Heur.w32 inny przypadek

**Posty:** 2 · przez **spag** 08 Maj 2009, 19:03

Witam to moj pierwszy post , mam problem z tym wirusem objawy troche inne niz te ktore znalazlem w szukajce

1) pierwszy z nich to pojawienie sie dymka o wylaczonym firewall-u windowsowym i uruchamianie nic nie daje bo po restarcie jest to samo
2)nie moznosc otwarcia rejestru komunikat ze "edycja zostala zablokowana przez admina '
3) nie moznosc otwarcia menedzera zadan prawoklikiem w trayu
poza tym ogolne spowoalnienie kompa oraz nie widzi mojego dysku zewnetrznego
probowalem wejsc przez f8 w awaryjny niestety nie daje sie wejsc resetuje sie komp

domyslam sie ze te dwie linijki sa kluczowe plus z hijaacka oznaczona 07

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

zalaczam ponizej logi z combofixa i hijaacka

Kod: Zaznacz wszystko: ComboFix 09-05-07.A01 - Sylwia i Alek 2009-05-08 17:32.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.445.70 [GMT 1:00] Uruchomiony z: c:\documents and settings\Sylwia i Alek\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Sylwia i Alek\Pulpit\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR ((((((((((((((((((((((((( Pliki utworzone od 2009-04-08 do 2009-05-08 ))))))))))))))))))))))))))))))) . 2009-05-06 21:42 . 2009-05-06 21:42 1607065 ----a-w C:\SDFix.exe 2009-05-06 21:38 . 2009-05-06 21:38 -------- d-----w c:\documents and settings\Sylwia i Alek\Dane aplikacji\ArcaBit 2009-05-06 20:34 . 2009-05-06 20:35 -------- d-----w c:\documents and settings\Sylwia i Alek\Dane aplikacji\ArcaMicroScan 2009-05-06 20:13 . 2009-05-06 20:13 -------- d-----w c:\program files\Trend Micro 2009-05-06 20:09 . 2008-11-06 01:03 -------- d-----w C:\SDFix 2009-05-06 19:49 . 2009-05-06 19:49 -------- d-----w c:\documents and settings\Sylwia i Alek\Dane aplikacji\Malwarebytes 2009-05-06 19:49 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-06 19:49 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-06 19:49 . 2009-05-06 19:49 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-05-06 19:49 . 2009-05-06 19:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-01 12:57 . 2009-05-01 12:57 -------- d-----w c:\documents and settings\Sylwia i Alek\Dane aplikacji\Thinstall 2009-05-01 12:26 . 2009-05-01 12:26 -------- d-sh--w c:\documents and settings\Sylwia i Alek\Phone Browser 2009-04-29 12:20 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll 2009-04-23 15:59 . 2002-01-10 20:19 32208 ----a-w c:\windows\system32\DK2WIN16.DLL 2009-04-23 15:55 . 2002-07-04 11:33 17330 ----a-w c:\windows\system32\drivers\FlsUsbLd.sys 2009-04-23 15:54 . 2009-04-23 15:54 1391980 ----a-w C:\fls4.exe 2009-04-22 17:32 . 2009-04-22 17:32 -------- d-----w c:\program files\ODEON 2009-04-22 17:31 . 2009-04-22 17:32 18249007 ----a-w C:\JAFSetup_1.98.62.exe 2009-04-22 17:16 . 2006-08-29 14:56 32377 ----a-w c:\windows\system32\drivers\prodigy.sys 2009-04-22 17:16 . 2009-04-22 17:16 -------- d-----w c:\program files\NSS 2009-04-22 16:57 . 2009-04-22 16:57 -------- d-----w c:\program files\Common Files\PCSuite 2009-04-22 16:54 . 2008-08-26 09:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys 2009-04-22 16:54 . 2009-04-22 16:54 -------- d-----w c:\program files\PC Connectivity Solution 2009-04-22 16:53 . 2009-03-19 12:48 8320 ----a-w c:\windows\system32\drivers\nmwcdnsuc.sys 2009-04-22 16:53 . 2009-03-19 12:48 136704 ----a-w c:\windows\system32\drivers\nmwcdnsu.sys 2009-04-19 15:47 . 2009-04-19 15:48 -------- d-----w c:\documents and settings\Sylwia i Alek\Ustawienia lokalne\Dane aplikacji\Google 2009-04-19 15:47 . 2009-04-19 15:47 -------- d-----w c:\windows\system32\IOSUBSYS 2009-04-19 15:46 . 2009-04-19 15:46 -------- d-----w c:\program files\Google 2009-04-19 15:35 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-19 15:35 . 2009-03-06 14:22 285696 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-19 15:35 . 2009-02-09 11:25 111104 ------w c:\windows\system32\dllcache\services.exe 2009-04-19 15:35 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-19 15:35 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-19 15:35 . 2009-02-09 10:53 686592 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-19 15:35 . 2009-02-09 10:53 731136 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-19 15:35 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-19 15:35 . 2009-02-09 10:53 722944 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-19 15:34 . 2008-04-21 21:16 218112 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-15 21:29 . 2009-04-15 21:29 3366912 ----a-w c:\windows\system32\GPhotos.scr . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-08 16:35 . 2009-01-10 15:39 9781 ----a-w c:\windows\bthservsdp.dat 2009-04-24 16:29 . 1979-12-31 23:00 88330 ----a-w c:\windows\system32\perfc015.dat 2009-04-24 16:29 . 1979-12-31 23:00 495938 ----a-w c:\windows\system32\perfh015.dat 2009-04-22 14:08 . 2009-01-25 16:45 1859584 ----a-w c:\windows\system32\FLSINST.DLL 2009-03-27 15:15 . 2009-03-27 15:15 -------- d-----w c:\program files\TomTom International B.V 2009-03-27 14:31 . 2009-03-27 14:31 14205952 ----a-w C:\GarminMobileXTforSymbianS603rdEdition_50030.exe 2009-03-06 14:22 . 1979-12-31 23:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:10 . 1979-12-31 23:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:13 . 1979-12-31 23:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 18:09 . 2004-08-03 23:38 2067328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 13:07 . 1979-12-31 23:00 1847040 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:26 . 1979-12-31 23:00 2190336 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:25 . 1979-12-31 23:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 1979-12-31 23:00 731136 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 1979-12-31 23:00 722944 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:53 . 1979-12-31 23:00 686592 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 1979-12-31 23:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 06:37 . 2009-01-20 16:29 7808 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-02-09 06:37 . 2009-01-20 16:28 659968 ----a-w c:\windows\system32\nmwcdcocls.dll 2009-02-09 06:37 . 2009-01-20 16:28 7808 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys 2009-02-09 06:37 . 2009-01-20 16:28 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys 2009-02-09 06:37 . 2009-01-20 16:28 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys 2009-02-08 16:05 . 2009-01-10 16:17 35008 ----a-w c:\documents and settings\Sylwia i Alek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-02-06 08:41 . 2009-02-06 08:41 24 --sh--w c:\windows\S83A54D1A.tmp . ((((((((((((((((((((((((((((( SnapShot@2009-05-08_16.00.43 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-08 16:36 . 2009-05-08 16:36 16384 c:\windows\Temp\Perflib_Perfdata_990.dat + 2009-05-08 16:36 . 2009-05-08 16:36 16384 c:\windows\Temp\Perflib_Perfdata_68c.dat - 2009-05-08 15:59 . 2009-05-08 15:59 16384 c:\windows\Temp\Perflib_Perfdata_68c.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 11:58 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-3-14 331776] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Programy\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Sylwia i Alek\\Pulpit\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Gadu-Gadu\\gg.exe"= "d:\\Programy\\spik\\SpikOnStick\\Spik.exe"= "c:\\Program Files\\Spik\\Spik.exe"= "c:\\Program Files\\BlueSoleil\\BlueSoleil.exe"= "c:\\WINDOWS\\System32\\dpvsetup.exe"= "d:\\PROGRAMY\\Mobiola Web Camera for S60\\webcam.exe"= "c:\\Program Files\\Common Files\\Nokia\\Tss\\Instrument API\\bin\\root.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Java\\JRE6\\launch4j-tmp\\JDownloader.exe"= "c:\\WINDOWS\\System32\\java.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"= "c:\\WINDOWS\\Alaunch.exe"= "c:\\Documents and Settings\\Sylwia i Alek\\Ustawienia lokalne\\Dane aplikacji\\Google\\Update\\GoogleUpdate.exe"= "d:\\PROGRAMY\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Sylwia i Alek\\Dane aplikacji\\IDM\\ArcaMicroScan\\arcamicroscan.exe"= R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [2009-01-25 33404] R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [2009-01-25 13440] R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [2009-01-25 16314] R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [2009-01-25 8344] R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [2009-01-25 34080] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-10 206096] R2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [2009-01-25 10454] R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\gilpki.sys --> c:\windows\system32\drivers\gilpki.sys [?] R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [1980-01-01 200576] S1 dk2drv;DK2 WindowsNT Driver;\??\c:\windows\SYSTEM32\Drivers\dk2drv.sys --> c:\windows\SYSTEM32\Drivers\dk2drv.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-04-22 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-04-22 8320] S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [2007-06-29 33664] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-03-18 92008] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - ASC3360PR [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d22134c-e61a-11dd-a64a-0009dd611efd}] \Shell\AutoRun\command - M:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e849f2a-0d9b-11de-a6b9-0009dd611efd}] \Shell\AutoRun\command - J:\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bd59b8f-2f5d-11de-a6e8-0009dd611efd}] \sheLl\AutOpLAy\Command - J:\xjfw.exe \sheLl\AutoRun\command - J:\xjfw.exe \sheLl\ExplorE\COmmand - J:\xjfw.exe \sheLl\open\cOmmanD - J:\xjfw.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bccfb0f1-1b13-11de-a6de-0009dd611efd}] \Shell\AutoRun\command - L:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9910678-0a45-11de-a6b0-0009dd611efd}] \Shell\AutoRun\command - J:\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9910679-0a45-11de-a6b0-0014a41e5752}] \Shell\AutoRun\command - J:\AUTORUN.EXE . Zawartość folderu 'Zaplanowane zadania' 2009-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3564631150-1073021101-2450427402-1005.job - c:\documents and settings\Sylwia i Alek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-05-03 21:15] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Ściągnij przez IDM - d:\programy\Internet Download Manager\IEExt.htm IE: Ściągnij wszystkie linki przez IDM - d:\programy\Internet Download Manager\IEGetAll.htm IE: Ściągnij zawartość wideo FLV przez IDM - d:\programy\Internet Download Manager\IEGetVL.htm Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dll FF - ProfilePath - c:\documents and settings\Sylwia i Alek\Dane aplikacji\Mozilla\Firefox\Profiles\6snieyms.default\ FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?shva=1#inbox|http://www.hotukdeals.com/all/deals/new|http://btgigs.info/browse.php|http://www.ebay.co.uk/ FF - component: c:\documents and settings\Sylwia i Alek\Dane aplikacji\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\Sylwia i Alek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Spik\mozilla\npwpk.dll FF - plugin: d:\programy\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: d:\programy\Mozilla Firefox\plugins\npcsau7.dll FF - plugin: d:\programy\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: d:\programy\Mozilla Firefox\plugins\npsnapfish.dll FF - plugin: d:\programy\Mozilla Firefox\plugins\npwpk.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-08 17:37 Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):08,ec,29,b7,f2,12,c6,ac,43,5f,7c,b8,89,cc,b1,5e,5a,9e,09,89,ca, 46,24,83,4e,fa,ab,54,02,ea,9f,69,6f,a2,2b,42,f3,43,4a,25,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):ae,e5,49,51,33,0b,ee,ec,08,28,60,d9,35,e7,b9,a6,4b,5a,92,7f,5f, e8,02,99,30,21,fb,39,19,be,1d,b3,71,92,e8,5d,9c,2c,8f,89,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c4ca4096-3768-4448-9e79-00ed37e56894}] @Denied: (Full) (Everyone) "Model"=dword:0000006c "Therad"=dword:00000015 "MData"=hex(0):ea,1a,a4,c6,b2,56,1b,c9,e6,48,14,81,3d,be,73,80,e8,0c,79,54,eb, a6,e1,7b,3b,8a,0a,32,11,89,01,b5,8f,49,9e,6b,46,83,77,8b,c5,dd,0c,b5,96,0f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9cd2e3a-3aa7-49ae-a0b8-0f3f26010f61}] @Denied: (Full) (Everyone) "Model"=dword:0000001d "Therad"=dword:00000015 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(3424) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\SYSTEM32\WUDFHOST.EXE c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\acer\EMANAGER\ANBMSERV.EXE c:\program files\JAVA\JRE6\BIN\JQS.EXE c:\windows\SYSTEM32\FXSSVC.EXE c:\windows\SYSTEM32\KEYHOOK.EXE c:\windows\SOUNDMAN.EXE c:\program files\SYNAPTICS\SYNTP\SYNTPLPR.EXE c:\program files\SYNAPTICS\SYNTP\SYNTPENH.EXE d:\programy\Internet Download Manager\IDMan.exe c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE c:\windows\system32\wscntfy.exe d:\programy\Internet Download Manager\IEMonitor.exe . ************************************************************************** . Czas ukończenia: 2009-05-08 17:40 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-05-08 16:40 ComboFix2.txt 2009-05-08 16:04 Przed: 4 869 390 336 bajtów wolnych Po: 4 800 954 368 bajtów wolnych 263 --- E O F --- 2009-04-19 15:55

a teraz hijack

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:41:08, on 2009-05-08 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Acer\eManager\anbmServ.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ctfmon.exe D:\PROGRAMY\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe D:\PROGRAMY\Internet Download Manager\IEMonitor.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\PROGRAMY\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] D:\PROGRAMY\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Ściągnij przez IDM - D:\PROGRAMY\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - D:\PROGRAMY\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - D:\PROGRAMY\Internet Download Manager\IEGetVL.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- End of file - 5919 bytes

prosilbym o wstawienie jak rozwiazac ten problem

**Posty:** 18165 · przez **wojtas** 09 Maj 2009, 14:45

Poczytaj o nowej zasadzie na forum i sie do niej zastosuj

**Posty:** 2 · przez **spag** 09 Maj 2009, 16:23

oki wiec wstawiam tutaj z rsit

rsit 1

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by Sylwia i Alek at 2009-05-09 15:13:15 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 5 GB (26%) free of 17 GB Total RAM: 445 MB (15% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:13:29, on 2009-05-09 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\PROGRAMY\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe D:\PROGRAMY\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe D:\PROGRAMY\Internet Download Manager\IEMonitor.exe d:\RSIT.exe C:\Program Files\trend micro\Sylwia i Alek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\PROGRAMY\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKCU\..\Run: [IDMan] D:\PROGRAMY\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Ściągnij przez IDM - D:\PROGRAMY\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - D:\PROGRAMY\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - D:\PROGRAMY\Internet Download Manager\IEGetVL.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- End of file - 6053 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3564631150-1073021101-2450427402-1005.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - D:\PROGRAMY\Internet Download Manager\IDMIECC.dll [2009-04-27 169392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-10 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-10 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-10 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"=Alaunch [] "SiSPower"=SiSPower.dll,ModeAgent [] "SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-03-04 106496] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2009-05-08 77824] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2009-05-08 98304] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-07 688218] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IDMan"=D:\PROGRAMY\Internet Download Manager\IDMan.exe [2009-04-29 2799024] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=1 "DisableRegistryTools"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Programy\uTorrent\uTorrent.exe"="D:\Programy\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\Sylwia i Alek\Pulpit\utorrent.exe"="C:\Documents and Settings\Sylwia i Alek\Pulpit\utorrent.exe:*:Enabled:µTorrent" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Gadu-Gadu\gg.exe"="D:\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "D:\Programy\spik\SpikOnStick\Spik.exe"="D:\Programy\spik\SpikOnStick\Spik.exe:*:Enabled:Spik" "C:\Program Files\Spik\Spik.exe"="C:\Program Files\Spik\Spik.exe:*:Enabled:Spik" "C:\Program Files\BlueSoleil\BlueSoleil.exe"="C:\Program Files\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "D:\PROGRAMY\Mobiola Web Camera for S60\webcam.exe"="D:\PROGRAMY\Mobiola Web Camera for S60\webcam.exe:*:Enabled:Mobiola Web Camera" "C:\Program Files\Common Files\Nokia\Tss\Instrument API\bin\root.exe"="C:\Program Files\Common Files\Nokia\Tss\Instrument API\bin\root.exe:*:Enabled:root" "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater" "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Java\JRE6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\JRE6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary" "C:\WINDOWS\System32\java.exe"="C:\WINDOWS\System32\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe:*:Enabled:ipsec" "C:\WINDOWS\Alaunch.exe"="C:\WINDOWS\Alaunch.exe:*:Enabled:ipsec" "C:\Documents and Settings\Sylwia i Alek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Sylwia i Alek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec" "D:\PROGRAMY\Mozilla Firefox\firefox.exe"="D:\PROGRAMY\Mozilla Firefox\firefox.exe:*:Enabled:ipsec" "C:\Documents and Settings\Sylwia i Alek\Dane aplikacji\IDM\ArcaMicroScan\arcamicroscan.exe"="C:\Documents and Settings\Sylwia i Alek\Dane aplikacji\IDM\ArcaMicroScan\arcamicroscan.exe:*:Enabled:ipsec" "D:\PROGRAMY\Internet Download Manager\IDMan.exe"="D:\PROGRAMY\Internet Download Manager\IDMan.exe:*:Enabled:ipsec" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec" "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe:*:Enabled:ipsec" "C:\WINDOWS\system32\keyhook.exe"="C:\WINDOWS\system32\keyhook.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dd22b65-2f2f-11de-a6e6-0009dd611efd}] shell\AUToPlaY\command - J:\wptt.pif shell\AutoRun\command - J:\wptt.pif shell\expLore\command - J:\wptt.pif shell\OpeN\command - J:\wptt.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d22134c-e61a-11dd-a64a-0009dd611efd}] shell\AutoRun\command - M:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e849f2a-0d9b-11de-a6b9-0009dd611efd}] shell\AutoRun\command - J:\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bd59b8f-2f5d-11de-a6e8-0009dd611efd}] shell\AutOpLAy\command - J:\xjfw.exe shell\AutoRun\command - J:\xjfw.exe shell\ExplorE\command - J:\xjfw.exe shell\open\command - J:\xjfw.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bccfb0f1-1b13-11de-a6de-0009dd611efd}] shell\AutoRun\command - L:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9910678-0a45-11de-a6b0-0009dd611efd}] shell\AutoRun\command - J:\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9910679-0a45-11de-a6b0-0014a41e5752}] shell\AutoRun\command - J:\AUTORUN.EXE ======List of files/folders created in the last 1 months====== 2009-05-09 15:13:15 ----D---- C:\rsit 2009-05-08 21:14:48 ----A---- C:\WINDOWS\ModemLog_Nokia 5800 XpressMusic Bluetooth Modem #2.txt 2009-05-08 21:13:44 ----A---- C:\WINDOWS\ModemLog_Standardowy modem wykorzystujący łącze Bluetooth #4.txt 2009-05-08 18:23:06 ----D---- C:\Program Files\EsetOnlineScanner 2009-05-08 17:45:54 ----D---- C:\WINDOWS\pss 2009-05-08 17:40:32 ----A---- C:\ComboFix.txt 2009-05-08 16:54:53 ----A---- C:\Boot.bak 2009-05-08 16:54:41 ----RASHD---- C:\cmdcons 2009-05-08 16:52:27 ----A---- C:\WINDOWS\zip.exe 2009-05-08 16:52:27 ----A---- C:\WINDOWS\vFind.exe 2009-05-08 16:52:27 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-05-08 16:52:27 ----A---- C:\WINDOWS\SWSC.exe 2009-05-08 16:52:27 ----A---- C:\WINDOWS\SWREG.exe 2009-05-08 16:52:27 ----A---- C:\WINDOWS\sed.exe 2009-05-08 16:52:27 ----A---- C:\WINDOWS\NIRCMD.exe 2009-05-08 16:52:27 ----A---- C:\WINDOWS\grep.exe 2009-05-08 16:52:16 ----D---- C:\WINDOWS\ERDNT 2009-05-08 16:50:29 ----D---- C:\Qoobox 2009-05-06 22:38:22 ----D---- C:\Documents and Settings\Sylwia i Alek\Dane aplikacji\ArcaBit 2009-05-06 21:34:59 ----D---- C:\Documents and Settings\Sylwia i Alek\Dane aplikacji\ArcaMicroScan 2009-05-06 21:13:50 ----D---- C:\Program Files\Trend Micro 2009-05-06 21:09:32 ----D---- C:\SDFix 2009-05-06 20:49:49 ----D---- C:\Documents and Settings\Sylwia i Alek\Dane aplikacji\Malwarebytes 2009-05-06 20:49:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-06 20:49:36 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2009-05-01 13:57:49 ----D---- C:\Documents and Settings\Sylwia i Alek\Dane aplikacji\Thinstall 2009-04-29 13:20:13 ----A---- C:\WINDOWS\system32\idmmbc.dll 2009-04-28 19:22:56 ----A---- C:\WINDOWS\ModemLog_Nokia 5800 XpressMusic Bluetooth Modem.txt 2009-04-23 16:59:51 ----A---- C:\WINDOWS\system32\DK2WIN16.DLL 2009-04-23 16:54:17 ----A---- C:\fls4.exe 2009-04-22 18:32:45 ----D---- C:\Program Files\ODEON 2009-04-22 18:31:20 ----A---- C:\JAFSetup_1.98.62.exe 2009-04-22 18:16:42 ----D---- C:\Program Files\NSS 2009-04-22 17:57:25 ----D---- C:\Program Files\Common Files\PCSuite 2009-04-22 17:54:34 ----D---- C:\Program Files\PC Connectivity Solution 2009-04-22 15:08:18 ----A---- C:\WINDOWS\system32\FLSINSTU.INI 2009-04-19 16:55:49 ----HD---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-19 16:55:44 ----HD---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-19 16:52:49 ----HD---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-19 16:52:39 ----HD---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-19 16:52:34 ----HD---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-19 16:52:16 ----HD---- C:\WINDOWS\$NtUninstallKB923561$ 2009-04-19 16:47:28 ----D---- C:\WINDOWS\system32\IOSUBSYS 2009-04-19 16:46:32 ----D---- C:\Program Files\Google ======List of files/folders modified in the last 1 months====== 2009-05-09 15:09:56 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt 2009-05-09 15:09:10 ----RASH---- C:\boot.ini 2009-05-09 15:09:10 ----A---- C:\WINDOWS\win.ini 2009-05-09 15:09:10 ----A---- C:\WINDOWS\system.ini 2009-05-08 21:08:20 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-08 20:55:56 ----A---- C:\WINDOWS\ModemLog_Standardowy modem wykorzystujący łącze Bluetooth.txt 2009-05-08 20:55:50 ----A---- C:\WINDOWS\ModemLog_Standardowy modem wykorzystujący łącze Bluetooth #2.txt 2009-05-08 18:29:38 ----A---- C:\WINDOWS\SOUNDMAN.EXE 2009-05-06 17:41:00 ----A---- C:\WINDOWS\LEXSTAT.INI 2009-04-24 17:29:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-22 15:08:20 ----A---- C:\WINDOWS\system32\FLSINST.DLL 2009-04-19 16:55:48 ----A---- C:\WINDOWS\imsins.BAK ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2004-08-25 5120] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-25 13312] R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952] R2 FLE5WNNT;FLE-5 WindowsNT Driver; \??\C:\WINDOWS\System32\Drivers\fle5wnnt.sys [] R2 FLSIFACE;FLSIface; \??\C:\WINDOWS\System32\Drivers\flsiface.sys [] R2 FLSPAR;FLSPar; \??\C:\WINDOWS\System32\Drivers\flspar.sys [] R2 FLSSER;FLSSer; \??\C:\WINDOWS\System32\Drivers\flsser.sys [] R2 FLSVCOM;FLSVCom; \??\C:\WINDOWS\System32\Drivers\flsvcom.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059] R2 PARLDR2K;ParLdr2k; \??\C:\WINDOWS\system32\drivers\parldr2k.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-24 2311680] R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2004-12-24 10880] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-10 449888] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\gilpki.sys [] R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488] R3 BthEnum;Usługa wyliczania Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] R3 BTHMODEM;Sterownik komunikacyjny modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] R3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208] R3 HSFHWSIS;HSFHWSIS; C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 200576] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-03-14 6144] R3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-02 240640] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-07 185824] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2008-07-23 15264] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232] R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S1 dk2drv;DK2 WindowsNT Driver; \??\C:\WINDOWS\SYSTEM32\Drivers\dk2drv.sys [] S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-07-16 23040] S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-30 11988] S3 BTHPORT;Sterownik portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 catchme;catchme; \??\C:\DOCUME~1\SYLWIA~1\USTAWI~1\Temp\catchme.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-08-22 101120] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TSWLAN;TsWlan Packet Driver; C:\WINDOWS\system32\drivers\TsWlan.sys [2007-06-29 33664] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808] S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836] S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2008-07-23 47744] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-10 152984] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 218040] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-05-08 999936] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 698880] S4 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-03-18 173928] -----------------EOF-----------------

rsit 2

Kod: Zaznacz wszystko: info.txt logfile of random's system information tool 1.06 2009-05-09 15:13:32 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\Setup.exe" -l0x9 -uninst -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acer eManager for Notebook-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001} Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Aktualizacja krytyczna dla programu Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0015 -removeonly CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD" DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DK2 DESkey Drivers v7.14.0.25-->rundll32 C:\WINDOWS\system32\DK2INST.DLL,RunDLL_Uninstall ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe FLS-4 Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15EE9BD6-8FBD-4473-B065-FDF13DB8539A}\Setup.exe" -l0x9 FLS4_ObjectFLS4_Install FLS-4 Driver Installation-->rundll32 C:\WINDOWS\system32\flsinst.dll,UnInstall FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe" Foxit Reader-->D:\PROGRAMY\Foxit Reader\Uninstall.exe Foxit Toolbar-->"C:\Program Files\AskBarDis\unins000.exe" Gadu-Gadu 7.7-->D:\Gadu-Gadu\Setup.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Internet Download Manager-->D:\PROGRAMY\Internet Download Manager\Uninstall.exe iOutlookWorks 7.64-->C:\Program Files\A4Tech\Mouse\Uninst32.exe JAF Setup-->"C:\Program Files\ODEON\JAF\uninstall.exe" Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} K-Lite Mega Codec Pack 4.5.3-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lexmark 640 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE -dLexmark 640 Series MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 — pakiet języka polskiego-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PLK\install.exe Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0 Polish Language Pack-->MsiExec.exe /X{FD593DE6-C3A0-4722-8E86-9DEEF0A93290} Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mobiola Web Camera for S60 3.0.15-->"D:\Programy\Mobiola Web Camera for S60\unins000.exe" Motorola Driver Installation-->MsiExec.exe /I{52F6065D-27D0-4680-B2BC-C49C9A252459} Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0015 -removeonly MOV Converter 1.01-->"C:\Program Files\Boilsoft MOV Converter\unins000.exe" Mozilla Firefox (3.0.10)-->D:\PROGRAMY\Mozilla Firefox\uninstall\helper.exe MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D} Nokia Firmware RM-159 EURO-->"C:\Program Files\InstallShield Installation Information\{91D9E073-CB3C-46C1-ABA9-F2FB2CCFCC9E}\setup.exe" -runfromtemp -l0x0009 -removeonly Nokia Firmware RM-244 EMEA-->C:\Program Files\InstallShield Installation Information\{D9A9857D-EC30-4BC6-A949-6D80FE22BA37}\setup.exe -runfromtemp -l0x0009 -removeonly Nokia Firmware RM-356 EMEA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE112F6C-D282-4547-BAC7-EB4745615592}\setup.exe" -l0x9 -removeonly Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943} Nokia PC Suite-->C:\Documents and Settings\All Users\Dane aplikacji\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_pol.exe Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE} Nokia Service Tool Drivers-->MsiExec.exe /I{7978920A-27A6-43D4-A441-502FDCBA67D4} Nokia Software Updater-->MsiExec.exe /X{EF4F620F-F295-41D7-92C0-6B635709C850} NSS (remove only)-->C:\Program Files\NSS\uninstall.exe NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4 NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7 O2 Connection Manager-->MsiExec.exe /X{CE562EB7-1EF6-428D-9092-13296236C2DF} OJOsoft Total Video Converter-->"C:\Program Files\OJOsoft\OJOsoft Total Video Converter\unins000.exe" Pakiet języka polskiego dla systemu Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Polish Language Pack\setup.exe Pakiet sterowników systemu Windows - Nokia Modem (02/23/2009 7.01.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_171C10620CF14FA76859E310DF8C6CF642D81C73\nokbtmdm.inf Pakiet sterowników systemu Windows - Nokia Modem (02/24/2009 4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_5929FEDBB724B17D4BCDD74361BD95262BE1608B\nokia_bluetooth.inf Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D} PDFCreator PL 0.8.0-->C:\Program Files\PDFCreator PL\unins000.exe Phoenix Service Software-->MsiExec.exe /I{189DC678-AF8F-4673-8A76-6840E49CFE5F} Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" Poprawka dla programu Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem3.inf SiSAGP driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x15 Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SoftV90 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_00821025\HXFSETUP.EXE -U -IAcrSisK.inf Spik-->C:\Program Files\Spik\SpikRemove.exe SubEdit-Player-->"D:\PROGRAMY\SubEdit-Player\unins000.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tesco Internet Phone-->"C:\Program Files\Tesco Internet Phone\unins000.exe" TomTom HOME 2.6.1.1549-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Total Video Converter 3.20 090104-->"C:\Program Files\Total Video Converter\unins000.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VoipDiscount-->"C:\Program Files\VoipDiscount.com\VoipDiscount\unins000.exe" Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation Language Pack (PLK)-->MsiExec.exe /X{2D43FD89-B225-4334-B4AA-0983400BE61B} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation PL Language Pack-->MsiExec.exe /I{DB76863D-D4D9-4AB3-AFDC-26717BA1E11C} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XnView 1.95.4-->"D:\Programy\XnView\unins000.exe" ======System event log====== Computer Name: ACER-LAPTOP Event Code: 7036 Message: Usługa Usługi terminalowe weszła w stan uruchomienia. Record Number: 5088 Source Name: Service Control Manager Time Written: 20090313160835.000000+000 Event Type: informacje User: Computer Name: ACER-LAPTOP Event Code: 6005 Message: Uruchomiono usługę Dziennik zdarzeń. Record Number: 5087 Source Name: EventLog Time Written: 20090313160813.000000+000 Event Type: informacje User: Computer Name: ACER-LAPTOP Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Uniprocessor Free. Record Number: 5086 Source Name: EventLog Time Written: 20090313160813.000000+000 Event Type: informacje User: Computer Name: ACER-LAPTOP Event Code: 6006 Message: Zatrzymano usługę Dziennik zdarzeń. Record Number: 5085 Source Name: EventLog Time Written: 20090313092503.000000+000 Event Type: informacje User: Computer Name: ACER-LAPTOP Event Code: 7036 Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan zatrzymania. Record Number: 5084 Source Name: Service Control Manager Time Written: 20090313080943.000000+000 Event Type: informacje User: =====Application event log===== Computer Name: ACER-LAPTOP Event Code: 1002 Message: Powłoka systemowa została nagle zatrzymana i uruchomiono Explorer.exe. Record Number: 372 Source Name: Winlogon Time Written: 20090206105001.000000+000 Event Type: informacje User: Computer Name: ACER-LAPTOP Event Code: 1002 Message: Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Record Number: 371 Source Name: Application Hang Time Written: 20090206104955.000000+000 Event Type: błąd User: Computer Name: ACER-LAPTOP Event Code: 11708 Message: Product: BlueSoleil -- Installation operation failed. Record Number: 370 Source Name: MsiInstaller Time Written: 20090206104308.000000+000 Event Type: informacje User: ACER-LAPTOP\Sylwia i Alek Computer Name: ACER-LAPTOP Event Code: 11729 Message: Product: Motorola Driver Installation -- Configuration failed. Record Number: 369 Source Name: MsiInstaller Time Written: 20090206103538.000000+000 Event Type: informacje User: ACER-LAPTOP\Sylwia i Alek Computer Name: ACER-LAPTOP Event Code: 11316 Message: Product: Motorola Driver Installation -- Error 1316. A network error occurred while attempting to read from the file: E:\Drivers\Motorola_EU_Driver_Installation.msi Record Number: 368 Source Name: MsiInstaller Time Written: 20090206103537.000000+000 Event Type: błąd User: ACER-LAPTOP\Sylwia i Alek ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------

prosze o analize i sposob wyleczenia

**Posty:** 18165 · przez **wojtas** 09 Maj 2009, 18:16

odinstaluj AskBarDis

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dd22b65-2f2f-11de-a6e6-0009dd611efd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e849f2a-0d9b-11de-a6b9-0009dd611efd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bd59b8f-2f5d-11de-a6e8-0009dd611efd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9910678-0a45-11de-a6b0-0009dd611efd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9910679-0a45-11de-a6b0-0014a41e5752}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

znasz ten plik?

C:\fls4.exe

jesli nie skasuj go

Czysto, wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.