Problem z kompem, nie dziala regedit, taskmngr i safemode

**Posty:** 4 · przez **heyst** 15 Maj 2009, 11:53

witam,
problem jak w temacie, o ile taskmenadzera moge odblokowac zmieniajac wartosci w w zasadach grupy -> szablony administracyjne, to juz regedita za nic w swiecie nie mozna uruchomic, safemode nie dziala jesli uruchamiam go podczas restartu klikajac F8:(, aha wszystko zaczelo sie jak padl zonealarm, musialem go usuwac regcleanerm i unlockerem, bo nie chcial sie odczepic od kompa hehe i szybciutko pojawily sie spyware protected 2009 i tym podobne badziewia:(
...bardzo pieknie i ladnie prosze o pomoc
logi z hijackthis

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:32:49, on 2009-05-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\spss_lmd.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\miszel\Moje dokumenty\downloaded\HiJackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.57 antivguardian.com O1 - Hosts: 209.44.111.57 www.antivguardian.com O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\TR\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O20 - AppInit_DLLs: c:\windows\system32\pmnkhif.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\system32\spss_lmd.exe O23 - Service: wampapache - Apache Software Foundation - c:\wampserver\bin\apache\apache2.2.10\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wampserver\bin\mysql\mysql5.1.30\bin\mysqld.exe -- End of file - 3816 bytes

logi z rsita

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by miszel at 2009-05-15 11:35:02 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 3 GB (19%) free of 16 GB Total RAM: 511 MB (40% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:35:10, on 2009-05-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\spss_lmd.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\miszel\Moje dokumenty\downloaded\HiJackThis.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\miszel\Moje dokumenty\downloaded\RSIT.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Documents and Settings\miszel\Moje dokumenty\downloaded\miszel.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.57 antivguardian.com O1 - Hosts: 209.44.111.57 www.antivguardian.com O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\TR\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O20 - AppInit_DLLs: c:\windows\system32\pmnkhif.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\system32\spss_lmd.exe O23 - Service: wampapache - Apache Software Foundation - c:\wampserver\bin\apache\apache2.2.10\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wampserver\bin\mysql\mysql5.1.30\bin\mysqld.exe -- End of file - 3980 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Click Maintenance.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 161432] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 117616] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-01 255264] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384] "TrojanScanner"=C:\Program Files\TR\Trjscan.exe [2009-05-10 1059208] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Spooler"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="c:\windows\system32\pmnkhif.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "system"= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispAppearancePage"=0 "NoColorChoice"=0 "NoSizeChoice"=0 "NoDispScrSavPage"=0 "NoDispCPL"=0 "NoVisualStyleChoice"=0 "NoDispSettingsPage"=0 "DisableTaskMgr"=1 "DisableRegistryTools"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableCAD"=0 "EnableLUA"=0 "DisableTaskMgr"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutoRun"=67108863 "NoDrives"=0 "NoWindowsUpdate"=0 "NoThemesTab"=0 "NoBandCustomize"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe:*:Enabled:ipsec" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec" "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ipsec" "c:\wampserver\bin\apache\apache2.2.10\bin\httpd.exe"="c:\wampserver\bin\apache\apache2.2.10\bin\httpd.exe:*:Enabled:ipsec" "C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec" "C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 3 months====== 2009-05-14 23:47:51 ----A---- C:\WINDOWS\system32\ztvunrar36.dll 2009-05-14 23:47:51 ----A---- C:\WINDOWS\system32\ztvunace26.dll 2009-05-14 23:47:51 ----A---- C:\WINDOWS\system32\ztvcabinet.dll 2009-05-14 23:47:50 ----A---- C:\WINDOWS\system32\UNRAR3.dll 2009-05-14 23:47:50 ----A---- C:\WINDOWS\system32\unacev2.dll 2009-05-14 23:47:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software 2009-05-14 23:47:47 ----D---- C:\Program Files\TR 2009-05-14 23:47:47 ----D---- C:\Documents and Settings\miszel\Dane aplikacji\Simply Super Software 2009-05-14 23:17:38 ----A---- C:\WINDOWS\system32\tmp.txt 2009-05-14 23:17:15 ----A---- C:\rapport.txt 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\WS2Fix.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\VCCLSID.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\VACFix.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\swxcacls.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\swsc.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\swreg.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\SrchSTS.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\Process.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\o4Patch.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\IEDFix.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\IEDFix.C.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\dumphive.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe 2009-05-14 23:16:50 ----A---- C:\WINDOWS\system32\404Fix.exe 2009-05-14 23:16:37 ----D---- C:\tempik_napraw 2009-05-14 22:51:47 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-14 22:49:09 ----D---- C:\SDFix 2009-05-14 22:33:56 ----D---- C:\Program Files\trend micro 2009-05-14 22:33:54 ----D---- C:\rsit 2009-05-14 22:19:13 ----D---- C:\WINDOWS\temp 2009-05-14 22:19:06 ----A---- C:\ComboFix.txt 2009-05-14 22:05:39 ----A---- C:\Boot.bak 2009-05-14 22:05:33 ----RASHD---- C:\cmdcons 2009-05-14 22:02:43 ----A---- C:\WINDOWS\zip.exe 2009-05-14 22:02:43 ----A---- C:\WINDOWS\vFind.exe 2009-05-14 22:02:43 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-05-14 22:02:43 ----A---- C:\WINDOWS\SWSC.exe 2009-05-14 22:02:43 ----A---- C:\WINDOWS\SWREG.exe 2009-05-14 22:02:43 ----A---- C:\WINDOWS\sed.exe 2009-05-14 22:02:43 ----A---- C:\WINDOWS\NIRCMD.exe 2009-05-14 22:02:43 ----A---- C:\WINDOWS\grep.exe 2009-05-14 22:02:17 ----D---- C:\WINDOWS\ERDNT 2009-05-14 22:01:37 ----D---- C:\Qoobox 2009-05-14 21:36:05 ----D---- C:\Program Files\Common Files\PC Tools 2009-05-14 21:35:58 ----D---- C:\Program Files\Spyware Doctor 2009-05-14 21:35:58 ----D---- C:\Documents and Settings\miszel\Dane aplikacji\PC Tools 2009-05-14 21:35:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools 2009-05-14 20:32:17 ----D---- C:\Program Files\Windows Installer Clean Up 2009-05-14 20:32:04 ----D---- C:\Program Files\MSECACHE 2009-05-14 20:20:59 ----SHD---- C:\Config.Msi 2009-05-14 20:19:05 ----A---- C:\WINDOWS\SpssLM.ini 2009-05-14 20:06:50 ----D---- C:\Program Files\Advanced Spyware Remover 2009-05-14 20:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$ 2009-05-14 19:17:18 ----A---- C:\WINDOWS\Applian FLV Player Uninstall Log.txt 2009-05-14 19:04:15 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-05-14 19:04:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-05-14 18:50:21 ----D---- C:\Program Files\Enigma Software Group 2009-05-11 13:31:14 ----D---- C:\Program Files\Unlocker 2009-05-10 21:29:04 ----A---- C:\WINDOWS\system32\vswmi.dll 2009-05-10 21:29:03 ----A---- C:\WINDOWS\system32\zpeng25.dll 2009-05-10 21:23:02 ----A---- C:\WINDOWS\imsins.BAK 2009-05-10 21:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB943232-v2$ 2009-05-10 21:22:00 ----D---- C:\hotfixes 2009-05-09 14:17:14 ----D---- C:\Documents and Settings\miszel\Dane aplikacji\gtk-2.0 2009-05-07 17:36:38 ----D---- C:\WINDOWS\Applian FLV Player 2009-04-24 20:11:46 ----D---- C:\edytor 2009-04-24 19:02:24 ----D---- C:\Documents and Settings\miszel\Dane aplikacji\Intype 2009-04-24 19:02:17 ----D---- C:\Program Files\Intype 2009-04-24 16:21:11 ----D---- C:\ruby 2009-03-05 17:52:08 ----D---- C:\Program Files\Core Services 2009-03-02 11:45:33 ----A---- C:\WINDOWS\wcx_ftp.ini 2009-03-02 11:44:37 ----D---- C:\totalcomander 2009-03-02 11:44:37 ----A---- C:\WINDOWS\wincmd.ini 2009-02-26 12:16:03 ----D---- C:\Documents and Settings\miszel\Dane aplikacji\Design Science 2009-02-26 12:14:33 ----D---- C:\Program Files\MathType ======List of files/folders modified in the last 3 months====== 2009-05-15 11:35:06 ----D---- C:\WINDOWS\Prefetch 2009-05-15 11:30:19 ----D---- C:\Program Files\Mozilla Firefox 2009-05-15 11:30:10 ----D---- C:\WINDOWS\system32\drivers 2009-05-15 11:30:09 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2009-05-15 00:07:35 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-14 23:58:35 ----AD---- C:\WINDOWS\system32 2009-05-14 23:49:55 ----A---- C:\WINDOWS\system32\tuvwttt.dll.vir 2009-05-14 23:47:47 ----RD---- C:\Program Files 2009-05-14 22:51:47 ----D---- C:\WINDOWS 2009-05-14 22:49:54 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-14 22:17:00 ----D---- C:\WINDOWS\repair 2009-05-14 22:13:50 ----A---- C:\WINDOWS\system.ini 2009-05-14 22:10:38 ----D---- C:\WINDOWS\AppPatch 2009-05-14 22:10:34 ----D---- C:\Program Files\Common Files 2009-05-14 22:05:40 ----RASH---- C:\boot.ini 2009-05-14 21:53:21 ----D---- C:\Program Files\Google 2009-05-14 21:53:17 ----SD---- C:\WINDOWS\Tasks 2009-05-14 21:34:51 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2009-05-14 20:55:19 ----SHD---- C:\WINDOWS\Installer 2009-05-14 20:43:38 ----RSD---- C:\WINDOWS\assembly 2009-05-14 20:40:16 ----D---- C:\Program Files\Microsoft.NET 2009-05-14 20:40:15 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-05-14 20:40:01 ----D---- C:\Program Files\Microsoft Office 2009-05-14 20:29:05 ----D---- C:\Program Files\Microsoft Visual Studio 9.0 2009-05-14 20:29:03 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2009-05-14 20:12:22 ----D---- C:\Program Files\FreeMind 2009-05-14 20:02:02 ----HD---- C:\WINDOWS\inf 2009-05-14 20:01:53 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-14 20:01:13 ----HD---- C:\WINDOWS\$hf_mig$ 2009-05-10 21:39:25 ----D---- C:\Program Files\AVSMedia 2009-05-10 21:05:38 ----D---- C:\Documents and Settings 2009-05-09 13:56:16 ----D---- C:\wampserver 2009-05-08 19:19:09 ----A---- C:\WINDOWS\win.ini 2009-04-28 13:14:09 ----D---- C:\Documents and Settings\miszel\Dane aplikacji\Mozilla 2009-03-29 11:40:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-10 20:15:52 ----D---- C:\Documents and Settings\miszel\Dane aplikacji\Tlen.pl 2009-03-09 11:59:05 ----D---- C:\Program Files\PSPad editor 2009-03-09 11:59:03 ----D---- C:\Program Files\WinRAR 2009-03-09 11:59:03 ----D---- C:\Program Files\Windows Media Player 2009-03-09 11:59:03 ----D---- C:\Program Files\TVPlayerClassic 2009-03-09 11:59:02 ----D---- C:\Program Files\Movie Maker 2009-03-09 11:59:00 ----D---- C:\Program Files\DivX_311alpha 2009-03-09 11:58:58 ----D---- C:\Program Files\Active Ports 2009-02-26 12:14:40 ----RSD---- C:\WINDOWS\Fonts 2009-02-26 11:09:43 ----D---- C:\Documents and Settings\miszel\Dane aplikacji\Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 41472] R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\hosrim.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320] R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 TNET1130;D-Link AirPlus G+ Wireless Adapter; C:\WINDOWS\System32\DRIVERS\GPlus.sys [2004-05-21 283392] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024] S3 catchme;catchme; \??\C:\DOCUME~1\miszel\USTAWI~1\Temp\catchme.sys [] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 nm;Sterownik monitora sieci; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS [] S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648] S3 sermouse;Sterownik myszy szeregowej; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-10-26 17920] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560] R2 SpssLM;Spss License Manager; C:\WINDOWS\system32\spss_lmd.exe [2000-06-13 222720] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 139264] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 wampapache;wampapache; c:\wampserver\bin\apache\apache2.2.10\bin\httpd.exe [2008-10-10 98364] S3 wampmysqld;wampmysqld; c:\wampserver\bin\mysql\mysql5.1.30\bin\mysqld.exe [2008-11-15 6447744] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 123096] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 316272] -----------------EOF-----------------

za ktora juz teraz dziekuje:)

**Posty:** 18165 · przez **wojtas** 15 Maj 2009, 18:38

Wykonaj to co jest podane w tym temacie

zobacz tu

daj loga z OTListIt2

**Posty:** 4 · przez **heyst** 16 Maj 2009, 12:17

zainstalowalem łatke i seconfigXP, FixPolicies.exe -> bez rezultatów, z taskmngr moge korzystac po wczesniejszej zmianie w szablonach administracyjnych, a regedit jest nie do ruszenia:(, a i zauwazylem ze przy wylaczaniu czasami wyskakuje blad z netsh.exe...

wrzucam logi z otlista2

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-16 11:42:49 - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\miszel\Moje dokumenty\downloaded Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,48 Mb Total Physical Memory | 207,98 Mb Available Physical Memory | 40,66% Memory free 1,22 Gb Paging File | 0,79 Gb Available in Paging File | 64,91% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15,63 Gb Total Space | 3,31 Gb Free Space | 21,16% Space Free | Partition Type: NTFS Drive D: | 58,90 Gb Total Space | 52,53 Gb Free Space | 89,19% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 973,91 Mb Total Space | 795,06 Mb Free Space | 81,64% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MUKIACZ Current User Name: miszel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 90 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2004-08-04 01:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2004-12-22 18:09:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2007-03-14 03:43:44 | 00,161,432 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe PRC - [2008-06-01 13:10:02 | 00,255,264 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2008-12-08 14:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe PRC - [2007-02-10 15:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009-01-07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe PRC - [2009-01-21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe PRC - [2000-06-13 15:30:06 | 00,222,720 | ---- | M] () -- C:\WINDOWS\system32\spss_lmd.exe PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004-08-04 01:44:28 | 00,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2009-05-05 19:21:12 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2004-08-04 01:44:22 | 00,815,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe PRC - [2009-05-16 11:42:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\miszel\Moje dokumenty\downloaded\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2004-08-04 01:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 00:41:10 | 00,139,264 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2007-02-10 15:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running]) SRV - [2005-10-14 12:50:19 | 00,123,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped]) SRV - [2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2009-01-07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running]) SRV - [2009-01-21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running]) SRV - [2000-06-13 15:30:06 | 00,222,720 | ---- | M] () -- C:\WINDOWS\system32\spss_lmd.exe -- (SpssLM [Auto | Running]) SRV - [2007-02-10 15:29:47 | 00,316,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped]) SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - File not found -- -- (abp470n5 [On_Demand | Running]) DRV - [2004-12-22 18:07:12 | 02,304,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2004-08-04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2001-08-17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) DRV - [2004-08-03 23:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped]) DRV - [2004-08-03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2001-08-17 21:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4.sys -- (nv4 [On_Demand | Stopped]) DRV - [2009-03-06 16:45:06 | 00,130,424 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2001-07-22 04:41:32 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2004-08-04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running]) DRV - [2004-05-21 10:59:54 | 00,283,392 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\GPlus.sys -- (TNET1130 [On_Demand | Running]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\S-1-5-21-1214440339-1078145449-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-15 00:00:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-05 19:21:22 | 00,000,000 | ---D | M] [2009-04-28 13:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Extensions [2009-04-28 13:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-05-13 18:18:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Firefox\Profiles\76rlnce7.default\extensions [2009-04-11 22:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Firefox\Profiles\76rlnce7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2008-07-10 21:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Firefox\Profiles\76rlnce7.default\extensions\piclens@cooliris.com [2008-07-10 21:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Firefox\Profiles\76rlnce7.default\extensions\piclens@cooliris.com-trash [2009-05-14 18:56:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-05-05 19:21:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007-07-10 10:35:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2009-05-05 19:21:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-05-05 19:21:09 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-05-05 19:21:16 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-05-05 19:21:16 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-05-05 19:21:17 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-05-05 19:21:17 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-05-05 19:21:17 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-05-05 19:21:17 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-05-05 19:21:17 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (106 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.57 antivguardian.com O1 - Hosts: 209.44.111.57 www.antivguardian.com O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation) O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\TR\Trjscan.exe /boot (Simply Super Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-1214440339-1078145449-1957994488-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\windows\system32\pmnkhif.dll) - c:\windows\system32\pmnkhif.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-02-03 19:39:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-04-04 19:48:48 | 00,000,254 | RHS- | M] () - F:\autorun.inf -- [ FAT ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-05-16 11:35:45 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 90 Days ==========[/color] [2 C:\*.tmp files] [2009-05-16 11:29:25 | 00,000,000 | ---D | C] -- C:\FixPolicies [2009-05-16 11:19:08 | 00,000,000 | ---D | C] -- C:\SeconfigXP [2009-05-15 12:47:09 | 00,000,192 | ---- | C] () -- C:\WINDOWS\boot.ini [2009-05-15 00:06:01 | 00,000,680 | ---- | C] () -- C:\Documents and Settings\miszel\Pulpit\Skrót do ComboFix.lnk [2009-05-14 23:47:54 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk [2009-05-14 23:47:51 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2009-05-14 23:47:51 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2009-05-14 23:47:51 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2009-05-14 23:47:50 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2009-05-14 23:47:50 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2009-05-14 23:47:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2009-05-14 23:47:47 | 00,000,000 | ---D | C] -- C:\Program Files\TR [2009-05-14 23:47:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\miszel\Moje dokumenty\Simply Super Software [2009-05-14 23:47:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\miszel\Dane aplikacji\Simply Super Software [2009-05-14 23:17:38 | 00,001,866 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg [2009-05-14 23:16:50 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe [2009-05-14 23:16:50 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe [2009-05-14 23:16:50 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe [2009-05-14 23:16:50 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe [2009-05-14 23:16:50 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe [2009-05-14 23:16:50 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe [2009-05-14 23:16:50 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe [2009-05-14 23:16:50 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe [2009-05-14 23:16:50 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe [2009-05-14 23:16:50 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe [2009-05-14 23:16:50 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe [2009-05-14 23:16:50 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe [2009-05-14 23:16:50 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe [2009-05-14 23:16:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2009-05-14 23:16:37 | 00,000,000 | ---D | C] -- C:\tempik_napraw [2009-05-14 22:49:09 | 00,000,000 | ---D | C] -- C:\SDFix [2009-05-14 22:33:56 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009-05-14 22:33:54 | 00,000,000 | ---D | C] -- C:\rsit [2009-05-14 22:19:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-05-14 22:19:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\miszel\Ustawienia lokalne\temp [2009-05-14 22:05:39 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009-05-14 22:05:35 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-05-14 22:05:33 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-05-14 22:02:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-05-14 22:02:43 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-05-14 22:02:43 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-05-14 22:02:43 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe [2009-05-14 22:02:43 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-05-14 22:02:43 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-05-14 22:02:43 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-05-14 22:02:43 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-05-14 22:02:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-05-14 22:01:37 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-05-14 21:36:30 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2009-05-14 21:36:17 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2009-05-14 21:36:17 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2009-05-14 21:36:09 | 00,001,655 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk [2009-05-14 21:36:05 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2009-05-14 21:36:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2009-05-14 21:35:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2009-05-14 21:35:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\miszel\Dane aplikacji\PC Tools [2009-05-14 21:35:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools [2009-05-14 20:32:17 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up [2009-05-14 20:32:04 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE [2009-05-14 20:20:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009-05-14 20:19:05 | 00,000,217 | ---- | C] () -- C:\WINDOWS\SpssLM.ini [2009-05-14 20:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Spyware Remover [2009-05-14 20:01:02 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll [2009-05-14 19:04:15 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009-05-14 19:04:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2009-05-14 18:50:21 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2009-05-11 14:05:52 | 00,000,195 | ---- | C] () -- C:\Documents and Settings\miszel\Pulpit\zabegone.reg [2009-05-11 13:31:14 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker [2009-05-10 21:23:02 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2009-05-10 21:22:17 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll [2009-05-10 21:22:00 | 00,000,000 | ---D | C] -- C:\hotfixes [2009-05-09 14:17:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\miszel\Dane aplikacji\gtk-2.0 [2009-05-07 17:36:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Applian FLV Player [2009-04-24 20:11:46 | 00,000,000 | ---D | C] -- C:\edytor [2009-04-24 19:02:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\miszel\Dane aplikacji\Intype [2009-04-24 19:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Intype [2009-04-24 16:21:11 | 00,000,000 | ---D | C] -- C:\ruby [2009-04-21 22:04:20 | 00,000,965 | ---- | C] () -- C:\Documents and Settings\miszel\Pulpit\index.html [2009-03-19 16:47:10 | 03,682,200 | ---- | C] () -- C:\Documents and Settings\miszel\Pulpit\ci_sample_app.mov [2009-03-10 20:19:13 | 00,021,004 | ---- | C] () -- C:\Documents and Settings\miszel\Moje dokumenty\pulpit.gif [2009-03-10 20:15:55 | 00,010,240 | -HS- | C] () -- C:\Documents and Settings\miszel\Pulpit\Thumbs.db [2009-03-05 17:52:21 | 00,000,826 | ---- | C] () -- C:\Documents and Settings\miszel\Pulpit\IETester.lnk [2009-03-05 17:52:08 | 00,000,000 | ---D | C] -- C:\Program Files\Core Services [2009-03-02 11:45:33 | 00,000,322 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-03-02 11:44:38 | 00,000,583 | ---- | C] () -- C:\Documents and Settings\miszel\Pulpit\Total Commander.lnk [2009-03-02 11:44:37 | 00,003,314 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-03-02 11:44:37 | 00,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF [2009-03-02 11:44:37 | 00,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF [2009-03-02 11:44:37 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF [2009-03-02 11:44:37 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF [2009-03-02 11:44:37 | 00,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF [2009-03-02 11:44:37 | 00,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF [2009-03-02 11:44:37 | 00,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF [2009-02-26 12:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\miszel\Dane aplikacji\Design Science [2009-02-26 12:14:33 | 00,000,000 | ---D | C] -- C:\Program Files\MathType [2008-04-20 14:37:29 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-04-20 14:37:29 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-02-05 00:39:38 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\cbxxvur.dll [2008-02-04 22:26:08 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\opnkigd.dll [2008-02-03 14:17:24 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\awvuvsq.dll [2008-02-02 15:51:24 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\ursssqp.dll [2008-02-01 15:40:45 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\ddaabyv.dll [2008-02-01 14:11:17 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\fcyxvsq.dll [2008-01-31 22:32:22 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\vtuuurr.dll [2008-01-31 15:52:09 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\pmnkhif.dll [2008-01-31 15:43:29 | 00,026,678 | ---- | C] () -- C:\WINDOWS\System32\tuvwttt.dll.vir [2007-11-30 20:16:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2007-03-29 22:43:37 | 00,000,037 | ---- | C] () -- C:\WINDOWS\WGNUPLOT.INI [2006-11-30 15:33:08 | 00,001,258 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2006-04-16 10:26:38 | 00,000,547 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006-04-12 11:25:04 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2006-04-12 11:25:04 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2006-04-12 11:25:04 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2006-02-08 19:24:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2006-02-07 17:27:01 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2006-02-07 14:11:29 | 00,283,392 | R--- | C] () -- C:\WINDOWS\System32\drivers\GPlus.sys [2006-02-04 12:39:24 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini [2006-02-03 20:44:13 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006-02-03 20:41:42 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006-02-03 19:55:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2004-09-10 15:36:12 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll [2001-07-22 04:41:32 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001-07-22 00:16:20 | 00,000,681 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,265 | ---- | C] () -- C:\WINDOWS\system.ini [1997-03-19 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997-03-19 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [color=orange]========== Files - Modified Within 90 Days ==========[/color] [2 C:\*.tmp files] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-16 11:32:59 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\miszel\Ustawienia lokalne\desktop.ini [2009-05-16 11:32:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-16 11:32:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-15 17:15:00 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2009-05-15 12:56:59 | 04,895,230 | ---- | M] () -- C:\Documents and Settings\miszel\Moje dokumenty\zalacznik-06c410-3.bin [2009-05-15 12:47:09 | 00,000,192 | ---- | M] () -- C:\WINDOWS\boot.ini [2009-05-15 12:47:09 | 00,000,192 | ---- | M] () -- C:\boot.ini [2009-05-15 11:56:29 | 00,000,681 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-15 11:56:29 | 00,000,265 | ---- | M] () -- C:\WINDOWS\system.ini [2009-05-15 00:06:01 | 00,000,680 | ---- | M] () -- C:\Documents and Settings\miszel\Pulpit\Skrót do ComboFix.lnk [2009-05-14 23:49:55 | 00,026,678 | ---- | M] () -- C:\WINDOWS\System32\tuvwttt.dll.vir [2009-05-14 23:47:54 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk [2009-05-14 23:25:33 | 00,001,866 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg [2009-05-14 21:36:09 | 00,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk [2009-05-14 20:19:05 | 00,000,217 | ---- | M] () -- C:\WINDOWS\SpssLM.ini [2009-05-14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe [2009-05-13 10:42:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-11 18:33:49 | 00,003,314 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009-05-11 18:17:58 | 00,000,322 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini [2009-05-10 21:23:13 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-04-30 01:36:38 | 00,075,776 | ---- | M] () -- C:\WINDOWS\System32\WS2Fix.exe [2009-04-20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-03-29 11:40:24 | 00,537,516 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-03-29 11:40:24 | 00,479,564 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-03-29 11:40:24 | 00,101,630 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-03-29 11:40:24 | 00,085,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-03-29 11:40:23 | 01,220,686 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-03-19 16:47:56 | 03,682,200 | ---- | M] () -- C:\Documents and Settings\miszel\Pulpit\ci_sample_app.mov [2009-03-12 16:18:42 | 00,016,762 | ---- | M] () -- C:\WINDOWS\miszel.acl [2009-03-10 20:19:13 | 00,021,004 | ---- | M] () -- C:\Documents and Settings\miszel\Moje dokumenty\pulpit.gif [2009-03-10 20:15:59 | 00,032,768 | -HS- | M] () -- C:\Thumbs.db [2009-03-09 11:55:22 | 00,007,168 | -HS- | M] () -- C:\WINDOWS\Thumbs.db [2009-03-06 16:45:06 | 00,130,424 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2009-03-05 17:52:21 | 00,000,826 | ---- | M] () -- C:\Documents and Settings\miszel\Pulpit\IETester.lnk [2009-03-02 11:44:38 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\miszel\Pulpit\Total Commander.lnk [2009-02-26 14:32:44 | 00,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E965A533 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report >

Kod: Zaznacz wszystko: OTListIt Extras logfile created on: 2009-05-16 11:42:49 - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\miszel\Moje dokumenty\downloaded Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,48 Mb Total Physical Memory | 207,98 Mb Available Physical Memory | 40,66% Memory free 1,22 Gb Paging File | 0,79 Gb Available in Paging File | 64,91% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15,63 Gb Total Space | 3,31 Gb Free Space | 21,16% Space Free | Partition Type: NTFS Drive D: | 58,90 Gb Total Space | 52,53 Gb Free Space | 89,19% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 973,91 Mb Total Space | 795,06 Mb Free Space | 81,64% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MUKIACZ Current User Name: miszel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 90 Days Company Name Whitelist: On [color=orange]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [color=orange]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "27251:TCP" = 27251:TCP:*:Enabled:BitComet 27251 TCP "27251:UDP" = 27251:UDP:*:Enabled:BitComet 27251 UDP [color=orange]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008-01-11 23:16:38 | 00,117,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec [2007-03-14 03:43:44 | 00,161,432 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe:*:Enabled:ipsec [2009-05-05 19:21:12 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec [2009-01-26 15:31:16 | 02,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ipsec File not found -- c:\wampserver\bin\apache\apache2.2.10\bin\httpd.exe:*:Enabled:ipsec [2004-08-04 01:44:28 | 00,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec [2004-08-04 01:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec [2009-05-15 11:32:31 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\miszel\Moje dokumenty\downloaded\HiJackThis.exe:*:Enabled:ipsec [2008-06-01 13:10:02 | 00,255,264 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:ipsec [2008-12-08 14:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe:*:Enabled:ipsec [color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8 "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "274c5407c4fa26908310cb5c1c5000001954585180" = NetBeans IDE 5.0 "Active Ports" = Active Ports "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 CE "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "DIVXCodec" = DivX Codec 3.1alpha release "DSMT6" = MathType 6 "ffdshow" = ffdshow (remove only) "Gadu-Gadu" = Gadu-Gadu 7.7 "HijackThis" = HijackThis 2.0.2 "IETester" = IETester v0.3 (remove only) "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5 "Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU "Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10) "OALD7" = Oxford Advanced Learner's Dictionary - 7th edition "Office8.0" = Microsoft Office 97, wersja Professional "Opera" = Opera "PSPad editor_is1" = PSPad editor "RealPlayer 6.0" = RealPlayer "Spyware Doctor" = Spyware Doctor 6.0 "SubEdit-Player_is1" = SubEdit-Player "Totalcmd" = Total Commander (Remove or Repair) "Trojan Remover_is1" = Trojan Remover 6.7.8 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinGimp-2.0_is1" = Gimp 2.6.1 "WinRAR archiver" = Archiwizator WinRAR "WinZip" = WinZip "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=orange]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=orange]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1214440339-1078145449-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=orange]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2009-05-14 14:53:49 | Computer Name = MUKIACZ | Source = VBRuntime | ID = 1 Description = The VB Application identified by the event source logged this Application MSICUU: Thread ID: 3668 ,Logged: Success: C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {2BA00471-0328-3743-93BD-FA813353A783} Error - 2009-05-14 14:54:09 | Computer Name = MUKIACZ | Source = VBRuntime | ID = 1 Description = The VB Application identified by the event source logged this Application MSICUU: Thread ID: 3668 ,Logged: Success: C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {B508B3F1-A24A-32C0-B310-85786919EF28} Error - 2009-05-14 14:54:24 | Computer Name = MUKIACZ | Source = VBRuntime | ID = 1 Description = The VB Application identified by the event source logged this Application MSICUU: Thread ID: 3668 ,Logged: Failed: C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {2FC099BD-AC9B-33EB-809C-D332E1B27C40} Error - 2009-05-14 14:54:32 | Computer Name = MUKIACZ | Source = VBRuntime | ID = 1 Description = The VB Application identified by the event source logged this Application MSICUU: Thread ID: 3668 ,Logged: Failed: C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {A43BF6A5-D5F0-4AAA-BF41-65995063EC44} Error - 2009-05-14 14:54:54 | Computer Name = MUKIACZ | Source = VBRuntime | ID = 1 Description = The VB Application identified by the event source logged this Application MSICUU: Thread ID: 3668 ,Logged: Failed: C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {4AA61A60-6970-4A41-B644-170EBA077049} Error - 2009-05-14 14:55:19 | Computer Name = MUKIACZ | Source = VBRuntime | ID = 1 Description = The VB Application identified by the event source logged this Application MSICUU: Thread ID: 3668 ,Logged: Failed: C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {08D2F839-A9FD-4F5A-A529-D45FF6E238A3} Error - 2009-05-14 15:19:48 | Computer Name = MUKIACZ | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.2180, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-05-14 15:50:58 | Computer Name = MUKIACZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd hijackthis.exe, wersja 2.0.0.2, moduł powodujący błąd hijackthis.exe, wersja 2.0.0.2, adres błędu 0x0014536a. Error - 2009-05-14 18:05:07 | Computer Name = MUKIACZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd combofix.exe, wersja 0.0.0.0, moduł powodujący błąd combofix.exe, wersja 0.0.0.0, adres błędu 0x00025799. Error - 2009-05-14 18:06:13 | Computer Name = MUKIACZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd combofix.exe, wersja 0.0.0.0, moduł powodujący błąd combofix.exe, wersja 0.0.0.0, adres błędu 0x00025799. [ System Events ] Error - 2009-05-14 16:53:33 | Computer Name = MUKIACZ | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-05-14 16:53:33 | Computer Name = MUKIACZ | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi Środowisko obsługi sieci AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-05-14 16:53:33 | Computer Name = MUKIACZ | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-05-14 16:53:33 | Computer Name = MUKIACZ | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD AmdK7 Beep Fips IPSec MRxSmb NetBIOS NetBT Null RasAcd Rdbss Tcpip Error - 2009-05-14 18:00:45 | Computer Name = MUKIACZ | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi WZCSVC. Error - 2009-05-14 18:00:45 | Computer Name = MUKIACZ | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi ShellHWDetection. Error - 2009-05-15 05:32:41 | Computer Name = MUKIACZ | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{05BA4E54-64B1-4902-AB67-C30AA465A0A3}. Przeglądarka zapasowa jest zatrzymywana. Error - 2009-05-15 07:21:11 | Computer Name = MUKIACZ | Source = BROWSER | ID = 8032 Description = Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{05BA4E54-64B1-4902-AB67-C30AA465A0A3}. Przeglądarka zapasowa jest zatrzymywana. Error - 2009-05-15 11:14:07 | Computer Name = MUKIACZ | Source = MRxSmb | ID = 8003 Description = Przeglądarka główna odebrała anons serwera z komputera JOE-373JA3CPKTA. Komputer ten zachowuje się tak, jakby był przeglądarką główną dla domeny w transporcie NetBT_Tcpip_{05BA4E54-64B. Przeglądarka główna właśnie jest zatrzymywana albo wymuszany jest wybór. Error - 2009-05-16 05:21:24 | Computer Name = MUKIACZ | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi WZCSVC. < End of report >

**Posty:** 18165 · przez **wojtas** 16 Maj 2009, 13:36

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O1 - Hosts: 209.44.111.57 antivguardian.com
O1 - Hosts: 209.44.111.57 www.antivguardian.com
O20 - AppInit_DLLs: (c:\windows\system32\pmnkhif.dll) - c:\windows\system32\pmnkhif.dll ()
O32 - AutoRun File - [2009-04-04 19:48:48 | 00,000,254 | RHS- | M] () - F:\autorun.inf -- [ FAT ]

:Files
c:\windows\system32\pmnkhif.dll
C:\WINDOWS\System32\cbxxvur.dll
C:\WINDOWS\System32\opnkigd.dll
C:\WINDOWS\System32\awvuvsq.dll
C:\WINDOWS\System32\ursssqp.dll
C:\WINDOWS\System32\ddaabyv.dll
C:\WINDOWS\System32\fcyxvsq.dll
C:\WINDOWS\System32\vtuuurr.dll
C:\WINDOWS\System32\pmnkhif.dll
C:\WINDOWS\System32\tuvwttt.dll.vir

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTListIt2 z opcją Run Scan. Pokazujesz nowy log OTListIt.txt (czyszczenie i skan )

**Posty:** 4 · przez **heyst** 16 Maj 2009, 16:41

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-16 16:34:04 - Run 2 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\miszel\Moje dokumenty\downloaded Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,48 Mb Total Physical Memory | 241,52 Mb Available Physical Memory | 47,22% Memory free 1,22 Gb Paging File | 0,92 Gb Available in Paging File | 75,18% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15,63 Gb Total Space | 4,63 Gb Free Space | 29,65% Space Free | Partition Type: NTFS Drive D: | 58,90 Gb Total Space | 55,26 Gb Free Space | 93,81% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 973,91 Mb Total Space | 794,84 Mb Free Space | 81,61% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MUKIACZ Current User Name: miszel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 1 Day Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2009-05-16 15:34:33 | 00,692,496 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2009-05-16 13:53:05 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2004-08-04 01:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-02-10 15:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2000-06-13 15:30:06 | 00,222,720 | ---- | M] () -- C:\WINDOWS\system32\spss_lmd.exe PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2001-10-26 19:30:04 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe PRC - [2004-08-04 01:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2004-12-22 18:09:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2008-01-11 23:16:38 | 00,117,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe PRC - [2009-05-16 15:34:33 | 01,794,320 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PRC - [2009-05-05 19:21:12 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-05-16 11:42:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\miszel\Moje dokumenty\downloaded\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-05-16 15:34:33 | 00,692,496 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running]) SRV - [2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2004-08-04 01:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 00:41:10 | 00,139,264 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2009-05-16 13:53:05 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running]) SRV - [2007-02-10 15:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running]) SRV - [2005-10-14 12:50:19 | 00,123,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped]) SRV - [2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2000-06-13 15:30:06 | 00,222,720 | ---- | M] () -- C:\WINDOWS\system32\spss_lmd.exe -- (SpssLM [Auto | Running]) SRV - [2007-02-10 15:29:47 | 00,316,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped]) SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2004-12-22 18:07:12 | 02,304,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2009-05-16 15:34:35 | 00,132,640 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running]) DRV - [2009-05-16 15:34:35 | 00,024,096 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running]) DRV - [2004-08-04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2009-05-16 15:34:35 | 00,082,080 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running]) DRV - [2009-05-16 13:53:22 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running]) DRV - [2001-08-17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) DRV - [2004-08-03 23:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped]) DRV - [2004-08-03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2001-08-17 21:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4.sys -- (nv4 [On_Demand | Stopped]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2001-07-22 04:41:32 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2004-08-04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running]) DRV - [2004-05-21 10:59:54 | 00,283,392 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\GPlus.sys -- (TNET1130 [On_Demand | Running]) DRV - [2009-05-16 16:30:48 | 00,005,669 | ---- | M] () -- C:\WINDOWS\system32\drivers\hosrim.sys -- (abp470n5 [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-15 00:00:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-05 19:21:22 | 00,000,000 | ---D | M] [2009-04-28 13:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Extensions [2009-04-28 13:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-05-16 11:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Firefox\Profiles\76rlnce7.default\extensions [2009-04-11 22:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Firefox\Profiles\76rlnce7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2008-07-10 21:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Firefox\Profiles\76rlnce7.default\extensions\piclens@cooliris.com [2008-07-10 21:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\miszel\Dane aplikacji\mozilla\Firefox\Profiles\76rlnce7.default\extensions\piclens@cooliris.com-trash [2009-05-16 11:46:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-05-05 19:21:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007-07-10 10:35:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2009-05-05 19:21:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-05-05 19:21:09 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-05-05 19:21:16 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-05-05 19:21:16 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-05-05 19:21:17 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-05-05 19:21:17 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-05-05 19:21:17 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-05-05 19:21:17 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-05-05 19:21:17 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe File not found O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h () O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" File not found O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-02-03 19:39:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001-10-26 19:30:06 | 00,000,245 | RHS- | M] () - F:\autorun.inf -- [ FAT ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-05-16 16:31:19 | 00,000,000 | ---D | M] O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () [color=orange]========== Files/Folders - Created Within 1 Day ==========[/color] [2 C:\*.tmp files] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-16 16:30:48 | 00,005,669 | ---- | C] () -- C:\WINDOWS\System32\drivers\hosrim.sys [2009-05-16 16:26:36 | 00,000,000 | ---D | C] -- C:\_OTListIt [2009-05-16 16:16:08 | 00,251,793 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2009-05-16 16:14:50 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\COMODO Internet Security.lnk [2009-05-16 15:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Opera7 [2009-05-16 15:35:51 | 00,000,000 | ---D | C] -- C:\unzipped [2009-05-16 15:34:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Comodo [2009-05-16 15:34:40 | 00,168,208 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll [2009-05-16 15:34:40 | 00,132,640 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2009-05-16 15:34:40 | 00,082,080 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2009-05-16 15:34:40 | 00,024,096 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2009-05-16 15:34:36 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO [2009-05-16 15:13:09 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2009-05-16 14:13:53 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009-05-16 14:01:55 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009-05-16 13:53:59 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009-05-16 13:53:44 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009-05-16 13:53:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2009-05-16 13:52:02 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800} [2009-05-16 13:52:01 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2009-05-16 13:51:52 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009-05-16 13:51:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft [2009-05-16 13:25:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\miszel\Dane aplikacji\WinRAR [2009-05-16 13:12:23 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009-05-16 13:09:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-05-16 11:29:25 | 00,000,000 | ---D | C] -- C:\FixPolicies [2009-05-16 11:19:08 | 00,000,000 | ---D | C] -- C:\SeconfigXP [2009-05-15 12:47:09 | 00,000,192 | ---- | C] () -- C:\WINDOWS\boot.ini [2009-05-14 20:19:05 | 00,000,217 | ---- | C] () -- C:\WINDOWS\SpssLM.ini [2009-03-02 11:45:33 | 00,000,322 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-03-02 11:44:37 | 00,003,314 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2008-04-20 14:37:29 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-04-20 14:37:29 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-11-30 20:16:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2007-03-29 22:43:37 | 00,000,037 | ---- | C] () -- C:\WINDOWS\WGNUPLOT.INI [2006-11-30 15:33:08 | 00,001,258 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2006-04-16 10:26:38 | 00,000,547 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006-04-12 11:25:04 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2006-04-12 11:25:04 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2006-04-12 11:25:04 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2006-02-08 19:24:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2006-02-07 17:27:01 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2006-02-07 14:11:29 | 00,283,392 | R--- | C] () -- C:\WINDOWS\System32\drivers\GPlus.sys [2006-02-04 12:39:24 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini [2006-02-03 20:44:13 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006-02-03 20:41:42 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006-02-03 19:55:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2004-09-10 15:36:12 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll [2001-07-22 04:41:32 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001-07-22 00:16:20 | 00,000,681 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,265 | ---- | C] () -- C:\WINDOWS\system.ini [1997-03-19 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997-03-19 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [color=orange]========== Files - Modified Within 1 Day ==========[/color] [2 C:\*.tmp files] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-16 16:30:06 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\miszel\Ustawienia lokalne\desktop.ini [2009-05-16 16:30:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-16 16:30:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-16 16:29:08 | 00,251,793 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2009-05-16 16:14:50 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\COMODO Internet Security.lnk [2009-05-16 15:34:35 | 00,168,208 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll [2009-05-16 15:34:35 | 00,132,640 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2009-05-16 15:34:35 | 00,082,080 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2009-05-16 15:34:35 | 00,024,096 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2009-05-16 13:53:59 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009-05-16 13:53:35 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009-05-16 13:53:22 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009-05-16 13:52:01 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2009-05-16 13:14:38 | 00,000,686 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009-05-16 13:12:23 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009-05-15 17:15:00 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E965A533 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report >

nic sie nie zmienilo, w miedzyczasie avirka powyrzucala mi kilka wirusow... a safemode dziala tylko dzieki system repair engineer jak zresetuje safemode..... task i regedit leza nadal..
dziekuje za pomoc:)

**Posty:** 18165 · przez **wojtas** 16 Maj 2009, 18:56

Wykonaj skan Dr. Web CureIt
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

Autor postu otrzymał pochwałę

**Posty:** 4 · przez **heyst** 20 Maj 2009, 22:20

juz jest gut, nie obylo sie bez reinstalki:)
win32.sality czy cos temu podobnego zainfekowalo regedita, taskmngr i co tylko jeszcze mogl:)
jakby ktos mial problem z dostaniem sie do trybu awaryjnego zeby zainstalowac antywira, to mozna sprobowac przez msconfig i wybor uruchamianie diagnostyczne:)
pozdro i dzieki za pomoc!