proszę o sprawdzenie log-a: duże zużycie ram i dużo procesów

**Posty:** 17 · przez **danjo.wlv** 23 Mar 2008, 23:58

Witam! otóż mój problem wygląda następująco:
mam laptop z prockiem intel core 2 duo 1.5GHz 1Gb RAM-u. skanowalem komputer nortonem, który znalazł wirus, ktorego nie mógł usunąć.
Lapek na początku latał pieknie, wszystko ładnie, szybko. natomiast teraz baaarzo wolno chodzi, wszystko pooowoli. wyłączyłem nawet viste aero żeby mu nieco ulżyć.

Poza tym, w menadżerze zadań mam baardzo dużo aktywnych procesów svchost.exe, które zajmuja pamięć RAM. Wyczytałem, że jakiś trojan może się pod ten chost podpiąć itd.

Do tego wszystkiego zaraz po włączeniu lapka wyskakuje mi błąd, iż nie można uruchomić "mlli.dll"

log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:38, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Programy\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Programy\Registry Clean Expert\RCHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Programy\Cisco Clean Access Agent\CCAAgent.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Programy\Gadu-Gadu\gg.exe
C:\Programy\Spyware Doctor\sdloader.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\N95\gry i programy\hijackthis.com
C:\Programy\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programy\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mllli.dll,#1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programy\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Programy\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [Steam] "C:\Gry\Counter Strike\Steam.exe" -silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programy\nokia PC suite\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USLUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Programy\nokia PC suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Programy\nokia PC suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Programy\Cisco Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: &Tlumacz z LING... - http://www.ling.pl/ling/def-src.php4
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyslij obraz do urzadzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyslij strone do urzadzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Harmonogram automatycznej uslugi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programy\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programy\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10908 bytes

zrobilem też skan KAV i znalazł bardzo dużo obiektów, ktore są zablokowanei antyvir je pominął. wrzucić tutaj?

**Posty:** 18165 · przez **wojtas** 24 Mar 2008, 12:01

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mllli.dll,#1
O13 - Gopher Prefix:

skasuj te wpisy w hijacku

daj loga z [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]combofixa[/url

**Posty:** 17 · przez **danjo.wlv** 24 Mar 2008, 15:47

zamieszczam log z combofixa. mial jakies problemy z tym, że niby nie mogł sie dostac do jakichś plików, ponieważ nie jest admin zalogowany do systemu, podczas gdy ja jestem adminem.
log:

ComboFix 08-03-23.2 - Daniel 2008-03-24 13:24:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1045.18.214 [GMT 0:00]
Running from: C:\N95\gry i programy\ComboFix.exe
* Created a new restore point
.
-- Other TimeOuts --
VFind -td "C:\Windows\system32\baiso*"
C:\Windows\system32\conime.exe
CF13284.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\*
CF13284.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF13284.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d10000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
"C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"
"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
{2BC308F8-3291-45A9-B07E-915F39D4AB93}
{E69974D4-E359-44DD-A700-CEB29905BEFF}
{8B415DBF-1F69-45E0-BD6E-574E6FA11AF5}
"C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe"
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Programy\AVG Anti-Spyware 7.5\guard.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {0FF1555F-1569-49F0-B71F-C4551D15DFE4}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-1beffb99-95ed-403e-a26a-6df4a6ae5ffa -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-72a284ad-da66-4553-86b8-4ee34aa6cd40 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7d813d95-5bae-47ff-87c0-0812b0bb0c02 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c525b3bc-fb80-4a64-8fb7-55fea22cc5e2
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-001c97dd-f69b-488d-831e-c2b2bd6fcde2 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-faad7b8c-6245-4b62-b0d3-0d2e2af46cd4 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2dec6a6b-e1c6-4eb2-8991-544fa89369bd -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:17339067-80ac-407a-98ad-344f0422010b
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
explorer.exe
"C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\RtHDVCpl.exe"
"C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\HP\QuickPlay\QPService.exe"
"C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"C:\Programy\PowerISO\PWRISOVM.EXE"
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
/a /h ccApp "C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE"
"C:\Windows\ehome\ehtray.exe"
"C:\Programy\Registry Clean Expert\RCHelper.exe" /startup
"C:\Programy\nokia PC suite\Nokia PC Suite 6\PCSuite.exe" -onlytray
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Programy\Cisco Clean Access Agent\CCAAgent.exe"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" /recycle
SED "/32\\[0-9]*\\insatll.~tmp/I!d"
VFind -tf "C:\Windows\system32\insatll.~tmp"
C:\Windows\system32\conime.exe
CF13284.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\*
CF13284.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF13284.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d10000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
"C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"
"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
{2BC308F8-3291-45A9-B07E-915F39D4AB93}
{E69974D4-E359-44DD-A700-CEB29905BEFF}
{8B415DBF-1F69-45E0-BD6E-574E6FA11AF5}
"C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe"
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Programy\AVG Anti-Spyware 7.5\guard.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {0FF1555F-1569-49F0-B71F-C4551D15DFE4}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-1beffb99-95ed-403e-a26a-6df4a6ae5ffa -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-72a284ad-da66-4553-86b8-4ee34aa6cd40 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7d813d95-5bae-47ff-87c0-0812b0bb0c02 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c525b3bc-fb80-4a64-8fb7-55fea22cc5e2
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-001c97dd-f69b-488d-831e-c2b2bd6fcde2 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-faad7b8c-6245-4b62-b0d3-0d2e2af46cd4 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2dec6a6b-e1c6-4eb2-8991-544fa89369bd -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:17339067-80ac-407a-98ad-344f0422010b
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
explorer.exe
"C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\RtHDVCpl.exe"
"C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\HP\QuickPlay\QPService.exe"
"C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"C:\Programy\PowerISO\PWRISOVM.EXE"
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
/a /h ccApp "C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE"
"C:\Windows\ehome\ehtray.exe"
"C:\Programy\Registry Clean Expert\RCHelper.exe" /startup
"C:\Programy\nokia PC suite\Nokia PC Suite 6\PCSuite.exe" -onlytray
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Programy\Cisco Clean Access Agent\CCAAgent.exe"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" /recycle
Findstr -MIF:/ sursen
C:\Windows\system32\conime.exe
CF13284.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\*
CF13284.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF13284.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d80000 * -t -l

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\hosts
C:\Windows\system32\ceforllf.dll
C:\Windows\System32\fgggh.ini
C:\Windows\System32\fgggh.ini2
C:\Windows\system32\forfsowk.dll
C:\Windows\system32\rlabiaom.dll
C:\Windows\system32\tvcueebf.dll
C:\Windows\system32\uulqtjgj.dll
C:\Windows\System32\vuxyb.ini
C:\Windows\System32\vuxyb.ini2
C:\Windows\system32\wgoaoygs.dll
C:\Windows\System32\wxxyb.ini
C:\Windows\System32\wxxyb.ini2
C:\Windows\System32\xxycf.ini
C:\Windows\System32\xxycf.ini2

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 13:23 6,736 ----a-w C:\Windows\system32\drivers\PROCEXP90.SYS
2008-03-23 20:25 --------- d-----w C:\Users\Daniel\AppData\Roaming\Skype
2008-03-23 20:18 --------- d---a-w C:\PROGRA~2\TEMP
2008-03-23 20:17 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-03-23 16:08 --------- d-----w C:\Users\Daniel\AppData\Roaming\skypePM
2008-03-23 15:37 2,560 ----a-w C:\Windows\system32\drivers\mchInjDrv.sys
2008-03-23 00:39 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-23 00:39 --------- d-----w C:\Program Files\F-Secure
2008-03-23 00:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-23 00:31 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-23 00:31 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-23 00:31 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-23 00:31 --------- d-----w C:\Program Files\Symantec
2008-03-23 00:28 --------- d-----w C:\PROGRA~2\Symantec
2008-03-23 00:06 --------- d-----w C:\PROGRA~2\F-Secure
2008-03-22 22:43 --------- d-----w C:\Users\Daniel\AppData\Roaming\Winamp
2008-03-22 22:43 --------- d-----w C:\Users\Daniel\AppData\Roaming\uTorrent
2008-03-21 22:16 --------- d-----w C:\PROGRA~2\eMule
2008-03-20 23:19 27,934 ----a-w C:\Users\Daniel\AppData\Roaming\nvModes.dat
2008-03-20 14:47 --------- d-----w C:\Program Files\Google
2008-03-19 16:35 --------- d-----w C:\PROGRA~2\Bluetooth
2008-03-17 08:57 --------- d-----w C:\Users\Daniel\AppData\Roaming\Nokia
2008-03-16 18:24 --------- d-----w C:\Users\Daniel\AppData\Roaming\VeriSoft Access Manager
2008-03-13 12:41 --------- d-----w C:\Users\Daniel\AppData\Roaming\F-Secure
2008-03-13 12:28 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-12 16:49 --------- d-----w C:\PROGRA~2\Application Data
2008-03-12 16:32 --------- d-----w C:\Program Files\Longman
2008-03-12 12:44 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 12:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-11 20:51 54,784 ----a-w C:\Windows\system32\drivers\CDAC11BA.EXE
2008-03-11 20:51 12,464 ----a-w C:\Windows\system32\drivers\CdaC15BA.SYS
2008-03-11 20:51 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-11 20:51 --------- d-----w C:\PROGRA~2\Macrovision
2008-03-09 16:00 --------- d-----w C:\Program Files\Real
2008-03-09 02:06 --------- d-----w C:\PROGRA~2\Apple Computer
2008-03-08 23:11 --------- d-----w C:\Program Files\NCH Software
2008-03-06 16:51 --------- d-----w C:\Program Files\QuickTime
2008-03-06 14:26 --------- d-----w C:\PROGRA~2\NCH Software
2008-03-06 14:20 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-03 04:41 --------- d-----w C:\Users\Daniel\AppData\Roaming\GARMIN
2008-03-03 01:26 --------- d-----w C:\Users\Daniel\AppData\Roaming\Grisoft
2008-03-03 01:26 --------- d-----w C:\PROGRA~2\Grisoft
2008-03-01 18:05 --------- d-----w C:\Users\Daniel\AppData\Roaming\PC Tools
2008-02-29 15:39 --------- d-----w C:\Program Files\Nokia
2008-02-29 15:39 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-29 14:57 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-29 14:54 --------- d-----w C:\Users\Daniel\AppData\Roaming\PC Suite
2008-02-29 14:52 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-29 14:49 --------- d-----w C:\PROGRA~2\Installations
2008-02-29 14:36 --------- d-----w C:\PROGRA~2\Nokia
2008-02-29 04:32 7,296 ----a-w C:\Windows\system32\drivers\grmnusb.sys
2008-02-29 04:32 17,024 ----a-w C:\Windows\system32\drivers\grmngen.sys
2008-02-17 17:54 --------- d-----w C:\PROGRA~2\Coolroom
2008-02-16 19:00 --------- d-----w C:\Program Files\uTorrent
2008-02-15 15:59 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-15 15:58 --------- d-----w C:\Program Files\Common Files\Real
2008-02-13 12:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 12:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 12:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 12:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 12:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 12:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 12:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 12:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 12:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 12:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 12:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 12:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 12:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 12:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-13 11:51 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 11:51 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 11:51 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 11:51 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 11:51 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 11:51 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 11:51 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 11:48 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 11:48 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 11:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 11:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 13:07 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-06 14:05 --------- d-----w C:\PROGRA~2\NVIDIA
2008-02-04 12:24 --------- d-----w C:\Program Files\Error Repair Professional
2008-02-03 21:59 --------- d-----w C:\Users\Daniel\AppData\Roaming\iExpert Software
2008-01-31 14:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 09:41 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-06 12:43 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-06 12:43 32 ----a-w C:\PROGRA~2\ezsid.dat
2008-01-05 17:25 174 --sha-w C:\Program Files\desktop.ini
2008-01-05 17:16 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-05 17:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-05 17:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-05 17:16 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-05 17:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-05 17:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-05 17:16 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-05 17:16 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-05 17:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-05 17:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-23 00:32 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 09:41 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"RegClean Expert Scheduler"="C:\Programy\Registry Clean Expert\RCHelper.exe" [2008-01-31 02:09 604920]
"Steam"="C:\Gry\Counter Strike\Steam.exe" [2008-02-24 00:01 1266936]
"PC Suite Tray"="C:\Programy\nokia PC suite\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 22:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 17:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 16:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 09:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 21:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 18:12 17920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"PWRISOVM.EXE"="C:\Programy\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05 200704]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 08:05 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 15:58 185896]
"MSServer"="C:\Windows\system32\mllli.dll" [ ]
"!AVG Anti-Spyware"="C:\Programy\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Programy\nokia PC suite\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-415828500-1633433616-1486023953-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC6B58C1-F27F-46B6-BC49-7F3725435A97}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A7EE9358-BE7C-43D9-B98E-AFFD8596C1B8}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{0C2F0C4D-11B0-449B-B2CE-F9DE879042EA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{117AAEA7-4901-44AA-9A45-A82CB9348197}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{370CDB45-9DCC-47B7-989D-A63C779B61CC}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{0AD5A1F0-3E76-442E-A82F-24B4124189F4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{AA95D80D-A137-4CDB-88F4-87DCFD5BFAE5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{7F7275B4-C323-4C0F-B0C7-125EE407E8B4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{E3F21315-93B2-47B3-A4D8-5A79B5DDC75A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{377A626A-98FA-46CA-8659-0638604B412C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{7CE0CC62-5154-4DE0-82C0-396C669E8393}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{28B2E05A-57E1-4880-A288-D8FD4D0C3535}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A4448FAD-E6FC-49D4-BA57-33258CC001B8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{9F6366ED-3CE9-4BF0-ACE5-C89286197E8E}C:\\programy\\gadu-gadu\\gg.exe"= UDP:C:\programy\gadu-gadu\gg.exe:Gadu-Gadu - program glówny
"UDP Query User{8FBE4A73-D74C-49A6-BBDC-020B9B645058}C:\\programy\\gadu-gadu\\gg.exe"= TCP:C:\programy\gadu-gadu\gg.exe:Gadu-Gadu - program glówny
"TCP Query User{22444A00-A229-47FD-A17F-80EBBB00EA76}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A58B7650-649A-42C1-A275-747E25B76017}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D1B368B0-0AB9-4E59-A2C2-A8C3B52359E5}C:\\programy\\bearshare\\bearshare.exe"= UDP:C:\programy\bearshare\bearshare.exe:BearShare
"UDP Query User{9024FCFF-CA92-4F9B-A9BD-9631498966BD}C:\\programy\\bearshare\\bearshare.exe"= TCP:C:\programy\bearshare\bearshare.exe:BearShare
"{D3D3E5AD-A84B-4930-B109-65685C42BA19}"= UDP:40757:torrent
"{1858E258-2347-4A49-8C36-6AD3C8612DA6}"= TCP:40757:utorrent
"TCP Query User{01FE7D03-4EDE-4D32-BB64-09699C93D97A}C:\\gry\\colin mcrae dirt\\dirt.exe"= UDP:C:\gry\colin mcrae dirt\dirt.exe:DiRT Executable
"UDP Query User{2DA8F62E-51F0-4679-ACDB-32FAB7456995}C:\\gry\\colin mcrae dirt\\dirt.exe"= TCP:C:\gry\colin mcrae dirt\dirt.exe:DiRT Executable
"TCP Query User{8FBA147D-1E35-4A41-949E-8E5C30FFE67C}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{DA5CDEAE-9956-4A33-B3CF-0A141B6E1840}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{8ABB6BCA-4400-4BF7-9F99-6ABAE8BD50C1}C:\\programy\\dc++\\dcplusplus.exe"= UDP:C:\programy\dc++\dcplusplus.exe:DC++
"UDP Query User{8E311FC7-25A4-4F71-955A-97EF15EFA8AF}C:\\programy\\dc++\\dcplusplus.exe"= TCP:C:\programy\dc++\dcplusplus.exe:DC++
"TCP Query User{B5602181-FB69-4E91-AE15-2DB3C741DE03}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{A29E45E8-F664-4297-AE06-13DF181C7885}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{BCFC087B-495E-477F-A044-5BA7E311BFAA}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{C8DAA94B-0DE1-4342-B8C0-E8B96D30C5CC}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{513BB99A-B30F-46A4-92D3-C88DD6625420}C:\\gry\\spliner cell\\tcscda\\scda-offline\\system\\splintercell4.exe"= UDP:C:\gry\spliner cell\tcscda\scda-offline\system\splintercell4.exe:SplinterCell4
"UDP Query User{081BEAFD-FAA6-4F7E-94A6-EA3BF80F0C96}C:\\gry\\spliner cell\\tcscda\\scda-offline\\system\\splintercell4.exe"= TCP:C:\gry\spliner cell\tcscda\scda-offline\system\splintercell4.exe:SplinterCell4
"TCP Query User{74CAF593-D926-4BEB-92FB-40901B52CAFC}C:\\programy\\realplayer\\realplay.exe"= UDP:C:\programy\realplayer\realplay.exe:RealPlayer
"UDP Query User{1C03A351-69FF-4207-8EAF-206C6A287B0D}C:\\programy\\realplayer\\realplay.exe"= TCP:C:\programy\realplayer\realplay.exe:RealPlayer
"{07062087-D05A-42AF-9A11-39DBB230B39B}"= Disabled:UDP:C:\Programy\Skype\Phone\Skype.exe:Skype
"{94143D07-E01E-430F-AD55-35B71A05BAEC}"= Disabled:TCP:C:\Programy\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080314.001\IDSvix86.sys [2008-02-13 16:18]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 09:45]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 09:45]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 12:50]
S2 Harmonogram automatycznej uslugi LiveUpdate;Harmonogram automatycznej uslugi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-23 12:35]
S3 BCM43XV;Sterownik karty sieciowej Broadcom Extensible 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 07:30]
S3 btwaudio;Urzadzenie dzwiekowe Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 10:45]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 10:45]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 10:45]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-13 12:00]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2438eba3-b01f-11dc-a87a-001b24ddfff6}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d478b75-a42b-11dc-aa1a-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 13:37:13
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Programy\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programy\Cisco Clean Access Agent\CCAAgent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-03-24 13:44:17 - machine was rebooted [Daniel]
ComboFix-quarantined-files.txt 2008-03-24 13:44:05
.
2008-03-23 03:19:35 --- E O F ---

**Posty:** 18165 · przez **wojtas** 24 Mar 2008, 19:44

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2438eba3-b01f-11dc-a87a-001b24ddfff6}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

**Posty:** 17 · przez **danjo.wlv** 24 Mar 2008, 20:36

super! dzieki wielkie. poza tym wszystko ok?

wkleilem łącznie z tymi kwadratowymi nawiasmai. dobrze?

**Posty:** 18165 · przez **wojtas** 24 Mar 2008, 20:39

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2438eba3-b01f-11dc-a87a-001b24ddfff6}]

to masz wkleic

i bedzie ok

**Posty:** 17 · przez **danjo.wlv** 24 Mar 2008, 21:05

hmmm.. a jak ci pochwalke dorzucic?

a tych procesow svchost nie jest za duzo?

**Posty:** 18165 · przez **wojtas** 24 Mar 2008, 21:28

u mnie jest tez 5 czy 6 procesow. wiec to normalne pozdro

**Posty:** 17 · przez **danjo.wlv** 24 Mar 2008, 21:43

heh... u mnie nieco wiecej bo... 15... chyba za duzo?

**Posty:** 8001 · przez **Okocza** 24 Mar 2008, 21:45

pokaż screen z menedżera zadań z tym svchostów

**Posty:** 17 · przez **danjo.wlv** 24 Mar 2008, 21:59

oto screen. mam nadzieje ze najwzniejsze jest

**Posty:** 8001 · przez **Okocza** 24 Mar 2008, 22:02

zobacz czy w polu nazwa masz Usługa Sieciowa, Lokalna lub system.

**Posty:** 17 · przez **danjo.wlv** 24 Mar 2008, 22:08

wyglada na to ze kazda zlicza do tych, ktore wymieniles. jest w porzadku?

**Posty:** 8001 · przez **Okocza** 24 Mar 2008, 22:10

tak. wygląda na to że wszystko jest ok. nawet same nazwy nie wskazują na błędy (svcchost <---- ta jest błędna, a to co Ty masz jest ok.)

**Posty:** 17 · przez **danjo.wlv** 24 Mar 2008, 22:21

heh... no wiec chyba dokupie sobie jeszcze ramu:/ martwi mnie tylko to, ze ten combofix wyswietlil blad, ze nie moze wejsc w jakis plik bo jest zablokowany lub nie mam uprawnien admina. poza tym KAV tez znalazl duzo plikow ktore pominal:/ poza tym jak chce otworzyc link z emaila badz offica wyswietla mi sie info ze nie mam uprawnien admina do wykonania tej operacji... czyli cos nie jest ok:(

**Posty:** 8001 · przez **Okocza** 24 Mar 2008, 22:43

do jakiego pliku :?:

napisz nazwę i rozszerzenie. jaka wersja Visty :?:

**Posty:** 17 · przez **danjo.wlv** 24 Mar 2008, 22:48

vista home premium
akurat zapisalem loga z KAV. oto on:

Statystyki skanowania
Liczba skanowanych obiektów 133722
Liczba wykrytych wirusów 0
Liczba zainfekowanych obiektów 0
Liczba podejrzanych obiektów 0
Czas trwania skanowania 02:05:01

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked pominięty

C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked pominięty

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked pominięty

C:\Program Files\Norton AntiVirus\AVError.log Object is locked pominięty

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked pominięty

C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked pominięty

C:\ProgramData\Symantec\Common Client\settings.BAK Object is locked pominięty

C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked pominięty

C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked pominięty

C:\ProgramData\Symantec\Common Client\{24C5E55A-C07B-48D9-B0D2-8AFB39432BBC}.BAK Object is locked pominięty

C:\ProgramData\Symantec\Common Client\{24C5E55A-C07B-48D9-B0D2-8AFB39432BBC}.DAT Object is locked pominięty

C:\ProgramData\Symantec\Common Client\{35688787-5B45-49A6-AAE7-B189BFFD253E}.BAK Object is locked pominięty

C:\ProgramData\Symantec\LiveUpdate\2008-03-23_Log.ALUSchedulerSvc.LiveUpdate Object is locked pominięty

C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\Shl_{CFD201F3-3655-4BCC-9AD1-C8367AD4C77E}.ldb Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\Shl_{CFD201F3-3655-4BCC-9AD1-C8367AD4C77E}.sds Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked pominięty

C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked pominięty

C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked pominięty

C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked pominięty

C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked pominięty

C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked pominięty

C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked pominięty

C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked pominięty

C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked pominięty

C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked pominięty

C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked pominięty

C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked pominięty

C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked pominięty

C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked pominięty

C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked pominięty

C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked pominięty

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5d34c3f509068acf105f2dfb1a1d1405_f477c833-872f-46b2-bf2c-c297246304ba Object is locked pominięty

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\74c81fa4711cd61bf936b0e89ac97245_f477c833-872f-46b2-bf2c-c297246304ba Object is locked pominięty

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bbb78300220bcb9b83c3dbaf43e6cd3b_f477c833-872f-46b2-bf2c-c297246304ba Object is locked pominięty

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c5c34c51a7e0ad2e0df69ade6e0c6ea2_f477c833-872f-46b2-bf2c-c297246304ba Object is locked pominięty

C:\ProgramData\Microsoft\User Account Pictures\Wlasciciel.dat Object is locked pominięty

C:\System.sav\util\App.Evt Object is locked pominięty

C:\System.sav\util\Sec.Evt Object is locked pominięty

C:\System.sav\util\Sys.Evt Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008032320080324\index.dat Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat{2438eb68-b01f-11dc-a87a-001b24ddfff6}.TM.blf Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat{2438eb68-b01f-11dc-a87a-001b24ddfff6}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat{2438eb68-b01f-11dc-a87a-001b24ddfff6}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows Defender\FileTracker\{AE8CE568-FD98-433C-A5A8-962EE9C8208C} Object is locked pominięty

C:\Users\Daniel\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked pominięty

C:\Users\Daniel\AppData\Local\Temp\ehmsas.txt Object is locked pominięty

C:\Users\Daniel\AppData\Local\Temp\IMG4DFB.tmp Object is locked pominięty

C:\Users\Daniel\AppData\Local\Temp\Low\~DFC296.tmp Object is locked pominięty

C:\Users\Daniel\AppData\Local\Temp\Low\~DFC2A3.tmp Object is locked pominięty

C:\Users\Daniel\AppData\Local\Temp\~DF656B.tmp Object is locked pominięty

C:\Users\Daniel\AppData\Local\Temp\~DFE591.tmp Object is locked pominięty

C:\Users\Daniel\AppData\Roaming\CiscoCAA\event.log Object is locked pominięty

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked pominięty

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked pominięty

C:\Users\Daniel\ntuser.dat Object is locked pominięty

C:\Users\Daniel\ntuser.dat.LOG1 Object is locked pominięty

C:\Users\Daniel\ntuser.dat.LOG2 Object is locked pominięty

C:\Users\Daniel\ntuser.dat{443a1291-f860-11dc-adaf-83539d705b67}.TM.blf Object is locked pominięty

C:\Users\Daniel\ntuser.dat{443a1291-f860-11dc-adaf-83539d705b67}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty

C:\Users\Daniel\ntuser.dat{443a1291-f860-11dc-adaf-83539d705b67}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty

C:\Windows\bthservsdp.dat Object is locked pominięty

C:\Windows\Debug\PASSWD.LOG Object is locked pominięty

C:\Windows\Debug\sam.log Object is locked pominięty

C:\Windows\Debug\WIA\wiatrace.log Object is locked pominięty

C:\Windows\Logs\CBS\CBS.log Object is locked pominięty

C:\Windows\Logs\CBS\CBS.persist.log Object is locked pominięty

C:\Windows\Logs\DPX\setupact.log Object is locked pominięty

C:\Windows\Logs\DPX\setuperr.log Object is locked pominięty

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked pominięty

C:\Windows\panther\diagerr.xml Object is locked pominięty

C:\Windows\panther\diagwrn.xml Object is locked pominięty

C:\Windows\panther\setupact.log Object is locked pominięty

C:\Windows\panther\setuperr.log Object is locked pominięty

C:\Windows\panther\UnattendGC\diagerr.xml Object is locked pominięty

C:\Windows\panther\UnattendGC\diagwrn.xml Object is locked pominięty

C:\Windows\panther\UnattendGC\setupact.log Object is locked pominięty

C:\Windows\panther\UnattendGC\setuperr.log Object is locked pominięty

C:\Windows\security\database\secedit.sdb Object is locked pominięty

C:\Windows\SoftwareDistribution\EventCache\{453D2078-E246-4038-A2BD-89BB4B369389}.bin Object is locked pominięty

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked pominięty

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked pominięty

C:\Windows\System32\catroot2\edb.log Object is locked pominięty

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked pominięty

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked pominięty

C:\Windows\System32\config\COMPONENTS Object is locked pominięty

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked pominięty

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked pominięty

C:\Windows\System32\config\DEFAULT Object is locked pominięty

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked pominięty

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked pominięty

C:\Windows\System32\config\SAM Object is locked pominięty

C:\Windows\System32\config\SAM.LOG1 Object is locked pominięty

C:\Windows\System32\config\SAM.LOG2 Object is locked pominięty

C:\Windows\System32\config\SECURITY Object is locked pominięty

C:\Windows\System32\config\SECURITY.LOG1 Object is locked pominięty

C:\Windows\System32\config\SECURITY.LOG2 Object is locked pominięty

C:\Windows\System32\config\SOFTWARE Object is locked pominięty

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked pominięty

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked pominięty

C:\Windows\System32\config\SYSTEM Object is locked pominięty

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked pominięty

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked pominięty

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked pominięty

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR\{443a1276-f860-11dc-adaf-83539d705b67}.TxR.0.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR\{443a1276-f860-11dc-adaf-83539d705b67}.TxR.1.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR\{443a1276-f860-11dc-adaf-83539d705b67}.TxR.2.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR\{443a1276-f860-11dc-adaf-83539d705b67}.TxR.blf Object is locked pominięty

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked pominięty

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked pominięty

C:\Windows\System32\restore\MachineGuid.txt Object is locked pominięty

C:\Windows\System32\spool\SpoolerETW.etl Object is locked pominięty

C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked pominięty

C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked pominięty

C:\Windows\System32\sysprep\Panther\setupact.log Object is locked pominięty

C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked pominięty

C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked pominięty

C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked pominięty

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked pominięty

C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked pominięty

C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked pominięty

C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked pominięty

C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked pominięty

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\System.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\VeriSoft.evtx Object is locked pominięty

C:\Windows\Tasks\ErrorSweeper Scheduled Scan.job Object is locked pominięty

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked pominięty

C:\Windows\Temp\JETCCCF.tmp Object is locked pominięty

C:\Windows\WindowsUpdate.log Object is locked pominięty

C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked pominięty

Proces skanowania został zakończony.

**Posty:** 8001 · przez **Okocza** 24 Mar 2008, 22:51

z tego co tu widzę to wszystko to pliki Visty. są zabezpieczone przed otwarciem/edycją/skasowaniem

**Posty:** 17 · przez **danjo.wlv** 24 Mar 2008, 22:56

ufff:) a co zrobic z tym ograniczeniem dostepu ktore mam? np przy otwieraniu tych linkow itp? kiedys otwieraly sie normanie, teraz nie. na dodatek cos takiego:
"operacja zostala anulowana z powodu ograniczen nalozonych na ten komputer. skontaktouj sie z administratorem systemu"
poza tym mialem jeszcze kilka podobnych przypadkow, gdzie niby nie moglem czegos zrobic, poniewaz nie jestem adminem:/

**Posty:** 8001 · przez **Okocza** 24 Mar 2008, 23:01

Kod: Zaznacz wszystko: HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList utwórz w nim wartość Int (DWORD x32): "Administrator" i na nadaj jej wartość "1" następnie wydaj z w konsol (w prawach admina) i polecenie: net user Administrator /Active:yes

spróbuj. to znalazłem w internecie.

proszę o sprawdzenie log-a: duże zużycie ram i dużo procesów

proszę o sprawdzenie log-a: duże zużycie ram i dużo procesów

Kto jest na forum