Skocz do zawartości


Zdjęcie

Logi - Niechciana aplikacja run32dll


  • Zamknięty Temat jest zamknięty
28 odpowiedzi w tym temacie

#1 szoki

szoki

    Początkujący

  • 51 postów

Napisano 27 07 2010 - 16:43

witam wszystkich chętnych do pomocy.Problem w tym że od paru dni pojawia się mi na ekranie info "Wystąpił problem z aplikacją run32dll.exe i zostanie ona zamknięta.Przepraszamy za kłopoty." Mam windows XP Home Edition Wersja 2002 Ddatek Service Pack 3

http://www.fooh.pl/images/27791582351018319780.bmp

Robiłem przywracanie systemu,czyszczenie dysku,skanowałem Eset Smart Security oraz RegistryBooster 2010.Mam też skan OTL to wpisałem do skanowania tak gdzies wyczytałem

%systemdrive%\*.*
/md5start
agp440.sys
atapi.sys
beep.sys
cdrom.sys
ndis.sys
winlogon.exe
eventlog.dll
/md5stop

http://www.fooh.pl/images/52159361274104474168.bmp

mam z tego OTL.Txt i Extras.Txt ale nie wiem jak to wrzucić tu na forum ,bo sporo tego jest a w załącznik też nie da rady pokazuje mi " Błąd Nie masz uprawnień do wysyłania tego typu plików ". Proszę o pomoc i instrukcje tak bym potrafił je zrozumieć.Bo jestem laikiem informatycznym.Umiem tylko to co wyczytam na forach.Dzięki z góry.Jeżeli coś nie tak opisałem przepraszam za niewiedze a brakujące informacje dopisze

  • 0

#2 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 27 07 2010 - 16:49

mam z tego OTL.Txt i Extras.Txt ale nie wiem jak to wrzucić tu na forum



Wrzuć tu http://wklej.org/
albo w tagi [ codebox ] log [ / codebox ]

/ Przenoszę

  • 0

#3 szoki

szoki

    Początkujący

  • 51 postów

Napisano 27 07 2010 - 17:47

zastanawiałem się gdzie ten codebox.Ale znalazłem mysle że jest dobrze jak by co popraw mnie
/Problem-aplikacja-run32dllexe-t40324-pid-208262.html/page__p__208262__fromsearch__1#entry208262

  • 0

#4 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 27 07 2010 - 17:49

Źle :D
Wrzuć LOG tu http://wklej.org/ i daj linka tu na forum.
  • 0

#5 szoki

szoki

    Początkujący

  • 51 postów

Napisano 27 07 2010 - 17:54

cos ten link nie działa co zrobiłem.sorki ale niewiem jak zrobic ten codebox.wytłumaczmi jak krowie na rowie

tam jest podpis i syntax.co mam z tym zrobic
  • 0

#6 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 27 07 2010 - 18:01

wpisujesz >
[ codebox ] TUTAJ WKLEJ CAŁY LOG [ / codebox ]

* Usuń spację !

Jeśli nadal nie wiesz jak to wyślij mi go na pw spakowanego do zipa np :D
  • 0

#7 szoki

szoki

    Początkujący

  • 51 postów

Napisano 27 07 2010 - 18:41

OTL logfile created on: 2010-07-27 01:18:21 - Run 1OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\Robert\Moje dokumenty\PobieranieWindows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 895,00 Mb Total Physical Memory | 244,00 Mb Available Physical Memory | 27,00% Memory free2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File freePaging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 89,41 Gb Total Space | 58,16 Gb Free Space | 65,05% Space Free | Partition Type: FAT32Drive D: | 59,60 Gb Total Space | 39,23 Gb Free Space | 65,83% Space Free | Partition Type: FAT32E: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: TWOJA-CC9DCFA49Current User Name: RobertLogged in as Administrator. Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 60 DaysOutput = Standard ========== Processes (All) ========== PRC - [2010-07-26 16:07:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Moje dokumenty\Pobieranie\OTL.exePRC - [2010-07-24 23:26:22 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exePRC - [2010-07-24 23:26:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010-07-20 16:04:50 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exePRC - [2010-06-24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exePRC - [2010-06-24 15:41:34 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exePRC - [2010-03-16 19:21:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2010-02-14 20:19:20 | 000,033,136 | ---- | M] () -- C:\WINDOWS\ASScrPro.exePRC - [2009-12-17 07:42:40 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exePRC - [2009-02-09 11:25:58 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exePRC - [2008-04-14 17:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exePRC - [2008-04-14 17:21:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exePRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [RPCSS]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [NETWORKSERVICE]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [NETSVCS]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [IMGSVC]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HTTPFILTER]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HPZ12]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HPZ12]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HPSERVICE]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HPDEVMGMT]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [DCOMLAUNCH]PRC - [2008-04-14 17:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [BTHSVCS]PRC - [2008-04-14 17:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exePRC - [2008-04-14 17:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exePRC - [2008-04-14 17:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exePRC - [2008-04-14 17:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008-04-14 17:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exePRC - [2008-04-14 17:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exePRC - [2008-04-14 17:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exePRC - [2008-02-20 11:08:46 | 000,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exePRC - [2008-02-20 11:06:58 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exePRC - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exePRC - [2007-07-19 12:18:48 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exePRC - [2007-07-12 10:25:28 | 000,225,280 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControl.exePRC - [2007-07-10 17:33:58 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exePRC - [2007-07-10 10:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exePRC - [2007-07-05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exePRC - [2007-07-03 10:48:02 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exePRC - [2007-05-23 16:56:14 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exePRC - [2007-05-08 16:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exePRC - [2007-05-03 17:42:56 | 000,376,921 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exePRC - [2007-05-03 17:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exePRC - [2007-04-19 06:42:34 | 000,024,576 | R--- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkCSrv.exePRC - [2007-04-17 13:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exePRC - [2007-02-02 07:55:08 | 000,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exePRC - [2007-01-16 16:13:14 | 000,106,496 | ---- | M] (ASUS) -- C:\WINDOWS\system32\ASUSTPE.exePRC - [2006-11-22 17:31:26 | 000,630,784 | R--- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exePRC - [2006-11-02 08:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exePRC - [2006-10-30 19:49:54 | 016,269,312 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exePRC - [2006-09-29 09:57:36 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exePRC - [2006-09-29 09:57:30 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exePRC - [2006-05-25 20:02:04 | 000,786,521 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exePRC - [2005-07-06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exePRC - [2004-08-10 22:05:14 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe  ========== Modules (All) ========== MOD - [2010-07-26 16:07:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Moje dokumenty\Pobieranie\OTL.exeMOD - [2010-05-04 18:18:40 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dllMOD - [2010-05-04 18:18:36 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dllMOD - [2010-05-04 18:18:34 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dllMOD - [2009-12-08 09:25:46 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dllMOD - [2009-07-17 19:04:02 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dllMOD - [2009-06-25 08:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dllMOD - [2009-04-15 14:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dllMOD - [2009-03-21 14:09:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dllMOD - [2009-02-09 10:53:44 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dllMOD - [2009-02-09 10:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dllMOD - [2008-10-23 12:42:42 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dllMOD - [2008-10-15 16:36:56 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dllMOD - [2008-06-20 17:48:54 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dllMOD - [2008-06-20 17:48:54 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dllMOD - [2008-06-17 19:03:16 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dllMOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dllMOD - [2008-04-14 17:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drvMOD - [2008-04-14 17:20:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dllMOD - [2008-04-14 17:20:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dllMOD - [2008-04-14 17:20:58 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dllMOD - [2008-04-14 17:20:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dllMOD - [2008-04-14 17:20:56 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dllMOD - [2008-04-14 17:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dllMOD - [2008-04-14 17:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dllMOD - [2008-04-14 17:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dllMOD - [2008-04-14 17:20:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dllMOD - [2008-04-14 17:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dllMOD - [2008-04-14 17:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dllMOD - [2008-04-14 17:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dllMOD - [2008-04-14 17:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dllMOD - [2008-04-14 17:20:42 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dllMOD - [2008-04-14 17:20:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dllMOD - [2008-04-14 17:20:42 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dllMOD - [2008-04-14 17:20:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dllMOD - [2008-04-14 17:20:40 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dllMOD - [2008-04-14 17:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dllMOD - [2008-04-14 17:20:36 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dllMOD - [2008-04-14 17:20:34 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dllMOD - [2008-04-14 17:20:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dllMOD - [2008-04-14 17:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dllMOD - [2008-04-14 17:20:18 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscui.dllMOD - [2008-04-14 17:20:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscdll.dllMOD - [2008-04-14 17:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dllMOD - [2008-04-14 17:20:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dllMOD - [2008-04-14 17:20:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dllMOD - [2008-04-14 17:20:06 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dllMOD - [2008-04-14 17:20:00 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dllMOD - [2008-04-14 17:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocxMOD - [2008-04-14 17:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.imeMOD - [2008-04-14 16:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll  ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)SRV - [2010-06-24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)SRV - [2010-03-31 21:29:00 | 003,534,776 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)SRV - [2008-02-20 11:14:52 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)SRV - [2008-02-20 11:08:46 | 000,472,320 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)SRV - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)SRV - [2007-05-03 17:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)SRV - [2007-04-19 06:42:34 | 000,024,576 | R--- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkCSrv.exe -- (StkSSrv)SRV - [2006-03-02 14:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)  ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ewusbdev.sys -- (hwusbdev)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Robert\USTAWI~1\Temp\EagleNT.sys -- (EagleNT)DRV - [2010-03-13 21:36:08 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)DRV - [2010-02-10 23:18:30 | 000,093,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\sXe Injected\ddsxei.sys -- (ddsxeiservice)DRV - [2010-02-03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)DRV - [2008-04-17 16:16:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)DRV - [2008-04-13 16:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2008-02-20 11:11:14 | 000,054,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)DRV - [2008-02-20 11:11:12 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)DRV - [2008-02-20 11:11:08 | 000,071,176 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)DRV - [2008-02-20 11:02:22 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)DRV - [2008-02-20 11:01:30 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)DRV - [2007-08-03 12:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)DRV - [2007-06-06 10:40:26 | 001,260,672 | R--- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\StkCMini.sys -- (StkCMini)DRV - [2007-05-02 19:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)DRV - [2007-03-28 19:52:18 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)DRV - [2007-02-02 08:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2007-01-24 18:08:40 | 000,005,632 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)DRV - [2006-12-14 15:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)DRV - [2006-11-22 17:35:00 | 000,982,272 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)DRV - [2006-11-03 09:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006-06-10 00:07:28 | 000,027,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTSTOR.sys -- (RTSTOR)DRV - [2006-05-25 19:40:58 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2001-08-17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/  IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.comIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.comIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/IE - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/IE - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\tbDow1.dll (Conduit Ltd.)IE - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"FF - prefs.js..browser.search.defaultthis.engineName: "DownloadEnergy"FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}"FF - prefs.js..browser.search.order.1: "BearShare Web Search"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.startup.homepage: "http://www.google.pl/firefox"FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {ad708c09-d51b-45b3-9d28-4eba2681febf}:2.5.8.6FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&q=" FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-17 09:34:30 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-13 22:55:00 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-15 15:33:24 | 000,000,000 | ---D | M] [2010-02-15 15:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Extensions[2010-02-15 19:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com[2010-03-13 22:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Firefox\Profiles\jo9f3ea1.default\extensions[2010-04-28 14:49:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Firefox\Profiles\jo9f3ea1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010-05-20 13:08:34 | 000,000,000 | ---D | M] (Download Energy Toolbar) -- C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Firefox\Profiles\jo9f3ea1.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}[2010-05-20 13:08:40 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Firefox\Profiles\jo9f3ea1.default\searchplugins\conduit.xml[2010-04-12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Firefox\Profiles\jo9f3ea1.default\searchplugins\BearShareWebSearch.xml[2010-02-15 15:33:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-02-15 18:58:58 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}[2010-03-30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll[2010-05-02 14:00:12 | 002,445,312 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll[2010-07-13 23:00:04 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2010-07-13 23:00:04 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-07-13 23:00:04 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-07-13 23:00:04 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-07-13 23:00:04 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-07-13 23:00:04 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-02-15 21:20:22 | 000,378,455 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: 127.0.0.1	www.007guard.comO1 - Hosts: 127.0.0.1	007guard.comO1 - Hosts: 127.0.0.1	008i.comO1 - Hosts: 127.0.0.1	www.008k.comO1 - Hosts: 127.0.0.1	008k.comO1 - Hosts: 127.0.0.1	www.00hq.comO1 - Hosts: 127.0.0.1	00hq.comO1 - Hosts: 127.0.0.1	010402.comO1 - Hosts: 127.0.0.1	www.032439.comO1 - Hosts: 127.0.0.1	032439.comO1 - Hosts: 127.0.0.1	www.0scan.comO1 - Hosts: 127.0.0.1	0scan.comO1 - Hosts: 127.0.0.1	www.1000gratisproben.comO1 - Hosts: 127.0.0.1	1000gratisproben.comO1 - Hosts: 127.0.0.1	www.1001namen.comO1 - Hosts: 127.0.0.1	1001namen.comO1 - Hosts: 127.0.0.1	www.100888290cs.comO1 - Hosts: 127.0.0.1	100888290cs.comO1 - Hosts: 127.0.0.1	www.100sexlinks.comO1 - Hosts: 127.0.0.1	100sexlinks.comO1 - Hosts: 127.0.0.1	10sek.comO1 - Hosts: 127.0.0.1	www.10sek.comO1 - Hosts: 127.0.0.1	1-2005-search.comO1 - Hosts: 127.0.0.1	www.1-2005-search.comO1 - Hosts: 13042 more lines...O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - No CLSID value found.O2 - BHO: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\tbDow1.dll (Conduit Ltd.)O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Robert\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)O3 - HKLM\..\Toolbar: (&Tłumaczenie) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland)O3 - HKLM\..\Toolbar: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\tbDow1.dll (Conduit Ltd.)O3 - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006\..\Toolbar\WebBrowser: (Download Energy Toolbar) - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - C:\Program Files\Download_Energy\tbDow1.dll (Conduit Ltd.)O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe ()O4 - HKLM..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe (ASUS)O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ATK Hotkey\Hcontrol.exe ()O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)O4 - HKLM..\Run: [KernelFaultCheck]  File not foundO4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()O4 - HKLM..\Run: [run32d] C:\WINDOWS\system\run32dll.exe ()O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()O4 - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()O4 - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()O4 - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)O4 - Startup: C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration Ghost Recon Advanced Warfighter® 2.LNK = E:\Support\Register\RegistrationReminder.exe File not foundO4 - Startup: C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration .LNK = E:\support\Register\RegistrationReminder.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O9 - Extra 'Tools' menuitem : @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland)O9 - Extra Button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - AppInit_DLLs: (4) -  File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010-02-14 19:29:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]O33 - MountPoints2\{0453f9b0-1a12-11df-8cb2-0015af823bf5}\Shell - "" = AutoRunO33 - MountPoints2\{1f33c748-2e8e-11df-8cfc-0015af823bf5}\Shell - "" = AutoRunO33 - MountPoints2\{1f33c749-2e8e-11df-8cfc-0015af823bf5}\Shell - "" = AutoRunO33 - MountPoints2\{7d7c7402-1a35-11df-8cb4-0015af823bf5}\Shell - "" = AutoRunO33 - MountPoints2\{7d7c7403-1a35-11df-8cb4-0015af823bf5}\Shell - "" = AutoRunO33 - MountPoints2\{9efdfb46-199f-11df-8caa-001d60b04b45}\Shell - "" = AutoRunO33 - MountPoints2\{9efdfb47-199f-11df-8caa-001d60b04b45}\Shell - "" = AutoRunO33 - MountPoints2\{d6819c9d-343b-11df-8d12-001d60b04b45}\Shell\AutoRun\command - "" = InstallTomTomHOME.exeO34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 60 Days ========== [2010-07-27 00:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Pulpit\run32dll.exe[2010-07-26 22:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Pulpit\c.windows.system[2010-07-26 22:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Pulpit\run32[2010-07-23 09:45:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert\Recent[2010-07-22 19:12:52 | 000,000,000 | ---D | C] -- C:\Config.Msi[2010-07-20 23:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Moje dokumenty\Bluetooth[2010-07-18 01:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Dane aplikacji\HpUpdate[2010-07-18 01:20:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard[2010-06-28 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Pulpit\zdjęcia[2010-06-28 09:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\PackageAware[2010-06-23 22:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Pulpit\Nowy folder (3)[2010-06-09 17:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations[2010-05-31 20:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Moje dokumenty\Destineer[2010-05-31 18:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\directx[2010-05-30 18:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Dane aplikacji\ubi.com[2010-05-30 18:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PocketSoft[2010-05-30 16:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ubi Soft[2010-05-30 15:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\ubi.com[2010-02-14 19:59:56 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2010-07-26 22:25:34 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job[2010-07-26 22:25:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-07-26 22:25:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-07-26 22:24:50 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Robert\NTUSER.DAT[2010-07-26 22:24:28 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat[2010-07-26 22:24:12 | 002,112,662 | -H-- | M] () -- C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\IconCache.db[2010-07-26 21:49:34 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\RegistryBooster.lnk[2010-07-26 18:20:36 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk[2010-07-25 20:20:30 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Robert\Pulpit\Counter-Strike (2).lnk[2010-07-25 18:30:08 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Robert\Pulpit\Half-Life.lnk[2010-07-22 20:14:40 | 000,000,097 | ---- | M] () -- C:\Documents and Settings\Robert\Dane aplikacji\rcx.ini[2010-07-22 20:14:38 | 000,032,640 | ---- | M] () -- C:\WINDOWS\trdl[2010-07-22 20:14:38 | 000,023,552 | ---- | M] () -- C:\WINDOWS\trdl.dll[2010-07-22 20:14:38 | 000,017,280 | ---- | M] () -- C:\WINDOWS\trdl.p2[2010-07-22 20:14:38 | 000,015,525 | ---- | M] () -- C:\WINDOWS\linkinfo.dll[2010-07-22 20:14:38 | 000,015,360 | ---- | M] () -- C:\WINDOWS\wsc.p1[2010-07-22 20:14:38 | 000,015,360 | ---- | M] () -- C:\WINDOWS\trdl.p1[2010-07-22 20:14:38 | 000,010,240 | ---- | M] () -- C:\WINDOWS\linkinfo.p1[2010-07-22 20:14:38 | 000,008,981 | ---- | M] () -- C:\WINDOWS\wsc.p2[2010-07-22 20:14:38 | 000,005,285 | ---- | M] () -- C:\WINDOWS\linkinfo.p2[2010-07-22 20:14:38 | 000,002,560 | ---- | M] () -- C:\WINDOWS\System\run32dll.exe[2010-07-22 20:14:38 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System\run32dll.p2[2010-07-22 20:14:38 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System\run32dll.p1[2010-07-22 20:14:38 | 000,000,640 | ---- | M] () -- C:\WINDOWS\rcx.dat[2010-07-22 20:14:38 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Robert\Dane aplikacji\rcx.dat[2010-07-22 20:14:38 | 000,000,080 | ---- | M] () -- C:\WINDOWS\rcx.ini[2010-07-22 20:14:36 | 000,024,341 | ---- | M] () -- C:\wsock32.dll[2010-07-22 20:14:36 | 000,024,341 | ---- | M] () -- C:\Program Files\wsock32.dll[2010-07-22 20:14:36 | 000,024,341 | ---- | M] () -- C:\Program Files\Common Files\wsock32.dll[2010-07-22 20:14:34 | 000,207,158 | ---- | M] () -- C:\Documents and Settings\Robert\Dane aplikacji\Ultimate BunnyHop.exe[2010-07-22 19:37:08 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk[2010-07-22 19:14:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-07-21 00:24:16 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0[2010-07-20 23:27:00 | 000,500,540 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-07-20 23:27:00 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-07-20 23:27:00 | 000,089,036 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-07-20 23:27:00 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-07-20 23:23:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0[2010-07-16 19:11:54 | 004,269,385 | ---- | M] () -- C:\Documents and Settings\Robert\Moje dokumenty\dieta.xps[2010-07-16 18:57:56 | 000,489,882 | ---- | M] () -- C:\Documents and Settings\Robert\Pulpit\odch.NaZawolanie.pdf[2010-07-06 16:39:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2010-07-06 16:39:32 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2010-07-04 23:14:00 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk[2010-06-29 22:50:38 | 000,020,088 | ---- | M] () -- C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2010-06-29 22:49:40 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010-06-23 22:25:38 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-06-23 16:46:50 | 001,070,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-06-22 20:49:46 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration .LNK[2010-06-22 20:46:12 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration Ghost Recon Advanced Warfighter® 2.LNK[2010-06-09 10:07:18 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\fusioncache.dat[2010-05-31 20:40:08 | 000,001,455 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\First to Fight.lnk[2010-05-31 18:38:36 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Sof2.INI[2010-05-31 18:38:36 | 000,000,528 | ---- | M] () -- C:\Documents and Settings\Robert\Pulpit\SOF II Single Player.lnk[2010-05-31 18:38:36 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Robert\Pulpit\SOF II Multiplayer.lnk[2010-05-30 18:19:50 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\Robert\Pulpit\Ubi Soft Product Registration.lnk[2010-05-30 18:14:26 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Play Raven Shield.lnk[2010-05-30 18:01:24 | 000,001,467 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Play Online at ubi.com!.lnk[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-07-26 21:49:43 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job[2010-07-26 21:49:33 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\RegistryBooster.lnk[2010-07-25 20:20:28 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Robert\Pulpit\Counter-Strike (2).lnk[2010-07-25 18:30:07 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Robert\Pulpit\Half-Life.lnk[2010-07-22 20:14:32 | 000,207,158 | ---- | C] () -- C:\Documents and Settings\Robert\Dane aplikacji\Ultimate BunnyHop.exe[2010-07-22 20:12:27 | 000,015,525 | ---- | C] () -- C:\WINDOWS\linkinfo.dll[2010-07-22 20:12:27 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System\run32dll.exe[2010-07-22 20:12:26 | 000,024,341 | ---- | C] () -- C:\wsock32.dll[2010-07-22 20:12:26 | 000,024,341 | ---- | C] () -- C:\Program Files\wsock32.dll[2010-07-22 20:12:26 | 000,024,341 | ---- | C] () -- C:\Program Files\Common Files\wsock32.dll[2010-07-22 20:12:26 | 000,023,552 | ---- | C] () -- C:\WINDOWS\trdl.dll[2010-07-22 20:12:26 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Robert\Dane aplikacji\rcx.ini[2010-07-22 20:12:26 | 000,000,080 | ---- | C] () -- C:\WINDOWS\rcx.ini[2010-07-22 18:45:53 | 000,032,640 | ---- | C] () -- C:\WINDOWS\trdl[2010-07-22 18:45:53 | 000,017,280 | ---- | C] () -- C:\WINDOWS\trdl.p2[2010-07-22 18:45:53 | 000,015,360 | ---- | C] () -- C:\WINDOWS\wsc.p1[2010-07-22 18:45:53 | 000,015,360 | ---- | C] () -- C:\WINDOWS\trdl.p1[2010-07-22 18:45:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\linkinfo.p1[2010-07-22 18:45:53 | 000,008,981 | ---- | C] () -- C:\WINDOWS\wsc.p2[2010-07-22 18:45:53 | 000,005,285 | ---- | C] () -- C:\WINDOWS\linkinfo.p2[2010-07-22 18:45:53 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System\run32dll.p2[2010-07-22 18:45:53 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System\run32dll.p1[2010-07-22 18:45:53 | 000,000,640 | ---- | C] () -- C:\WINDOWS\rcx.dat[2010-07-22 18:45:53 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Robert\Dane aplikacji\rcx.dat[2010-07-20 23:23:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\0[2010-07-20 23:23:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0[2010-07-16 19:11:35 | 004,269,385 | ---- | C] () -- C:\Documents and Settings\Robert\Moje dokumenty\dieta.xps[2010-07-16 18:58:14 | 000,489,882 | ---- | C] () -- C:\Documents and Settings\Robert\Pulpit\odch.NaZawolanie.pdf[2010-06-30 18:56:32 | 000,001,506 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk[2010-06-22 20:46:11 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration Ghost Recon Advanced Warfighter® 2.LNK[2010-06-22 20:42:27 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration .LNK[2010-05-31 20:46:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2010-05-31 20:40:07 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\First to Fight.lnk[2010-05-31 18:38:35 | 000,000,528 | ---- | C] () -- C:\Documents and Settings\Robert\Pulpit\SOF II Single Player.lnk[2010-05-31 18:38:35 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Robert\Pulpit\SOF II Multiplayer.lnk[2010-05-31 18:22:27 | 000,000,750 | ---- | C] () -- C:\WINDOWS\Sof2.INI[2010-05-30 18:19:49 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\Robert\Pulpit\Ubi Soft Product Registration.lnk[2010-05-30 18:01:53 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Play Raven Shield.lnk[2010-05-30 18:01:22 | 000,001,467 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Play Online at ubi.com!.lnk[2010-05-30 18:01:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll[2010-05-30 16:04:37 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll[2010-05-30 16:04:37 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll[2010-05-30 16:04:37 | 000,035,840 | R--- | C] () -- C:\WINDOWS\System32\comdlg32.oca[2010-05-30 16:04:36 | 000,029,184 | R--- | C] () -- C:\WINDOWS\System32\MSINET.oca[2010-05-02 12:39:11 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI[2010-05-02 11:44:19 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll[2010-04-26 19:28:53 | 000,245,840 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll[2010-04-21 12:51:11 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll[2010-04-16 21:26:30 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll[2010-03-13 21:36:06 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys[2010-02-23 20:40:54 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI[2010-02-22 13:12:30 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010-02-20 14:02:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2010-02-14 21:00:56 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini[2010-02-14 20:19:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll[2010-02-14 20:13:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2006-08-27 11:39:35 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS[2006-08-27 11:39:35 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI ========== LOP Check ========== [2010-02-15 16:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET[2010-02-15 17:17:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{D5ABFFAD-D592-4F98-B02B-587125B4801F}[2010-02-15 17:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DriverScanner[2010-02-15 18:00:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}[2010-02-15 23:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM[2010-02-17 23:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer[2010-03-20 16:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TomTom[2010-05-20 13:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\3238A[2010-03-14 02:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\GameTracker[2010-02-15 16:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\ESET[2010-02-15 17:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\Uniblue[2010-02-15 19:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\TomTom[2010-02-15 23:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\Nowe Gadu-Gadu[2010-02-15 23:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\OpenFM[2010-02-17 00:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\OpenOffice.org[2010-03-11 23:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\HLSW[2010-03-16 19:21:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Robert\Dane aplikacji\.#[2010-04-10 22:42:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\ijjigame[2010-05-02 11:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\OpenCandy[2010-05-30 18:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Dane aplikacji\ubi.com[2010-07-26 22:25:34 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job ========== Purity Check ==========   ========== Custom Scans ==========  < %systemdrive%\*.* >[2010-07-26 22:25:22 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys[2010-07-22 20:14:36 | 000,024,341 | ---- | M] () -- C:\wsock32.dll[2007-07-30 09:55:24 | 000,524,288 | ---- | M] () -- C:\F5RL.ROM[2007-09-18 07:17:16 | 000,000,015 | ---- | M] () -- C:\F5RL.10[2006-03-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin[2010-02-18 00:20:42 | 000,251,152 | RHS- | M] () -- C:\ntldr[2006-03-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2006-08-14 03:08:20 | 000,000,003 | ---- | M] () -- C:\SP2B.TXT[2004-11-23 00:25:10 | 000,000,014 | ---- | M] () -- C:\XPHL_SP2.POL[2007-06-20 10:53:28 | 000,000,010 | ---- | M] () -- C:\RECOVERY.DAT[2010-04-29 18:05:42 | 000,000,211 | RHS- | M] () -- C:\boot.ini[2010-02-14 19:29:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2010-02-14 19:29:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[2010-02-14 19:29:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2010-02-14 19:29:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2010-02-17 20:12:54 | 000,286,720 | ---- | M] () -- C:\Debug.txt[2010-02-14 20:09:46 | 000,000,398 | ---- | M] () -- C:\RHDSetup.log[2010-03-16 19:21:28 | 000,033,550 | ---- | M] () -- C:\setup.log  < MD5 for: AGP440.SYS  >[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys[2010-02-18 00:15:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:agp440.sys[2010-02-18 00:15:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys[2008-04-13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys[2008-04-13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS  >[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys[2010-02-18 00:15:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys[2010-02-18 00:15:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys[2008-04-13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys[2008-04-13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys[2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: BEEP.SYS  >[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys < MD5 for: CDROM.SYS  >[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys[2010-02-18 00:15:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys[2010-02-18 00:15:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys[2008-04-13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys[2008-04-13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys[2009-12-22 18:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys[2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys < MD5 for: EVENTLOG.DLL  >[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll[2008-04-14 17:20:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll[2008-04-14 17:20:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NDIS.SYS  >[2008-04-13 19:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys[2008-04-13 19:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys < MD5 for: WINLOGON.EXE  >[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe[2008-04-14 17:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe[2008-04-14 17:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe< End of report >

czy teraz jest ok

a tu mam link http://wklej.org/id/369372/
  • 0

#8 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 27 07 2010 - 19:00

C:\Documents and Settings\Robert\Dane aplikacji\Ultimate BunnyHop.exe

Znasz to powyższe? Powstało w momencie infekcji.

Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL
IE - HKU\S-1-5-21-1967528238-2056801161-3665219098-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
[2010-04-12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Firefox\Profiles\jo9f3ea1.default\searchplugins\BearShareWebSearch.xml
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [run32d] C:\WINDOWS\system\run32dll.exe ()
O4 - Startup: C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration Ghost Recon Advanced Warfighter® 2.LNK = E:\Support\Register\RegistrationReminder.exe File not found
O4 - Startup: C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration .LNK = E:\support\Register\RegistrationReminder.exe File not found
O20 - AppInit_DLLs: (4) - File not found
[2010-07-27 00:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Pulpit\run32dll.exe
[2010-07-26 22:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Pulpit\c.windows.system
[2010-07-26 22:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Pulpit\run32
[2010-07-22 20:14:40 | 000,000,097 | ---- | M] () -- C:\Documents and Settings\Robert\Dane aplikacji\rcx.ini
[2010-07-22 20:14:38 | 000,032,640 | ---- | M] () -- C:\WINDOWS\trdl
[2010-07-22 20:14:38 | 000,023,552 | ---- | M] () -- C:\WINDOWS\trdl.dll
[2010-07-22 20:14:38 | 000,017,280 | ---- | M] () -- C:\WINDOWS\trdl.p2
[2010-07-22 20:14:38 | 000,015,525 | ---- | M] () -- C:\WINDOWS\linkinfo.dll
[2010-07-22 20:14:38 | 000,015,360 | ---- | M] () -- C:\WINDOWS\wsc.p1
[2010-07-22 20:14:38 | 000,015,360 | ---- | M] () -- C:\WINDOWS\trdl.p1
[2010-07-22 20:14:38 | 000,010,240 | ---- | M] () -- C:\WINDOWS\linkinfo.p1
[2010-07-22 20:14:38 | 000,008,981 | ---- | M] () -- C:\WINDOWS\wsc.p2
[2010-07-22 20:14:38 | 000,005,285 | ---- | M] () -- C:\WINDOWS\linkinfo.p2
[2010-07-22 20:14:38 | 000,002,560 | ---- | M] () -- C:\WINDOWS\System\run32dll.exe
[2010-07-22 20:14:38 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System\run32dll.p2
[2010-07-22 20:14:38 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System\run32dll.p1
[2010-07-22 20:14:38 | 000,000,640 | ---- | M] () -- C:\WINDOWS\rcx.dat
[2010-07-22 20:14:38 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Robert\Dane aplikacji\rcx.dat
[2010-07-22 20:14:38 | 000,000,080 | ---- | M] () -- C:\WINDOWS\rcx.ini
[2010-07-22 20:14:36 | 000,024,341 | ---- | M] () -- C:\wsock32.dll
[2010-07-22 20:14:36 | 000,024,341 | ---- | M] () -- C:\Program Files\wsock32.dll
[2010-07-22 20:14:36 | 000,024,341 | ---- | M] () -- C:\Program Files\Common Files\wsock32.dll
[2010-05-20 13:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\3238A
[2010-03-16 19:21:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Robert\Dane aplikacji\.#

:Commands
[emptytemp]
[resethosts]
[Reboot]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.
.
  • 0

#9 szoki

szoki

    Początkujący

  • 51 postów

Napisano 27 07 2010 - 22:22

All processes killed
========== OTL ==========
HKU\S-1-5-21-1967528238-2056801161-3665219098-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename
Prefs.js: "BearShare Web Search" removed from browser.search.order.1
C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Firefox\Profiles\jo9f3ea1.default\searchplugins\BearShareWebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\run32d deleted successfully.
C:\WINDOWS\system\run32dll.exe moved successfully.
C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration Ghost Recon Advanced Warfighter® 2.LNK moved successfully.
C:\Documents and Settings\Robert\Menu Start\Programy\Autostart\Registration .LNK moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:4 deleted successfully.
Folder C:\Documents and Settings\Robert\Pulpit\run32dll.exe\ not found.
C:\Documents and Settings\Robert\Pulpit\c.windows.system folder moved successfully.
C:\Documents and Settings\Robert\Pulpit\run32 folder moved successfully.
C:\Documents and Settings\Robert\Dane aplikacji\rcx.ini moved successfully.
C:\WINDOWS\trdl moved successfully.
C:\WINDOWS\trdl.dll moved successfully.
C:\WINDOWS\trdl.p2 moved successfully.
C:\WINDOWS\linkinfo.dll moved successfully.
C:\WINDOWS\wsc.p1 moved successfully.
C:\WINDOWS\trdl.p1 moved successfully.
C:\WINDOWS\linkinfo.p1 moved successfully.
C:\WINDOWS\wsc.p2 moved successfully.
C:\WINDOWS\linkinfo.p2 moved successfully.
File C:\WINDOWS\System\run32dll.exe not found.
C:\WINDOWS\system\run32dll.p2 moved successfully.
C:\WINDOWS\system\run32dll.p1 moved successfully.
C:\WINDOWS\rcx.dat moved successfully.
C:\Documents and Settings\Robert\Dane aplikacji\rcx.dat moved successfully.
C:\WINDOWS\rcx.ini moved successfully.
C:\wsock32.dll moved successfully.
C:\Program Files\wsock32.dll moved successfully.
C:\Program Files\Common Files\wsock32.dll moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\3238A folder moved successfully.
C:\Documents and Settings\Robert\Dane aplikacji\.# folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Robert
->Temp folder emptied: 58601066 bytes
->Temporary Internet Files folder emptied: 1065338 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 107860924 bytes
->Flash cache emptied: 16632 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 43910 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34819694 bytes
RecycleBin emptied: 9341677 bytes

Total Files Cleaned = 202,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 07272010_194607

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Ultimate BunnyHop.exe to czit (cheat) do Conter Strike.Ściągnąłem to pare dni temu.Nie działał to go wykasowałem.Tak myślałem bynajmniej.

I podaje raport po restarcie link http://wklej.org/id/369491/

Link do OTL.Txt po skanowaniu http://wklej.org/id/369502/

A robiłem to na takich ustawieniach http://www.fooh.pl/images/80447951948516246575.bmp
  • 0

#10 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 27 07 2010 - 22:35

Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL
[2010-07-22 20:12:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\wsc32.dll
[2010-07-22 20:12:26 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\lnk32.dll
[2010-07-22 20:14:34 | 000,207,158 | ---- | M] () -- C:\Documents and Settings\Robert\Dane aplikacji\Ultimate BunnyHop.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj (ustawienia jak w Twoim pierwszym logu).
Pokaż nowy log OTL.txt oraz raport z usuwania.
.
  • 0

#11 szoki

szoki

    Początkujący

  • 51 postów

Napisano 28 07 2010 - 00:06

Wykonałem skrypt na tych ustawieniach link http://www.fooh.pl/images/10383214453120162854.bmp
wyszło to po restarcie link http://wklej.org/id/369551/
oraz dodatkowo dwa problemy z link http://www.fooh.pl/images/46371447082283854869.bmp i link http://www.fooh.pl/images/04955827896269277714.bmp

skanowanie i link OTL http://wklej.org/id/369558/

na tych ustawieniach link http://www.fooh.pl/images/92701160136397014175.bmp

oprócz tego nie moge otworzyc Mozilla Firefox użyłem Internet Explorer i strasznie zamula

  • 0

#12 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 28 07 2010 - 05:02

Sądząc po nowym logu, to jest OK.
Ale niepokoją mnie te komunikaty związane z "wsock32.dll".
Czyżby ten plik został zarażony?
Zrób log z ComboFixa >/Combofix-t35201/
Jeśli ten plik "wsock32.dll" jest zarażony, to ComboFix to potrafi wykryć.

nie moge otworzyc Mozilla Firefox

Akurat mnie to nie dziwi, bo zawsze uważałem Firefoxa za najgorszą przeglądarkę, gorszą nawet od Internet Explorera.
.

  • 0

#13 szoki

szoki

    Początkujący

  • 51 postów

Napisano 29 07 2010 - 01:18

witam sorki że nie odpowiadałem ale jestem troche zapracowany.A więc tak po tym ostatnim skrypcie i skanowaniu w OTL jest problem z otwieraniem stron.
Strny otwierają się do 40-50 sek.Nie wspomne że po klikniecu w ikone Firefox pojawia to link http://zapodaj.net/477ce44162d3.bmp.html to pojawło się
też po zrestartowaniu komputera przez Combofix.Po zatym kliknięcie myszką w kursor powoduje zacięcia 30-40 sek.Pokazuje sie też ta inf
link http://zapodaj.net/f18f60df4602.bmp.html .Tu podaje Log combofix link http://wklej.org/id/370024/ .Jak możesz ' ordynat 'to podaj dalsze
instrukcje.Jak nic nie pomoże to wgram Windowsa na nowo.Ale narazie poczekam.I jeszcze pytanko czy moge odzyskac linki z zakładek w Firefoxsie

co do linków i firefoxa to ściągnąłem Google Chrome i automatycznie pobrał linki z Mozilli.teraz niema też mulenia i problemu z kursorem.Więc wina była w gównianym Explorerze.
  • 0

#14 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 29 07 2010 - 07:58

c:\program files\Messenger\wsock32.dll

ComboFix usunął fałszywego, podstawionego przez infekcję "wsock32.dll".
Teraz teoretycznie powinno już być OK.
Ale w praktyce może się okazać, że szkody poczynione przez ten fałszywy plik są nieodwracalne. W takim przypadku potrzebna będzie reinstalacja Systemu bez utraty danych (http://helpc.eu/instalacja-nakladkowa-t2198.html, połączena z reinstalacją programów uszkodzonych przez infekcję (np.Firefox),a jeśli nawet to nie pomoże, to pozostanie tylko całkowite sformatowanie dysku.

Z tego, co widzę w logu, to do usunięcia są tylko bezplikowe usługi:
Wklej do Notatnika:

Driver::
cpuz130
pnicml

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
--------> Dołączona grafika
Ma się rozpocząć usuwanie. (i powstanie log).

Oczywiście, jeśli zamierzasz reinstalować System, to nie wykonuj tego Scriptu, bo po co?
.
  • 0

#15 szoki

szoki

    Początkujący

  • 51 postów

Napisano 30 07 2010 - 01:40

CFScript wrzuciłem na ComboFix podaje link do loga http://wklej.org/id/370477/ po każdorazowym restarcie dalej pokazuje się inf link

http://www.fooh.pl/images/32805788867709315724.bmp oraz gdy klikam np;Gadu-Gadu link http://www.fooh.pl/images/80473642954773860879.bmp

Firefox też nie działa pojawia się inf link http://www.fooh.pl/images/32805788867709315724.bmp Więc go odinstalowałem.Gadu-Gady też odinstaluje

ale o co chodzi z tą inf po restarcie.Czy to coś groznego ? Masz jakieś pomysły czy zrobić reinstalacje Systemu bez utraty danych

http://helpc.eu/instalacja-nakladkowa-t2198.html a potem ewentualnie sformatowanie dysku.
  • 0

#16 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 30 07 2010 - 08:04

Możemy spróbować jeszcze podmienić plik "wsock32.dll".
Choć nie wiem, czy to coś da, a przede wszystkim nie wiadomo, czy System pozwoli na podmianę.
Od kiedy Microsoft wprowadził takie aktualizacje, które mają pomagać "wirusom" , takie podmiany plików Systemowych stały się niemożliwe do zrealizowamia.
A swoją drogą, ciekawi mnie, jaką sumę otrzymał Microsoft od przestępców komputerowych za to, by wprowadzić zmiany ułatwiające życie wirusom? Musiała to być olbrzymia sumka, skoro Microsoft się dał skusić.

Ściągnij plik "wsock32.dll" stąd: >http://www.speedyshare.com/files/23585626/wsock32.dll, i umieść go bezpośrednio na dysku C:\
Potem:
Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL

:Files
C:\Windows\System32\dllcache\wsock32.dll|C:\wsock32.dll /replace
C:\Windows\System32\wsock32.dll|C:\wsock32.dll /replace

:Commands
[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie zrób nowy log, ale na dodatkowym ustawieniu:
W pole Custom Scans/Fixes (Własne opcje skanowania/Script) wklej:


%systemdrive%\wsock32.* /s /md5

i dopiero wtedy kliknij Skanuj).
Pokaż nowy log OTL.txt oraz raport z podmiany.


.
  • 0

#17 szoki

szoki

    Początkujący

  • 51 postów

Napisano 30 07 2010 - 16:17

Raport ze skryptu link http://wklej.org/id/370690/ oraz log ze skanu link http://wklej.org/id/370694/

myślę ze to nic nie pomaga po restarcie dalej wyskakują te same informacje co wcześniej.A dodatkowo znajduje jakieś inne problemy np: dziś w Windows

Media Player

kliknąłem dwa razy na następny utwór by go odtworzyć a Player się wyłączył.I tak w kółko Macieja.Pewno jeszcze nie jeden problem się pokaże z czasem.

Tak że dajmy se spokój spróbuje tej opcji link http://helpc.eu/instalacja-nakladkowa-t2198.html co mi doradziłeś a jak też nie pomoże to na nowo

wgram Windowsa. Dzięki za pomoc - ordynat- .I spokojnie mogę napisać inf dla innych że -ordynat- jest osobą godną polecenia w kwestii pomocy
  • 0

#18 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 30 07 2010 - 16:51

Jeśli nie zdążyłeś jeszcze zrobić tej reinstalacji bez utraty danych, to popatrz na to:

000,024,341 () MD5=CF70D6BAC515FEF8D24CBE36BAA33763 -- C:\Program Files\Windows Media Player\wsock32.dll
00,024,064 | MD5=F4D9ACD9768DA75A8491E8C3B18ECA94 -- C:\WINDOWS\system32\wsock32.dll

Do każdego Twojego programu został dodany przez infekcję fałszywy "wsock32.dll".
W tych programach w ogóle nie powinno być pliku o takiej nazwie, a u Ciebie wszystkie programy go mają.
Widać po rozmiarach oraz po MD5, które jest plikiem prawidłowym, a który fałszywym.
Na czerwono = fałszywy
na niebiesko = prawidłowy

Te fałszywe trzeba usunąć:
Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL

:Files
C:\Program Files\7-Zip\wsock32.dll
C:\Program Files\Adobe\wsock32.dll
C:\Program Files\Ahead\wsock32.dll
C:\Program Files\ALLPlayer\wsock32.dll
C:\Program Files\ASUS\wsock32.dll
C:\Program Files\Atheros\wsock32.dll
C:\Program Files\ATI Technologies\wsock32.dll
C:\Program Files\ATK Hotkey\wsock32.dll
C:\Program Files\ATKOSD2\wsock32.dll
C:\Program Files\CCleaner\wsock32.dll
C:\Program Files\Conduit\wsock32.dll
C:\Program Files\directx\wsock32.dll
C:\Program Files\Download_Energy\wsock32.dll
C:\Program Files\DUMeter 3\wsock32.dll
C:\Program Files\ESET\wsock32.dll
C:\Program Files\ESKK InternetPlus\wsock32.dll
C:\Program Files\ESKK MemoPlus\wsock32.dll
C:\Program Files\ESKK\wsock32.dll
C:\Program Files\FreeOCR\wsock32.dll
C:\Program Files\GamersFirst\wsock32.dll
C:\Program Files\Google\wsock32.dll
C:\Program Files\HP\wsock32.dll
C:\Program Files\ijji\wsock32.dll
C:\Program Files\InstallShield Installation Information\wsock32.dll
C:\Program Files\Internet Explorer\wsock32.dll
C:\Program Files\Java\wsock32.dll
C:\Program Files\JDownloader\wsock32.dll
C:\Program Files\licenses\wsock32.dll
C:\Program Files\microsoft frontpage\wsock32.dll
C:\Program Files\Motorola\wsock32.dll
C:\Program Files\Movie Maker\wsock32.dll
C:\Program Files\Mozilla Firefox\wsock32.dll
C:\Program Files\MSBuild\wsock32.dll
C:\Program Files\MSN Gaming Zone\wsock32.dll
C:\Program Files\MSXML 6.0\wsock32.dll
C:\Program Files\NAPI-PROJEKT\wsock32.dll
C:\Program Files\NetMeeting\wsock32.dll
C:\Program Files\Nowe Gadu-Gadu\wsock32.dll
C:\Program Files\O2\wsock32.dll
C:\Program Files\OpenOffice.org 3\wsock32.dll
C:\Program Files\Outlook Express\wsock32.dll
C:\Program Files\P4P\wsock32.dll
C:\Program Files\readmes\wsock32.dll
C:\Program Files\Realtek\wsock32.dll
C:\Program Files\redist\wsock32.dll
C:\Program Files\Reference Assemblies\wsock32.dll
C:\Program Files\ShaPlus Bandwidth Meter\wsock32.dll
C:\Program Files\Skype\wsock32.dll
C:\Program Files\Spybot - Search & Destroy\wsock32.dll
C:\Program Files\sXe Injected\wsock32.dll
C:\Program Files\Synaptics\wsock32.dll
C:\Program Files\SystemRequirementsLab\wsock32.dll
C:\Program Files\Teamspeak2_RC2\wsock32.dll
C:\Program Files\Techland\wsock32.dll
[C:\Program Files\TomTom HOME 2\wsock32.dll
C:\Program Files\TomTom International B.V\wsock32.dll
C:\Program Files\Ubi Soft\wsock32.dll
C:\Program Files\ubi.com\wsock32.dll
C:\Program Files\Uniblue\wsock32.dll
C:\Program Files\Uninstall Information\wsock32.dll
C:\Program Files\Usługi online\wsock32.dll
C:\Program Files\Windows Media Player\wsock32.dll
C:\Program Files\Windows NT\wsock32.dll
C:\Program Files\WindowsUpdate\wsock32.dll
C:\Program Files\WinRAR\wsock32.dll
C:\Program Files\Wireless Console 2\wsock32.dll
C:\Program Files\xerox\wsock32.dll
C:\Program Files\Xfire\wsock32.dll
C:\Qoobox

:Commands
[emptytemp]
[Reboot]

Kliknij w Wykonaj Script.
.
  • 0

#19 szoki

szoki

    Początkujący

  • 51 postów

Napisano 30 07 2010 - 18:32

ok jeszcze nie robiłem reinstalacji.Spróbuje to co wpisałeś.A na tamtego Playera wgrałem Windows Media Player 11.0.5721 PL i śmiga.

ok mam Log link http://wklej.org/id/370768/ .Są zmiany bo nie wyskoczyła inf ta co zwykle,odpalił normalnie.Zaraz jeszcze raz zresetuje by się upewnić i dam znać.
  • 0

#20 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 30 07 2010 - 18:45

Posprawdzaj wszystkie programy, i daj log z OTL, na takim samym dodatkowym ustawieniu, jak ostatnio.
.

  • 0




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych