Prosze o sprawdzenie loga. Spowolniona Praca systemu

[marix]

Proszę o sprawdzenie logów. Komputer od jakiegoś czasu jest spowolniony i coraz wolniej działa. Wykonanie kilka operacji na raz jest dla niego ciężkim przeżyciem.

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon" ["Sony Ericsson Mobile Communications AB"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Adobe Photo Downloader" = ""C:\Programy niesystemowe\AdobePhotoAlbumStarter\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"BearFlix" = ""C:\Program Files\BearFlix\BearFlix.exe" /pause" [file not found]
"avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"UDC Integration" = (empty string)
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Programy niesystemowe\i\iTunesHelper.exe"" ["Apple Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
{HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
{HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{176d6597-26d3-11d1-b350-080036a75b03}" = "Zarządzanie skanerem ICM"
{HKLM...CLSID} = "Zarządzanie skanerem ICM"
\InProcServer32\(Default) = "icmui.dll" [MS]
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Strona właściwości OLE Docfile"
{HKLM...CLSID} = "Strona właściwości OLE Docfile"
\InProcServer32\(Default) = "docprop.dll" [MS]
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Rozszerzenia powłoki dla udostępniania zasobów"
{HKLM...CLSID} = "Rozszerzenia powłoki dla udostępniania zasobów"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
{HKLM...CLSID} = "Rozszerzenie CPL pakietu PlusPack"
\InProcServer32\(Default) = "C:\WINDOWS\system32\themeui.dll" [MS]
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL karty graficznej"
{HKLM...CLSID} = "Rozszerzenie CPL karty graficznej"
\InProcServer32\(Default) = "deskadp.dll" [MS]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Strona zabezpieczeń usługi DS"
{HKLM...CLSID} = "Rozszerzenie powłoki zabezpieczeń"
\InProcServer32\(Default) = "dssec.dll" [MS]
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Strona zgodności"
{HKLM...CLSID} = "Strona zgodności"
\InProcServer32\(Default) = "SlayerXP.dll" [MS]
"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Rozszerzenie Disc Copy"
{HKLM...CLSID} = "Rozszerzenie Disc Copy"
\InProcServer32\(Default) = "diskcopy.dll" [MS]
"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Rozszerzenie powłoki drukarek sieci Web"
{HKLM...CLSID} = "Rozszerzenie powłoki drukarek sieci Web"
\InProcServer32\(Default) = "printui.dll" [MS]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
{HKLM...CLSID} = "Display TroubleShoot CPL Extension"
\InProcServer32\(Default) = "deskperf.dll" [MS]
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Połączenia sieciowe"
{HKLM...CLSID} = "Połączenia sieciowe"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Połączenia sieciowe"
{HKLM...CLSID} = "Połączenia sieciowe"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft Data Link"
{HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"
\InProcServer32\(Default) = "C:\Program Files\Common Files\System\Ole DB\oledb32.dll" [MS]
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
{HKLM...CLSID} = "Scheduling UI icon handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
{HKLM...CLSID} = "Auto Update Property Sheet Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wuaucpl.cpl" [MS]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Strona właściwości Poprzednie wersje"
{HKLM...CLSID} = "Strona właściwości Poprzednie wersje"
\InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [MS]
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
{HKLM...CLSID} = "Audio Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Dostępny"
{HKLM...CLSID} = "Dostępny"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{88C6C381-2E85-11D0-94DE-444553540000}" = "Folder pamięci podręcznej ActiveX"
{HKLM...CLSID} = "Folder pamięci podręcznej ActiveX"
\InProcServer32\(Default) = "C:\WINDOWS\system32\occache.dll" [MS]
"{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"
{HKLM...CLSID} = "WebCheckWebCrawler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Folder skompresowany (zip)"
{HKLM...CLSID} = "CompressedFolder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS]
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" = "Extensions Manager Folder"
{HKLM...CLSID} = "Extensions Manager Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\extmgr.dll" [MS]
"{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"
{HKLM...CLSID} = "Microsoft DocProp Shell Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"
{HKLM...CLSID} = "Microsoft DocProp Inplace Calendar Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS]
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsuiext.dll" [MS]
"{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS]
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"
{HKLM...CLSID} = "DfsShell Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfsshlex.dll" [MS]
"{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"
{HKLM...CLSID} = "Obiekt DropTarget dla Kreatora drukowania fotografii"
\InProcServer32\(Default) = "C:\WINDOWS\system32\photowiz.dll" [MS]
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"
{HKLM...CLSID} = "ExtractIcon Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [MS]
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"
{HKLM...CLSID} = "Plik cabinet"
\InProcServer32\(Default) = "cabview.dll" [MS]
"{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Play as Playlist Context Menu Handler"
{HKLM...CLSID} = "WMP Burn Audio CD Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
{HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
{HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
{HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
{HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
{HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programy niesystemowe\i\iTunesMiniPlayer.dll" ["Apple Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
{HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
{HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "c:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
{HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "c:\WINDOWS\system32\dfshim.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
{HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
{HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
{HKLM...CLSID} = "SysTray"
\InProcServer32\(Default) = "C:\WINDOWS\system32\stobject.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
{HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
{HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Kasia i Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\scrnsave.scr" [null data]

Podejrzewam że mam całe rodzinki. Podaje kolejnego loga

Logfile of HijackThis v1.99.1
Scan saved at 22:40:32, on 2008-04-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Programy niesystemowe\i\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Programy niesystemowe\eMule\emule.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\regedit.exe
C:\ComboFix\nircmd.com
C:\Programy niesystemowe\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programy niesystemowe\AdobePhotoAlbumStarter\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programy niesystemowe\i\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Startup: Registration THE SETTLERS - Dziedzictwo królów - Legendy.LNK = D:\SetlersV\Support\Register\RegistrationReminder.exe
O4 - Startup: Registration THE SETTLERS - Dziedzictwo Królów - Misje Dodatkowe.LNK = D:\SetlersV\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{78DDFB36-31C9-4457-86FA-721787357789}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Z góry dziękuje

[pp3088]

Poproszę o log z Combofix.

Na pierwszy rzut oka logi czyste

[marix]

zaraz zrobię, jak tylko skończę go skanować antywirem. Jak narazie znalazł 16 syfów

zapuściłem maszynę/

[marix]

a tu jeszcze antivir:

Avira AntiVir Personal
Report file date: 28 kwietnia 2008 22:10

Scanning for 1243285 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Dodatek Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: KASIA-MACIEK

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-17 19:47:42
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-17 19:47:42
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-17 19:47:44
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-17 19:47:44
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 14:57:10
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 2008-04-22 19:44:48
ANTIVIR3.VDF : 7.0.3.224 212992 Bytes 2008-04-28 19:41:38
Engineversion : 8.1.0.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-17 19:47:49
AESCRIPT.DLL : 8.1.0.27 233851 Bytes 2008-04-25 19:44:33
AESCN.DLL : 8.1.0.14 119156 Bytes 2008-04-20 19:41:52
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-25 19:44:30
AEPACK.DLL : 8.1.1.2 364917 Bytes 2008-04-20 19:41:50
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-20 19:41:48
AEHEUR.DLL : 8.1.0.20 1196406 Bytes 2008-04-25 19:44:25
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-20 19:41:47
AEGEN.DLL : 8.1.0.18 299381 Bytes 2008-04-25 19:44:11
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-17 19:47:47
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-20 19:41:45
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-17 19:47:42
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-17 19:47:42
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-17 19:47:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-17 19:47:41
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-17 19:47:41
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-17 19:47:45
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-17 19:47:45
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-17 19:47:44
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-17 19:47:34
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-17 19:47:34

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 28 kwietnia 2008 22:10

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sndvol32.exe' - '1' Module(s) have been scanned
Scan process 'gg.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '22' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Programy niesystemowe\instalki\84.43_forceware_winxp2k_english.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP61\A0004865.tlb
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP61\A0004868.exe
[DETECTION] Is the Trojan horse TR/Zlob.AF
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP61\A0004900.tlb
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP61\A0004941.tlb
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP61\A0004958.tlb
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0004972.exe
[DETECTION] Is the Trojan horse TR/Drop.Zlob.RE.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0004975.tlb
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0005000.tlb
[DETECTION] Is the Trojan horse TR/Drop.Zlob.RE.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0005005.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.RB.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0005011.tlb
[DETECTION] Is the Trojan horse TR/Drop.Zlob.RE.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0005020.tlb
[DETECTION] Is the Trojan horse TR/Drop.Zlob.RE.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0005030.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.RB.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0005031.exe
[DETECTION] Is the Trojan horse TR/Drop.Zlob.RE.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0005034.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Zlob.KA.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0005035.tlb
[DETECTION] Is the Trojan horse TR/Drop.Zlob.RE.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0071269.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.DD.1
[NOTE] The file was deleted!
Begin scan in 'D:\'
D:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0109370.ini
[DETECTION] Is the Trojan horse TR/Agent.BCF
[NOTE] The file was deleted!
D:\System Volume Information\_restore{BEA5AD53-C7F6-484C-8D41-7AB9510824E1}\RP62\A0109371.ini
[DETECTION] Is the Trojan horse TR/Agent.BCF
[NOTE] The file was deleted!
D:\Zdjęcia\Sanok-grudzień2004\Temp.Htt
[DETECTION] Is the Trojan horse TR/Jscript.Blackmal.F
[NOTE] The file was deleted!


End of the scan: 28 kwietnia 2008 23:40
Used time: 1:30:58 min

The scan has been done completely.

7322 Scanning directories
221836 Files were scanned
19 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
19 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
221817 Files not concerned
1044 Archives were scanned
2 Warnings
19 Notes

[marix]

i combofix

ComboFix 08-04-27.3 - Kasia i Maciek 2008-04-28 23:55:01.1 - NTFSx86
Running from: C:\Documents and Settings\Kasia i Maciek\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-06-25 03:14 . 2008-06-25 03:14 <DIR> d-------- C:\Documents and Settings\Kasia\Dane aplikacji\vlc
2008-04-19 09:47 . 2008-04-19 09:47 <DIR> d-------- C:\Muzyka
2008-04-16 08:31 . 2008-04-28 10:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 08:31 . 2008-04-16 08:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-01 15:06 . 2008-04-01 15:06 <DIR> d-------- C:\Documents and Settings\Kasia\Dane aplikacji\Talkback
2008-04-01 15:04 . 2008-04-01 15:04 <DIR> d-------- C:\Documents and Settings\Kasia\Dane aplikacji\Thunderbird
2008-03-29 00:37 . 2008-03-29 00:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-29 00:37 . 2008-03-29 00:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 17:35 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-28 17:35 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-28 17:35 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-28 17:18 . 2008-03-28 17:18 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-28 17:16 . 2008-03-28 17:16 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-28 17:11 . 2008-04-09 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-28 17:08 . 2008-03-28 17:08 <DIR> dr-h----- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 17:30 --------- d-----w C:\Documents and Settings\Kasia i Maciek\Dane aplikacji\uTorrent
2008-04-21 16:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 22:53 --------- d-----w C:\Documents and Settings\Kasia\Dane aplikacji\Skype
2008-04-01 21:15 --------- d-----w C:\Documents and Settings\Kasia i Maciek\Dane aplikacji\Skype
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 10:08 --------- d-----w C:\Documents and Settings\Kasia i Maciek\Dane aplikacji\Thunderbird
2008-03-15 14:38 --------- d-----w C:\Documents and Settings\Kasia i Maciek\Dane aplikacji\Talkback
2008-03-11 09:59 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-11 09:59 --------- d-----w C:\Program Files\Common Files\Real
2008-03-11 09:58 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-11 09:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-11 09:58 --------- d-----w C:\Program Files\Real
2008-03-06 19:36 --------- d-----w C:\Program Files\uTorrent
2008-03-03 17:26 --------- d-----w C:\Program Files\iPod
2008-03-03 17:23 --------- d-----w C:\Program Files\Bonjour
2008-03-03 17:22 --------- d-----w C:\Program Files\QuickTime
2008-03-03 17:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-03 17:17 --------- d-----w C:\Program Files\Apple Software Update
2008-03-03 17:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-03 17:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-03-03 11:11 --------- d-----w C:\Program Files\PITy2007
2008-03-03 10:47 --------- d-----w C:\Program Files\PITy
2008-02-28 16:44 --------- d-----w C:\Documents and Settings\Kasia i Maciek\Dane aplikacji\Sony Setup
2008-02-28 16:43 --------- d-----w C:\Program Files\Sony Setup
2008-02-28 16:23 --------- d-----w C:\Program Files\Avanquest update
2008-02-28 16:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-02-28 16:22 --------- d-----w C:\Program Files\Sony Ericsson
2008-02-28 16:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-02-28 16:21 --------- d-----w C:\Documents and Settings\Kasia i Maciek\Dane aplikacji\InstallShield
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-29 11:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2003-03-21 12:45 250,544 ----a-w C:\Program Files\Common Files\keyhelp.ocx
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-02 14:37 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-02 14:19 118784]
"Adobe Photo Downloader"="C:\Programy niesystemowe\AdobePhotoAlbumStarter\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 21:47 262401]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-11 11:58 185896]
"UDC Integration"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="C:\Programy niesystemowe\i\iTunesHelper.exe" [2008-03-30 11:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\Kasia i Maciek\Menu Start\Programy\Autostart\
Registration THE SETTLERS - Dziedzictwo kr˘l˘w - Legendy.LNK - D:\SetlersV\Support\Register\RegistrationReminder.exe [2008-04-21 18:14:16 864256]
Registration THE SETTLERS - Dziedzictwo Kr˘l˘w - Misje Dodatkowe.LNK - D:\SetlersV\Support\Register\RegistrationReminder.exe [2008-04-21 18:14:16 864256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.l3acm"= l3codecp.acm
"vidc.XVID"= xvid.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programy niesystemowe\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programy niesystemowe\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Programy niesystemowe\\eMule\\emule.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Programy niesystemowe\\i\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 10:50:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 00:00:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-29 0:06:47
ComboFix-quarantined-files.txt 2008-04-28 22:06:40

Pre-Run: 1,696,612,352 bajtów wolnych
Post-Run: 2,727,706,624 bajtów wolnych

123 --- E O F --- 2008-04-11 23:03:02

[huber2t]

We wszystkich logach które podałes jest czysto oprucz aviry

Wyłącz i włacz przywracanie systemu na wszystkich dyskach. Instrukcja

I dla pewości przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

[marix]

Nie mogę z jakiś przyczyn tego zrobić:

---------------------------
Przywracanie systemu
---------------------------
Przywracanie systemu napotkało błąd podczas próby włączenia/wyłączenia jednego lub więcej dysków. Uruchom ponownie komputer i spróbuj ponownie.
---------------------------
OK
---------------------------

po resecie wyświetla się ten sam komunikat

[pp3088]

Usuń jeszcze ten plik D:\Zdjęcia\Sanok-grudzień2004\Temp.Htt

Spróbuj w awaryjnym wyłączyć przywracanie systemu. F8 podczas startu systemu.

[marix]

nie da rady, ciagle ten sam komunikat
a moze mam za mało miejsca na dysku?

[huber2t]

Prosiłem cię o coś

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

Najwyżej pliki recznie usuniesz