ciałko utworzono 23 maja 2010 utworzono 23 maja 2010 Otóż komputer momentami strasznie wolno chodzi, gry zaczęły mi zacinać i praktycznie nie mogę oglądać żadnych filmów na youtube i innych stronach (prawie jak pokaz slajdów). Proszę o sprawdzenie logów z RSIT. Nie moge zrobić logów z OTL (zatrzymuje się w jednym miejscu i nie chce ruszyć). log.txt [log]Logfile of random's system information tool 1.07 (written by random/random) Run by Właściciel at 2010-05-22 12:46:46 Microsoft Windows XP Home Edition Dodatek Service Pack 2 System drive C: has 2 GB (14%) free of 16 GB Total RAM: 767 MB (36% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:46:49, on 10-05-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\OS\System32\smss.exe C:\OS\system32\winlogon.exe C:\OS\system32\services.exe C:\OS\system32\lsass.exe C:\OS\system32\Ati2evxx.exe C:\OS\system32\svchost.exe C:\OS\System32\svchost.exe C:\OS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\OS\Explorer.EXE C:\OS\system32\spoolsv.exe C:\OS\SOUNDMAN.EXE C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\OS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu 10\gg.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Właściciel\Moje dokumenty\Downloads\RSIT.exe C:\Program Files\trend micro\Właściciel.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\OS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\OS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe" O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\OS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\OS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\OS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\OS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 7429 bytes ======Scheduled tasks folder====== C:\OS\tasks\GoogleUpdateTaskMachineCore.job C:\OS\tasks\GoogleUpdateTaskMachineUA.job C:\OS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1035525444-725345543-1003Core.job C:\OS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1035525444-725345543-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2010-04-15 2515552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-10 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-02 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-02 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-04-21 42080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664] {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2010-04-15 2515552] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"=C:\OS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952] "PHIME2002ASync"=C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "PHIME2002A"=C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "SoundMan"=C:\OS\SOUNDMAN.EXE [2004-08-30 69632] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-02 149280] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-04 1848648] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-02-09 39408] "ctfmon.exe"=C:\OS\system32\ctfmon.exe [2004-08-04 15360] "Google Update"=C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-02-10 135664] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] "Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-04-21 11985504] C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe OpenOffice.ux.pl 2.0.4.lnk - C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\OS\system32\Ati2evxx.dll [2009-09-30 155648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Program Files\EA Sports\FIFA 08\FIFA08.exe"="C:\Program Files\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08" "D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 3 months====== 2010-05-22 12:35:50 ----D---- C:\Program Files\trend micro 2010-05-22 12:35:49 ----D---- C:\rsit 2010-05-18 17:58:06 ----D---- C:\Program Files\Conduit 2010-05-18 17:58:03 ----D---- C:\Program Files\XfireXO 2010-05-18 17:57:47 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Xfire 2010-05-18 17:57:37 ----D---- C:\Program Files\Xfire 2010-05-15 11:45:51 ----HD---- C:\OS\PIF 2010-05-07 21:48:14 ----A---- C:\OS\system32\xfcodec.dll 2010-05-04 22:41:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM 2010-05-04 22:41:32 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM 2010-05-04 22:39:30 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\ipla 2010-05-04 22:39:30 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ipla 2010-05-04 22:39:17 ----D---- C:\Program Files\ipla 2010-05-04 22:32:38 ----A---- C:\OS\system32\mfc71.dll 2010-05-04 22:32:38 ----A---- C:\OS\system32\gdiplus.dll 2010-05-04 22:31:45 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 10 2010-05-04 22:30:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-05-04 22:27:42 ----D---- C:\Program Files\Gadu-Gadu 10 2010-04-02 15:04:41 ----A---- C:\OS\game.ini 2010-03-22 13:46:40 ----SHD---- C:\OS\ftpcache 2010-03-09 19:26:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage 2010-03-03 19:41:16 ----D---- C:\OS\Sun 2010-02-25 17:32:40 ----D---- C:\Program Files\AliveMedia 2010-02-25 15:43:01 ----A---- C:\OS\system32\wmpns.dll 2010-02-25 15:36:12 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\CyberLink 2010-02-23 17:05:31 ----D---- C:\Sounds 2010-02-23 16:59:37 ----D---- C:\Program Files\LG Electronics 2010-02-23 16:58:25 ----A---- C:\OS\system32\NMSDVDXU.dll 2010-02-23 16:58:11 ----D---- C:\Program Files\LG PC Suite II 2010-02-23 16:58:11 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\LG Electronics 2010-02-23 16:57:31 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\InstallShield ======List of files/folders modified in the last 3 months====== 2010-05-22 12:36:00 ----D---- C:\OS\Prefetch 2010-05-22 12:35:50 ----RD---- C:\Program Files 2010-05-22 11:51:24 ----D---- C:\OS\Temp 2010-05-22 11:37:06 ----D---- C:\OS\system32\CatRoot2 2010-05-21 23:34:55 ----A---- C:\OS\SchedLgU.Txt 2010-05-21 15:14:35 ----HD---- C:\Program Files\InstallShield Installation Information 2010-05-21 15:14:16 ----SHD---- C:\OS\Installer 2010-05-21 14:15:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM 2010-05-18 17:58:02 ----D---- C:\OS\system32 2010-05-15 11:45:51 ----HD---- C:\OS 2010-05-13 18:51:24 ----D---- C:\OS\system32\DirectX 2010-05-06 12:12:11 ----D---- C:\OS\Help 2010-05-04 22:30:11 ----D---- C:\OS\WinSxS 2010-04-29 23:31:31 ----RSHDC---- C:\OS\system32\dllcache 2010-04-29 23:31:27 ----D---- C:\OS\system32\drivers 2010-04-26 10:47:21 ----D---- C:\Program Files\Shut Down-O-Matic 2010-04-20 15:49:04 ----D---- C:\Program Files\Winamp 2010-04-15 16:43:22 ----A---- C:\OS\win.ini 2010-04-13 21:27:23 ----D---- C:\OS\system32\config 2010-04-07 17:49:28 ----D---- C:\OS\system32\Adobe 2010-04-07 17:49:27 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Adobe 2010-04-07 17:48:49 ----D---- C:\OS\system32\Macromed 2010-03-28 10:09:02 ----A---- C:\OS\system32\PerfStringBackup.INI 2010-03-10 00:39:49 ----D---- C:\OS\security 2010-03-09 19:33:07 ----D---- C:\Program Files\Windows Media Player 2010-03-09 19:33:06 ----D---- C:\OS\RegisteredPackages 2010-03-09 19:32:55 ----HD---- C:\OS\inf 2010-03-07 21:41:26 ----SD---- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft 2010-02-25 16:33:40 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Ahead 2010-02-23 18:04:14 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\OS\system32\drivers\Aavmker4.sys [2010-02-11 28880] R1 aswSP;aswSP; C:\OS\system32\drivers\aswSP.sys [2010-02-11 162512] R1 aswTdi;avast! Network Shield Support; C:\OS\system32\drivers\aswTdi.sys [2010-02-11 46672] R1 intelppm;Sterownik procesora Intel; C:\OS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 kbdhid;Sterownik klawiatury HID; C:\OS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R2 aswFsBlk;aswFsBlk; C:\OS\system32\drivers\aswFsBlk.sys [2010-02-11 19024] R2 aswMon2;avast! Standard Shield Support; C:\OS\system32\drivers\aswMon2.sys [2010-02-11 100432] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\OS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\OS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713] R3 aswRdr;aswRdr; C:\OS\system32\drivers\aswRdr.sys [2010-02-11 23376] R3 ati2mtag;ati2mtag; C:\OS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056] R3 HidUsb;Sterownik Microsoft klasy HID; C:\OS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\OS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\OS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\OS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\OS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\OS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 mouhid;Sterownik myszy HID; C:\OS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 usbaudio;Sterownik audio USB (WDM); C:\OS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbbus;LGE Mobile Composite USB Device; C:\OS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056] S3 UsbDiag;LGE Mobile USB Serial Port; C:\OS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968] S3 USBModem;LGE Mobile USB Modem; C:\OS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832] S3 usbprint;Klasa PRINTER USB Microsoft; C:\OS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 USBSTOR;Sterownik magazynu masowego USB; C:\OS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\OS\system32\Ati2evxx.exe [2009-09-30 602112] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-02 153376] R2 UMWdf;Windows User Mode Driver Framework; C:\OS\system32\wdfmgr.exe [2005-01-28 38912] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] S2 ATI Smart;ATI Smart; C:\OS\system32\ati2sgag.exe [2009-09-29 593920] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-10 135664] S3 aspnet_state;ASP.NET State Service; C:\OS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\OS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\OS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-09 182768] S3 idsvc;Windows CardSpace; C:\OS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\OS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------[/log] info.txt [log]info.txt logfile of random's system information tool 1.06 2010-05-22 12:36:05 ======Uninstall list====== -->C:\OS\UNNeroBackItUp.exe /UNINSTALL -->C:\OS\UNNeroMediaHome.exe /UNINSTALL -->C:\OS\UNNeroShowTime.exe /UNINSTALL -->C:\OS\UNNeroVision.exe /UNINSTALL -->C:\OS\UNRecode.exe /UNINSTALL -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\OS\INF\PCHealth.inf 7-Zip 9.10 beta-->"C:\Program Files\7-Zip\Uninstall.exe" Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player 10 ActiveX-->C:\OS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\OS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} Adobe Shockwave Player 11.5-->"C:\OS\system32\Adobe\Shockwave 11\uninstaller.exe" ALLPlayer V2.3.1-->"C:\Program Files\MarBit\ALLPlayer\unins000.exe" ASUSDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5c32 ATI Display Driver-->rundll32 C:\OS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup Canon iP1900 series Printer Driver-->"C:\OS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series /L0x0015 Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45} ClassicPro© v1.14-->"C:\Program Files\Winamp\Uninstall ClassicPro.exe" Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" EA SPORTS online 2008-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697} Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\OS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0015 -removeonly LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x15 LG -removeonly Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{2AFF2951-86B1-3C53-B34D-B440F11E7D0A} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994} Microsoft .NET Framework 3.5 SP1-->C:\OS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP3 Joiner version 1.22-->"e:\Program Files\MP3JOINER\unins000.exe" MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Narzędzie Software Uninstall Utility firmy ATI-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe Native Instruments Service Center-->E:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE E:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG Nero 7 Ultra Edition-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11045} OpenOffice.org 3.1-->MsiExec.exe /I{D2D3D146-67BC-43D0-9015-2E7BAC2E032B} Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->C:\OS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe PDF-Viewer-->"C:\Program Files\Tracker Software\PDF Viewer\unins000.exe" Poprawka dla systemu Windows XP (KB942288-v3)-->"C:\OS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe" Real Alternative 2.0.0-->"C:\Program Files\Real Alternative\unins000.exe" Rejestracja użytkownika drukarki Canon iP1900 series-->C:\Program Files\Canon\IJEREG\iP1900 series\UNINST.EXE Shut Down-O-Matic-->C:\Program Files\Shut Down-O-Matic\Uninstall.exe VDownloader 2.7.333-->"e:\Program Files\VDownloader\unins000.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Imaging Component-->"C:\OS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\OS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\OS\ie8\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" XfireXO Toolbar-->C:\PROGRA~1\XfireXO\UNWISE.EXE /U C:\PROGRA~1\XfireXO\INSTALL.LOG XML Paper Specification Shared Components Language Pack 1.0-->"C:\OS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4} ======System event log====== Computer Name: HOM Event Code: 7035 Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom. Record Number: 5655 Source Name: Service Control Manager Time Written: 20100331231118.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: HOM Event Code: 7036 Message: Usługa Google Software Updater weszła w stan zatrzymania. Record Number: 5654 Source Name: Service Control Manager Time Written: 20100331194109.000000+120 Event Type: informacje User: Computer Name: HOM Event Code: 7036 Message: Usługa Usługa Google Update (gupdate) weszła w stan zatrzymania. Record Number: 5653 Source Name: Service Control Manager Time Written: 20100331194016.000000+120 Event Type: informacje User: Computer Name: HOM Event Code: 7036 Message: Usługa Usługa Google Update (gupdate) weszła w stan uruchomienia. Record Number: 5652 Source Name: Service Control Manager Time Written: 20100331194010.000000+120 Event Type: informacje User: Computer Name: HOM Event Code: 7035 Message: Do usługi Usługa Google Update (gupdate) został pomyślnie wysłany kod sterowania uruchom. Record Number: 5651 Source Name: Service Control Manager Time Written: 20100331194010.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM =====Application event log===== Computer Name: HOM Event Code: 105 Message: The service was started. Record Number: 672 Source Name: ATI Smart Time Written: 20100309105554.000000+060 Event Type: informacje User: Computer Name: HOM Event Code: 0 Message: Record Number: 671 Source Name: gusvc Time Written: 20100308191445.000000+060 Event Type: informacje User: Computer Name: HOM Event Code: 0 Message: Record Number: 670 Source Name: gupdate Time Written: 20100308191353.000000+060 Event Type: informacje User: Computer Name: HOM Event Code: 0 Message: Record Number: 669 Source Name: gupdate Time Written: 20100308191346.000000+060 Event Type: informacje User: Computer Name: HOM Event Code: 0 Message: Record Number: 668 Source Name: gusvc Time Written: 20100308191345.000000+060 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------[/log]
Tomek01 komentarz 23 maja 2010 komentarz 23 maja 2010 Odinstaluj XfireXO Toolbar. W HiJackThis zaznacz fajki przy podanych niżej wpisach i fix chcecked: [code]R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll[/code] Do notatnika systemowego wklej taki tekst, (bez frazy kod): [code]Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{5e5ab302-7f65-44cd-8211-c1d4caaccea3} {5e5ab302-7f65-44cd-8211-c1d4caaccea3}=-[/code] Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru. Po wykonaniu tych czynności załącz logi RSIT i OTL.
ciałko komentarz 23 maja 2010 Autor komentarz 23 maja 2010 Dzięki za odpowiedź. Zrobiłem loga z RSIT ale jak mówiłem OTL nie działa. Zatrzymuje się na C:\OS\system32\Ati2evxx.exe... i nie chce dalej ruszyć więc z OTL niestety nie zrobię . Oto log: [log]Logfile of random's system information tool 1.07 (written by random/random) Run by Właściciel at 2010-05-23 19:23:43 Microsoft Windows XP Home Edition Dodatek Service Pack 2 System drive C: has 6 GB (39%) free of 16 GB Total RAM: 767 MB (41% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:23:47, on 10-05-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\OS\System32\smss.exe C:\OS\system32\winlogon.exe C:\OS\system32\services.exe C:\OS\system32\lsass.exe C:\OS\system32\Ati2evxx.exe C:\OS\system32\svchost.exe C:\OS\System32\svchost.exe C:\OS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\OS\Explorer.EXE C:\OS\system32\spoolsv.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\OS\SOUNDMAN.EXE C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\OS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu 10\gg.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\OS\system32\svchost.exe C:\Documents and Settings\Właściciel\Moje dokumenty\RSIT.exe C:\Program Files\trend micro\Właściciel.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\OS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\OS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe" O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\OS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\OS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\OS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\OS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 7006 bytes ======Scheduled tasks folder====== C:\OS\tasks\GoogleUpdateTaskMachineCore.job C:\OS\tasks\GoogleUpdateTaskMachineUA.job C:\OS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1035525444-725345543-1003Core.job C:\OS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1035525444-725345543-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-10 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-02 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-02 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-04-21 42080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"=C:\OS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952] "PHIME2002ASync"=C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "PHIME2002A"=C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "SoundMan"=C:\OS\SOUNDMAN.EXE [2004-08-30 69632] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-02 149280] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-04 1848648] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-02-09 39408] "ctfmon.exe"=C:\OS\system32\ctfmon.exe [2004-08-04 15360] "Google Update"=C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-02-10 135664] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] "Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-04-21 11985504] C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe OpenOffice.ux.pl 2.0.4.lnk - C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\OS\system32\Ati2evxx.dll [2009-09-30 155648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Program Files\EA Sports\FIFA 08\FIFA08.exe"="C:\Program Files\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08" "D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 3 months====== 2010-05-22 12:35:50 ----D---- C:\Program Files\trend micro 2010-05-22 12:35:49 ----D---- C:\rsit 2010-05-15 11:45:51 ----HD---- C:\OS\PIF 2010-05-04 22:41:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM 2010-05-04 22:41:32 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM 2010-05-04 22:39:30 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\ipla 2010-05-04 22:39:30 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ipla 2010-05-04 22:32:38 ----A---- C:\OS\system32\mfc71.dll 2010-05-04 22:32:38 ----A---- C:\OS\system32\gdiplus.dll 2010-05-04 22:31:45 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 10 2010-05-04 22:30:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-05-04 22:27:42 ----D---- C:\Program Files\Gadu-Gadu 10 2010-04-02 15:04:41 ----A---- C:\OS\game.ini 2010-03-22 13:46:40 ----SHD---- C:\OS\ftpcache 2010-03-09 19:26:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage 2010-03-03 19:41:16 ----D---- C:\OS\Sun 2010-02-25 17:32:40 ----D---- C:\Program Files\AliveMedia 2010-02-25 15:43:01 ----A---- C:\OS\system32\wmpns.dll 2010-02-25 15:36:12 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\CyberLink ======List of files/folders modified in the last 3 months====== 2010-05-23 19:23:45 ----D---- C:\OS\Prefetch 2010-05-23 19:15:31 ----A---- C:\OS\setuplog.txt 2010-05-23 18:57:03 ----SHD---- C:\OS\Installer 2010-05-23 18:05:19 ----D---- C:\OS\Temp 2010-05-23 17:51:29 ----D---- C:\OS\system32\CatRoot2 2010-05-23 17:49:13 ----A---- C:\OS\SchedLgU.Txt 2010-05-23 17:44:35 ----D---- C:\Program Files\EA Sports 2010-05-22 20:46:29 ----D---- C:\Program Files\Mozilla Firefox 2010-05-22 16:17:14 ----RD---- C:\Program Files 2010-05-22 13:55:03 ----D---- C:\OS\system32 2010-05-21 15:14:35 ----HD---- C:\Program Files\InstallShield Installation Information 2010-05-21 14:15:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM 2010-05-15 11:45:51 ----HD---- C:\OS 2010-05-13 18:51:24 ----D---- C:\OS\system32\DirectX 2010-05-06 12:12:11 ----D---- C:\OS\Help 2010-05-04 22:30:11 ----D---- C:\OS\WinSxS 2010-04-29 23:31:31 ----RSHDC---- C:\OS\system32\dllcache 2010-04-29 23:31:27 ----D---- C:\OS\system32\drivers 2010-04-26 10:47:21 ----D---- C:\Program Files\Shut Down-O-Matic 2010-04-20 15:49:04 ----D---- C:\Program Files\Winamp 2010-04-15 16:43:22 ----A---- C:\OS\win.ini 2010-04-13 21:27:23 ----D---- C:\OS\system32\config 2010-04-07 17:49:28 ----D---- C:\OS\system32\Adobe 2010-04-07 17:49:27 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Adobe 2010-04-07 17:48:49 ----D---- C:\OS\system32\Macromed 2010-03-28 10:09:02 ----A---- C:\OS\system32\PerfStringBackup.INI 2010-03-27 16:15:27 ----D---- C:\Program Files\LG PC Suite II 2010-03-10 00:39:49 ----D---- C:\OS\security 2010-03-09 19:33:07 ----D---- C:\Program Files\Windows Media Player 2010-03-09 19:33:06 ----D---- C:\OS\RegisteredPackages 2010-03-09 19:32:55 ----HD---- C:\OS\inf 2010-03-07 21:41:26 ----SD---- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft 2010-02-25 16:33:40 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Ahead 2010-02-24 22:54:04 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\LG Electronics ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\OS\system32\drivers\Aavmker4.sys [2010-02-11 28880] R1 aswSP;aswSP; C:\OS\system32\drivers\aswSP.sys [2010-02-11 162512] R1 aswTdi;avast! Network Shield Support; C:\OS\system32\drivers\aswTdi.sys [2010-02-11 46672] R1 intelppm;Sterownik procesora Intel; C:\OS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 kbdhid;Sterownik klawiatury HID; C:\OS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R2 aswFsBlk;aswFsBlk; C:\OS\system32\drivers\aswFsBlk.sys [2010-02-11 19024] R2 aswMon2;avast! Standard Shield Support; C:\OS\system32\drivers\aswMon2.sys [2010-02-11 100432] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\OS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\OS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713] R3 aswRdr;aswRdr; C:\OS\system32\drivers\aswRdr.sys [2010-02-11 23376] R3 ati2mtag;ati2mtag; C:\OS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056] R3 HidUsb;Sterownik Microsoft klasy HID; C:\OS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\OS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\OS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\OS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\OS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\OS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 mouhid;Sterownik myszy HID; C:\OS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 usbaudio;Sterownik audio USB (WDM); C:\OS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbbus;LGE Mobile Composite USB Device; C:\OS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056] S3 UsbDiag;LGE Mobile USB Serial Port; C:\OS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968] S3 USBModem;LGE Mobile USB Modem; C:\OS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832] S3 usbprint;Klasa PRINTER USB Microsoft; C:\OS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 USBSTOR;Sterownik magazynu masowego USB; C:\OS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\OS\system32\Ati2evxx.exe [2009-09-30 602112] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-02 153376] R2 UMWdf;Windows User Mode Driver Framework; C:\OS\system32\wdfmgr.exe [2005-01-28 38912] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] S2 ATI Smart;ATI Smart; C:\OS\system32\ati2sgag.exe [2009-09-29 593920] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-10 135664] S3 aspnet_state;ASP.NET State Service; C:\OS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\OS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\OS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-09 182768] S3 idsvc;Windows CardSpace; C:\OS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\OS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------[/log]
Tomek01 komentarz 23 maja 2010 komentarz 23 maja 2010 Nic tu specjalnego nie widać. Z autostartu wywaliłbym na pewno Open Office'a. Zrób pełny skan [url="http://www.dobreprogramy.pl/DrWEB-CureIt,Program,Windows,12976.html"][b]DrWebCureIt[/b][/url] oraz [url="http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html"][b]Mbam[/b][/url] Załącz z nich raporty jeśli coś wykryją.
ciałko komentarz 24 maja 2010 Autor komentarz 24 maja 2010 (edytowane) Ok. Zrobiłem te skany (to wszystko strasznie długo trwało). Tutaj masz raporty: DrWebCurelt: RunMSC.dll;D:\bearshare;Adware.SearchAid.40;; RunMSC.dll;D:\pulpit\BearShare;Adware.SearchAid.40;; z Mbam mam loga: [log]Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4134 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 8.0.6001.18702 10-05-24 20:37:08 mbam-log-2010-05-24 (20-37-08).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowano obiektów: 172157 Upłynęło: 46 minut(y), 41 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 1 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń)[/log] Od razu mówię, że wszystkie te syfy już usunąłem z kompa. I dzięki za odpowiedź . Jeszcze coś trzeba zrobić?
Tomek01 komentarz 24 maja 2010 komentarz 24 maja 2010 Usuń to co znalazł Mbam w trybie skanu. Do [url="http://images.malwareremoval.com/jpshortstuff/SystemLook.exe"][color="#0000FF"][b]System Look[/b][/color][/url] wklej: [code]:filefind Bearshare :regfind Bearshare[/code] wcisnij look, pokaż co wyskoczy.
ciałko komentarz 24 maja 2010 Autor komentarz 24 maja 2010 (edytowane) Usunąłem ten syf z Mbam. W tym System Look to nic nie wyskoczyło. Próbowałem trzy razy ale nic. [URL=http://img714.imageshack.us/i/beztytuujz.png/][IMG]http://img714.imageshack.us/img714/653/beztytuujz.png[/IMG][/URL] Ten screen jest po tym naciśnięci "Look". Zeskanowało ale nic nie wyskoczyło. Może to dlatego, że ja usunąłem wszystkie pliki i foldery od tego BearShare. Za to zapisało mi coś dziwnego (w załączniku). To jest chyba jakiś raport, tylko co drugą literę jest kratka (#), więc trudno to odczytać.
Tomek01 komentarz 24 maja 2010 komentarz 24 maja 2010 Mała poprawka do system look: [code]:filefind Bearshare* [/code] Look...
ciałko komentarz 25 maja 2010 Autor komentarz 25 maja 2010 Tak samo. Zapisał się inny plik (w załączniku)
Tomek01 komentarz 25 maja 2010 komentarz 25 maja 2010 Do notatnika systemowego wklej taki tekst, (bez frazy kod): [code]Windows Registry Editor Version 5.00 [ -HKEY_CURRENT_USER\Software\BearShare] [HKEY_CURRENT_USER\Software\BearShare\Inst] "Last"=- [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] "000"=- [ -HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\BearShare] [ -HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\InprocServer32] [ -HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}\InprocServer32] [ -HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}\1.0\0\win32] [ -HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}\1.0\HELPDIR] [ -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare] [ -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare MediaBar] [ -HKEY_USERS\S-1-5-21-343818398-1035525444-725345543-1003\Software\BearShare] [ -HKEY_USERS\S-1-5-21-343818398-1035525444-725345543-1003\Software\BearShare\Inst] [HKEY_USERS\S-1-5-21-343818398-1035525444-725345543-1003\Software\Microsoft\Search Assistant\ACMru\5603] "000"=-[/code] Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru. Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b] W polu input script here wklej taki tekst (bez frazy kod): [code]Files to delete: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\BearShareInstaller\nsv94.tmp.exe Folders to delete: C:\Program Files\BearShare Applications\MediaBar[/code] Klikasz execute, komputer uruchamia się ponownie. Załącz raport z Avenger'a oraz log OTL.
ciałko komentarz 25 maja 2010 Autor komentarz 25 maja 2010 Raport z Avenger'a jest tak samo dziwny jak te z System Look, ale jest (załącznik). Niestety log z OTL jak się zrobić nie chciał, tak nadal nie chce. Jeśli trzeba to mogę załączyć loga z RSIT lub czegoś innego.
Tomek01 komentarz 25 maja 2010 komentarz 25 maja 2010 (edytowane) Nie trzeba teraz powinno być czysto. W OTL użyj opcji Clean Up. Wyłącz a następnie włącz przywracanie systemu. Użyj ATF cleaner, zaznacz trzy pierwsze fajki a następnie empty selected. Wykonaj pełny skan DrWebCureIt oraz Mbam. J ak coś wykryją załącz raporty. Jak nie to znaczy że czyściutko.
ciałko komentarz 27 maja 2010 Autor komentarz 27 maja 2010 Po dłuuugim skanowaniu stwierdzam, że komputer jest czysty ALE... problem nie znikł . Nadal nie da się grać ani robić cokolwiek na necie. Komputer jest czysty, więc może coś nie tak ze sprzętem. Komp był niedawno w naprawie (wymieniany zasilacz, wiatraczek - to pamiętam). Dzięki za dotychczasową pomoc, bo coś tam jednak się poprawiło ale nie do końca niestety
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.