2009-06-11.json [2009-06-11 16:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Moje dokumenty\NeroVision [2009-06-10 22:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\Ahead [2009-06-10 19:08:04 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2_PL [2009-06-10 10:53:07 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Skrót do NeroStartSmart.lnk [2009-06-10 10:52:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\Ahead [2009-06-08 11:19:43 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\VirtualDubMod.lnk [2009-06-08 11:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDubMod [2009-06-08 08:34:30 | 00,000,000 | ---D | C] -- C:\Setup [2009-06-08 08:34:30 | 00,000,000 | ---D | C] -- C:\Redist [2009-06-08 08:34:30 | 00,000,000 | ---D | C] -- C:\Program Files\Nero [2009-06-08 08:34:30 | 00,000,000 | ---D | C] -- C:\Cab [2009-06-07 07:36:32 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Gadu-Gadu.lnk [2009-06-07 07:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2009-06-07 07:33:17 | 00,000,000 | ---D | C] -- C:\haker [2009-06-06 20:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\uTorrent [2009-06-06 19:46:20 | 00,001,557 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\mkvmerge GUI.lnk [2009-06-06 19:46:07 | 00,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix [2009-06-05 16:55:16 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\XP\Moje dokumenty\Internet.lnk [2009-06-05 16:17:09 | 00,000,788 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Skrót do IDMan.lnk [2009-06-05 16:14:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2009-06-05 16:11:09 | 00,046,695 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\lista.ef2 [2009-06-05 03:14:44 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2009-06-05 03:14:44 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2009-06-05 03:14:43 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2009-06-05 03:14:43 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2009-06-05 03:14:42 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-06-05 03:14:42 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-06-05 03:14:40 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll [2009-06-05 03:14:37 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-06-05 03:14:37 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-06-05 03:14:34 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll [2009-06-04 22:40:00 | 00,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack [2009-06-04 20:52:35 | 00,000,348 | ---- | C] () -- C:\Documents and Settings\XP\Pulpit\Moje dokumenty.lnk [2009-06-04 19:20:50 | 00,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI [2009-06-04 19:19:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dane aplikacji\DMCache [2009-06-04 19:19:12 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager [2009-06-04 18:58:40 | 00,000,000 | ---D | C] -- C:\profiles [2009-06-04 03:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Pulpit\poszukiwanianr5 [2009-06-03 14:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP\Moje dokumenty\GoD [2009-05-31 14:32:13 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2009-05-30 19:10:56 | 00,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009-05-17 12:04:43 | 00,000,267 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-05-09 22:28:55 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009-05-08 08:30:32 | 00,000,118 | ---- | C] () -- C:\WINDOWS\holzed.ini [2009-05-07 23:15:32 | 00,974,848 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll [2009-05-07 23:15:32 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2009-05-07 23:15:31 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll [2009-05-07 00:00:39 | 00,003,494 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-05-02 22:21:25 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-05-01 19:44:35 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-05-01 19:14:57 | 01,900,544 | ---- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll [2009-05-01 19:14:57 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2009-05-01 19:14:57 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2009-05-01 19:14:57 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2009-05-01 19:14:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2009-05-01 19:14:43 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2009-01-05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007-11-06 22:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007-03-27 09:55:48 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2002-10-16 00:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2001-07-22 00:16:20 | 00,000,687 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009-07-03 08:54:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Pulpit\OTL.exe [2009-07-03 08:53:56 | 00,003,494 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009-07-03 08:50:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-07-03 08:50:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-07-03 08:01:00 | 00,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2009-07-03 07:58:24 | 00,001,520 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG LinkScanner®.lnk [2009-07-03 07:58:23 | 00,253,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009-07-03 07:58:22 | 00,108,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2009-07-03 07:42:09 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\HijackThis.lnk [2009-07-03 07:41:12 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3090.exe [2009-07-03 00:46:57 | 01,106,807 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Full_Metal_Panic!-1090-fr.jpg [2009-07-03 00:46:40 | 01,226,884 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Full_Metal_Panic!-1089-fr.jpg [2009-07-03 00:42:34 | 01,100,123 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Full_Metal_Panic!-1088-fr.jpg [2009-07-03 00:35:29 | 00,140,364 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Full_Metal_Panic_ep01_24_Rahvin_AnimeSubInfo_id16993.zip [2009-07-03 00:34:15 | 00,000,687 | ---- | M] () -- C:\WINDOWS\win.ini [2009-07-03 00:16:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009-07-03 00:16:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-07-02 23:17:03 | 00,002,725 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Condition Zero csmania.eu.exe.lnk [2009-07-02 22:00:48 | 00,029,696 | ---- | M] () -- C:\WINDOWS\System32\lcb.exe [2009-07-02 21:39:43 | 00,000,023 | ---- | M] () -- C:\WINDOWS\DownloadStudio.INI [2009-07-02 21:26:33 | 03,054,220 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\LeechGet_2.1_2009.exe [2009-07-02 20:55:59 | 02,695,444 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\LeechGet2.1.exe [2009-07-02 20:53:39 | 04,060,312 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\GetGoSetup.exe [2009-07-02 20:52:33 | 00,000,033 | ---- | M] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI [2009-07-02 20:41:06 | 26,019,088 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\XP\Pulpit\downloadstudio-setup.exe [2009-07-02 20:39:47 | 03,224,463 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\fgf173.exe [2009-07-02 20:33:16 | 02,129,325 | ---- | M] ( ) -- C:\Documents and Settings\XP\Pulpit\freshdow.exe [2009-07-01 20:06:09 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-07-01 14:52:53 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-07-01 02:00:44 | 00,315,973 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Panstwowa Inspekcja Pracy.jpg [2009-06-30 08:37:06 | 00,402,833 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Tokkô-2460-fr.jpg [2009-06-30 08:36:58 | 00,900,167 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Tokkô-2466-fr.jpg [2009-06-30 08:36:35 | 00,929,855 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Tokkô-2465-en.jpg [2009-06-30 08:36:11 | 00,323,837 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Tokkô-2459-en.jpg [2009-06-29 15:40:39 | 07,855,890 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\P53_S36_PIKUJ_300dpi.jpg zwinin.jpg [2009-06-29 03:32:27 | 00,005,808 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\_gg__Code_Geass_-_Picture_Book_22.25__E776C879_.mkv [2009-06-28 00:07:14 | 00,045,903 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\grill-12.jpg [2009-06-27 20:56:01 | 00,001,672 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\ReGet Deluxe.lnk [2009-06-27 20:55:58 | 00,000,065 | ---- | M] () -- C:\WINDOWS\english.lng [2009-06-27 20:07:22 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-06-27 18:26:47 | 03,042,087 | R--- | M] () -- C:\Documents and Settings\XP\Pulpit\ComboFix.exe [2009-06-26 20:30:34 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-06-26 19:11:20 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2009-06-26 14:07:20 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-26 00:42:29 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\s131.xls [2009-06-25 18:30:45 | 00,000,162 | ---- | M] () -- C:\Documents and Settings\XP\Moje dokumenty\flash.lst [2009-06-24 18:32:41 | 00,114,230 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\FGXL_SPOL_(www.programs.pl).exe [2009-06-22 18:25:13 | 00,000,267 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini [2009-06-22 12:45:14 | 06,833,525 | ---- | M] (CCCP Project ) -- C:\Documents and Settings\XP\Pulpit\Combined-Community-Codec-Pack-2008-09-21.exe [2009-06-22 12:06:55 | 25,265,044 | ---- | M] (Aegisub Team ) -- C:\Documents and Settings\XP\Pulpit\aegisub-r2494-setup.exe [2009-06-21 11:00:20 | 09,437,208 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\dap91.exe [2009-06-21 10:28:44 | 00,210,049 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\aegikc4.jpg [2009-06-20 18:59:59 | 00,400,405 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\tydzien.mp3 [2009-06-20 04:44:54 | 00,002,513 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Microsoft Office Word 2007.lnk [2009-06-18 23:10:31 | 01,739,720 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\444.jpg [2009-06-18 23:10:03 | 01,678,298 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\299.jpg [2009-06-18 23:09:24 | 01,246,400 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\179.jpg [2009-06-17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-06-17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-06-16 03:39:02 | 02,107,710 | -H-- | M] () -- C:\Documents and Settings\XP\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-06-14 22:39:41 | 00,015,962 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Baśń.docx [2009-06-12 00:33:10 | 00,961,525 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-1936-en.jpg [2009-06-12 00:33:03 | 01,008,087 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2036-fr.jpg [2009-06-12 00:32:58 | 00,972,010 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2034-fr.jpg [2009-06-12 00:32:52 | 01,278,036 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\www.animecoversfan.com-Kenshin-2033-fr.jpg [2009-06-11 21:58:46 | 00,159,430 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Zakladki 2009-06-11.json [2009-06-10 11:10:17 | 00,003,380 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-06-10 10:53:07 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Skrót do NeroStartSmart.lnk [2009-06-08 15:13:49 | 00,000,067 | ---- | M] () -- C:\WINDOWS\IDMan.INI [2009-06-08 11:19:43 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\VirtualDubMod.lnk [2009-06-08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-06-07 07:36:32 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Gadu-Gadu.lnk [2009-06-07 02:05:45 | 00,451,696 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-06-07 02:05:45 | 00,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-06-07 02:05:45 | 00,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-06-07 02:05:45 | 00,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-06-07 02:05:44 | 00,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-06-06 19:46:20 | 00,001,557 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\mkvmerge GUI.lnk [2009-06-05 16:55:16 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\XP\Moje dokumenty\Internet.lnk [2009-06-05 16:17:09 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Skrót do IDMan.lnk [2009-06-05 16:11:09 | 00,046,695 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\lista.ef2 [2009-06-04 20:52:35 | 00,000,348 | ---- | M] () -- C:\Documents and Settings\XP\Pulpit\Moje dokumenty.lnk [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0 < End of report >

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:35:37, on 2009-07-03 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVGLS\avgnsx.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\totalcmd\TOTALCMD.EXE c:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101687&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (file missing) O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVGLS\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: FreshDownload - {793519b5-cad5-479f-94f2-8c8e833dc589} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 4998 bytes

Kod: Zaznacz wszystko: na http://www.dragonball.toya.net.pl/combo.txt zamieściłem log z ComboFixa tutaj się niestety nie mieścił..

dodam także że prubowałem przerzucić czy tam podmienić plik explorer.exe komendą expand X:\i386\explorer.ex_ C:\Windows gdzie X to mój napęd robiłem to w cmd w konsoli odzyskiwania nic nie znajdowało:/ w cmd pokazało się coś takiego...

Microsoft Windows XP [Wersja 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\XP>c:\windows\explorer.exe

C:\Documents and Settings\XP>expand D:\i386\explorer.ex_ C:\Windows
Narz©dzie rozwijania plik˘w Microsoft (R) wersja 5.1.2600.0
Copyright (C) Microsoft Corp 1990-1999. Wszelkie prawa zastrzeľone.

Rozszerzanie d:\i386\explorer.ex_ do c:\windows\explorer.ex_.
d:\i386\explorer.ex_: rozszerzono bajt˘w: 344143 do 1005568, przyrost o 192%.

nie wiem czy tak miało być ale dalej nie działa;] przywracanie systemu nie skutkuje zmieniałem także nazwę explorera na inną i próbowałem odpalać ale nie działało;]

**Posty:** 18165 · przez **wojtas** 03 Lip 2009, 11:32

odinstaluj Ask.com

wejdz do konsoli odzyskiwania i wpisz

expand X:\i386\explorer.ex_ C:\WINDOWS\

a jak nie działa

expand X:\i386\explorer.ex_ C:\WINDOWS\explorer.exe

X - literka Twojego napedu..

i reset kompa

**Posty:** 54 · przez **szatan15** 03 Lip 2009, 12:56

ciągle wyświetla że nie może znaleźć odpowiedniego pliku lub katalogu..

**Posty:** 18165 · przez **wojtas** 03 Lip 2009, 20:25

wyszukaj na kompie tego pliku... explorer.exe ? w jakich lokalizacjach go masz ? i jaki masz system wind xp z sp ? jakim

**Posty:** 54 · przez **szatan15** 03 Lip 2009, 21:59

mam 4;] chyba za duzo kombinowałem;] explorer.ex_, explorer.old, explorer.exe, explorer.rar wszystkie w C:\WINDOWS ręczne odalanie nie skutkuje jest błąd aplikacji... posiadam win xp serives pack 3

**Posty:** 18165 · przez **wojtas** 04 Lip 2009, 13:02

włóż płytkę windowsa - zbootuj ją. wejdź do konsoli odzyskiwania i w niej wpisz

chkdsk x: /r /p

gdzie x to litera partycji systemowej