ďťż

Wštki

Sprawdzenie loga

amper@ - Nie Cze 15, 2008 12:55 pm
Witam i pozdrawiam wszystkich jestem nowy na tym forum mam taka prośbe czy mógłby mi ktoś sprawdzić loga

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:37, on 2008-06-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: COMPANY_NAME WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=19588
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 7507 bytes

Arexe - Nie Cze 15, 2008 1:43 pm
FIX w HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl

Usuń w: Panel Sterowania Dodaj/usuń programy My Global Search Bar

Pokaż log z ComboFix

amper@ - Nie Cze 15, 2008 2:33 pm
dzieki za pomoc juz to zrobiłem a to log z ComboFix

ComboFix 08-06-12.2 - Andrzej Lis 2008-06-15 16:21:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1635 [GMT 2:00]
Running from: C:\Program Files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\Cache\00FA51F8
C:\Program Files\myglobalsearch\bar\Cache\00FA542A
C:\Program Files\myglobalsearch\bar\Cache\00FA5563.bin
C:\Program Files\myglobalsearch\bar\Cache\00FA5747.bin
C:\Program Files\myglobalsearch\bar\Cache\00FA5880.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-15 16:18 . 2008-06-15 16:18 1,979,425 --a------ C:\Program Files\ComboFix.exe
2008-06-15 14:38 . 2008-06-15 14:38 401,720 --a------ C:\Documents and Settings\HiJackThis.exe
2008-06-15 00:34 . 2008-06-15 00:58 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-11 12:17 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:17 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:45 . 2008-06-10 21:45 <DIR> d-------- C:\Program Files\Edgard
2008-06-10 21:24 . 2008-06-10 23:27 48 --a------ C:\WINDOWS\EL0103.dat
2008-06-10 21:01 . 2008-06-10 21:24 <DIR> d-------- C:\Program Files\EasyLanguage
2008-06-10 16:39 . 2008-06-10 16:39 <DIR> d-------- C:\Program Files\MyPlayCity.com
2008-06-10 16:39 . 2008-06-10 16:39 <DIR> d-------- C:\Program Files\MyPlayCity
2008-06-10 16:39 . 2008-06-10 16:39 <DIR> d-------- C:\Program Files\Conduit
2008-06-09 16:42 . 2008-06-09 16:42 65,790 --a------ C:\iranf wiew polski.zip
2008-06-09 14:54 . 2008-06-09 14:55 <DIR> d-------- C:\Program Files\Opera
2008-06-09 14:53 . 2008-06-09 14:53 6,666,408 --a------ C:\Program Files\Opera_9.27_International_Setup.exe
2008-06-06 18:51 . 2008-06-13 22:20 264 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-06 14:58 . 2008-06-06 14:58 <DIR> d-------- C:\Documents and Settings\Andrzej Lis\Dane aplikacji\AdobeAUM
2008-06-05 22:59 . 2008-06-05 22:59 <DIR> d-------- C:\TEMP
2008-06-05 22:12 . 2008-06-09 18:08 <DIR> d-------- C:\Program Files\IrfanView
2008-06-05 19:27 . 2008-05-14 00:05 3,663,208 --a------ C:\BSPL_5.2.5_[www.POBIERALNIA.org].exe
2008-06-03 23:21 . 2008-06-03 23:21 <DIR> d-------- C:\Program Files\Avira
2008-06-03 23:21 . 2008-06-03 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-06-03 23:05 . 2008-06-03 23:05 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-06-01 16:48 . 2008-06-01 16:48 <DIR> d-------- C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Media Player Classic
2008-06-01 16:47 . 2008-06-01 16:47 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-01 16:47 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-30 19:55 . 2008-05-30 19:56 <DIR> d-------- C:\Program Files\Winamp
2008-05-30 19:55 . 2008-05-30 19:58 <DIR> d-------- C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Winamp
2008-05-18 22:13 . 2008-05-18 22:13 <DIR> d-------- C:\Program Files\MarBit
2008-05-18 15:53 . 2001-10-26 17:29 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2008-05-18 15:53 . 2001-10-26 17:29 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-05-18 15:53 . 2001-10-26 17:29 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-05-18 15:53 . 2001-10-26 17:29 71,680 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-05-18 15:53 . 2001-10-26 17:05 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-05-18 15:53 . 2001-10-26 17:05 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 14:19 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-15 14:13 --------- d-----w C:\Program Files\BearShare
2008-06-09 12:44 --------- d-----w C:\Program Files\Google
2008-06-03 17:49 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Winamp
2008-05-28 14:10 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\AdobeUM
2008-05-24 20:39 --------- d-----w C:\Program Files\eMule
2008-05-18 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 13:23 --------- d-----w C:\Program Files\COMPANY_NAME
2008-05-16 16:01 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-13 20:50 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-13 20:35 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Program Files\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\ACD Systems
2008-05-11 08:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2008-05-10 13:27 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Gadu-Gadu
2008-05-09 12:54 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Leadertech
2008-05-09 12:22 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Leadertech
2008-05-09 06:15 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-09 06:15 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-09 06:13 --------- d-----w C:\Program Files\Futuremark
2008-05-09 06:10 --------- d-----w C:\Program Files\ASUS
2008-05-09 05:15 --------- d-----w C:\Program Files\InterVideo
2008-05-09 05:14 65 ----a-w C:\Program Files\Common Files\appop.log
2008-05-09 05:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-09 04:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-09 04:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal
2008-05-08 17:11 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 11:27 --------- d-----w C:\Program Files\EIZO
2008-05-08 06:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-07 22:48 --------- d-----w C:\Documents and Settings\Monika Lis\Dane aplikacji\Teleca
2008-05-07 19:05 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\PC Tools
2008-05-07 17:14 --------- d-----w C:\Program Files\Java
2008-05-07 17:14 --------- d-----w C:\Program Files\Common Files\Java
2008-05-07 14:59 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Gadu-Gadu
2008-05-07 11:57 --------- d-----w C:\Program Files\Analog Devices
2008-05-07 11:53 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-07 11:51 --------- d-----w C:\Program Files\DIFX
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-06 20:52 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-06 20:52 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-06 20:52 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Teleca
2008-05-06 20:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-05-06 20:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-06 20:51 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-05-06 20:51 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-05-06 20:18 --------- d-----w C:\Program Files\Philips
2008-05-06 20:17 --------- d-----w C:\Documents and Settings\Andrzej Lis\Dane aplikacji\InstallShield
2008-05-06 20:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-06 20:05 --------- d-----w C:\Program Files\Usługi online
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 13:44 1470488 --a------ C:\Program Files\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "C:\Program Files\MyPlayCity\tbMyPl.dll" [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= C:\Program Files\MyPlayCity\tbMyPl.dll [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-29 14:00 15360]
"Gadu-Gadu"="D:\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776]
"nwiz"="nwiz.exe" [2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 11:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ScreenManager Pro for LCD"="C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2006-06-08 10:33 8953856]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2006-03-27 17:55 94350]
"DIRECTCD"="C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe" [2005-10-25 00:49 299008]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 02:47 270336]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 14:25 868352]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 08:25 363008]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-29 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
COMPANY_NAME WinCinema Manager.lnk - C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2008-05-09 07:11:28 229376]
InterVideo WinCinema Manager.lnk - C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2008-05-09 07:11:28 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\mohpa.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 06:29]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2006-03-20 19:22]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\E2.tmp []
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 02:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11712b1d-9965-11db-af56-806d6172696f}]
\Shell\AutoRun\command - E:\.\Bin\ASSETUP.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 16:25:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\C:\WINDOWS\TEMP\E2.tmp"
.
Completion time: 2008-06-15 16:26:59
ComboFix-quarantined-files.txt 2008-06-15 14:26:54

Pre-Run: 232,864,346,112 bajtów wolnych
Post-Run: 232,981,544,960 bajtów wolnych

196 --- E O F --- 2008-06-11 17:54:35

Arexe - Nie Cze 15, 2008 4:03 pm
Wklej do notatnika:
Kod: HijackThis

Pokaz tez log z Kaspersky Online Scanner: http://kaspersky.pl/virusscanner.html

amper@ - Nie Cze 15, 2008 4:54 pm
dzięki ten raport to jest to?

pushd "C:\327882R2FWJFW\"

=============================================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Andrzej Lis\Dane aplikacji
cfldr=327882R2FWJFW
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LIS-CE11CCBB06B
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andrzej Lis
kmd=CF10053.exe
LOGONSERVER=\\LIS-CE11CCBB06B
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$
SESSIONNAME=Console
sfxname=C:\Documents and Settings\Andrzej Lis\Pulpit\ComboFix.exe
system=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp
TMP=C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp
USERDOMAIN=LIS-CE11CCBB06B
USERNAME=Andrzej Lis
USERPROFILE=C:\Documents and Settings\Andrzej Lis
windir=C:\WINDOWS

=============================================

if not defined sfxname goto END

If ["C:\Documents and Settings\Andrzej Lis\Pulpit\CFScript.txt"] == [] Set "SfxCmd="

if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort

if exist "C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful

copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF10053.exe"
Liczba skopiowanych plikËw: 1.

if not exist "C:\WINDOWS\system32\CF10053.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF10053.exe"

For /F "tokens=*" %g in ("C:\Documents and Settings\Andrzej Lis\Pulpit\ComboFix.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)

Set FileName 1>FileName 2>nul

GREP -Gisqx "FileName=[-[:alnum:]@.]*" FileName || (
nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)

DIR /AD/B C:\* | Findstr -IVX ComboFix 1>dirname00

Findstr -LIXC:"ComboFix" dirname00 1>nul && call :NameChk

If exist dirname0? del /Q dirname0?

If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (
rd /s/q "\ComboFix"
If exist "\ComboFix" (
PV -kf Findstr *.cfexe
rd /s/q "\ComboFix"
)
If exist "\ComboFix" (
handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\ComboFix"
)
)
Killing 'Findstr'
Killing '*.cfexe'

If exist "\ComboFix" rd /s/q "\ComboFix"

If exist "\ComboFix" goto :eof

amper@ - Nie Cze 15, 2008 4:58 pm
a drugi log to

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:02, on 2008-06-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CF13405.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: COMPANY_NAME WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=19588
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 7562 bytes

Arexe - Nie Cze 15, 2008 5:07 pm
log powinien zawierac nazwy znalezionych wirusów (jesli byly) ale mysle ze jest wszystko dobrze

Jedynie FIX w HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

amper@ - Nie Cze 15, 2008 5:37 pm
raport z kasperski online

KASPERSKY ONLINE SCANNER REPORT
15 czerwiec 2008 19:32:16
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus15/06/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus867762

Ustawienia skanowania
Skanowanie przy użyciu następujących baz danych rozszerzone
Skanuj archiwa tak
Skanuj pocztowe bazy danych tak

Obszar skanowania Mój komputer
A:\
C:\
D:\
E:\

Statystyki skanowania
Liczba skanowanych obiektów 55864
Liczba wykrytych wirusów 0
Liczba zainfekowanych obiektów 0
Liczba podejrzanych obiektów 0
Czas trwania skanowania 00:22:12

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty

C:\Documents and Settings\Andrzej Lis\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\Andrzej Lis\Dane aplikacji\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked pominięty

C:\Documents and Settings\Andrzej Lis\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\Andrzej Lis\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Temp\~DFBE4.tmp Object is locked pominięty

C:\Documents and Settings\Andrzej Lis\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

C:\System Volume Information\_restore{4ECB4873-555F-4B4B-8B76-50161E5965F1}\RP54\change.log Object is locked pominięty

C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

C:\WINDOWS\SchedLgU.Txt Object is locked pominięty

C:\WINDOWS\SoftwareDistribution\EventCache\{7646BDE9-488F-4F2A-8BAD-427919FAB7EA}.bin Object is locked pominięty

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

C:\WINDOWS\Sti_Trace.log Object is locked pominięty

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\default Object is locked pominięty

C:\WINDOWS\system32\config\default.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SAM Object is locked pominięty

C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

C:\WINDOWS\system32\config\software Object is locked pominięty

C:\WINDOWS\system32\config\software.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\system Object is locked pominięty

C:\WINDOWS\system32\config\system.LOG Object is locked pominięty

C:\WINDOWS\system32\h323log.txt Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty

C:\WINDOWS\Temp\bca4e2da.$$$ Object is locked pominięty

C:\WINDOWS\Temp\fa56d7ec.$$$ Object is locked pominięty

C:\WINDOWS\wiadebug.log Object is locked pominięty

C:\WINDOWS\wiaservc.log Object is locked pominięty

C:\WINDOWS\WindowsUpdate.log Object is locked pominięty

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

D:\System Volume Information\_restore{4ECB4873-555F-4B4B-8B76-50161E5965F1}\RP54\change.log Object is locked pominięty

Proces skanowania został zakończony.

Arexe - Nie Cze 15, 2008 6:27 pm
Więc wszystko OK

amper@ - Nie Cze 15, 2008 7:01 pm
Dzięki za pomoc

Sitedesign by AltusUmbrae.

Darmowy hosting zapewnia PRV.PL