Win xp, brak pełnej administracji systemu

[Przem_as_Pat]

Witam ponownie i ponownie stawiam logi (z racji braku odpowiedzi)

Z Góry Dziękuje za jakiekolwiek zainteresowanie

Problem j/w brak mi dostepu to zasobów systemowych i na 98% jest to związane z Uprawnieniami, których nie mogę ustawić, nie wiedzieć czemu..

http://www.up.programosy.pl/foto/bez_tytulu_1839.jpg

Wstawiam logi i czekam na instrukcje..

P.S - dorzucę temat jeszcze odnośnie tej samej maszyny,a zostało to z różnych przyczyn z tyłu. http://forum.programosy.pl/moje-dokumenty-x2-vt111797.html
A ma się to do tego,że przy starcie systema wyskakują mi "Moje dokumenty" razy dwa (dwa okna to samo)

Jeszcze raz z góry Dzięki za zainteresowanie tematem i czekam..

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2010-03-18 18:04:24 - Run 1
OTL by OldTimer - Version 3.1.37.2     Folder = D:\Ściągniete z neta
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 1,43 Gb Free Space | 14,66% Space Free | Partition Type: NTFS
Drive D: | 92,77 Gb Total Space | 14,92 Gb Free Space | 16,09% Space Free | Partition Type: NTFS
Drive E: | 195,55 Gb Total Space | 17,99 Gb Free Space | 9,20% Space Free | Partition Type: NTFS
Drive F: | 330,39 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: W-F6AE2996F07D4
Current User Name: Właściciel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2000478354-1993962763-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "d:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "d:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "d:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"D:\Program Files\Unreal Antologia\UT2004\System\UT2004.exe" = D:\Program Files\Unreal Antologia\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}_is1" = Unreal Antologia
"{15CEC2E1-16AF-11D9-88E4-0004769F25D1}" = Colin McRae Rally 2005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{63D1A44F-E1FD-4460-BE0A-8745012F67EF}" = BlueSoleil
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB38FA94-F36F-44EA-B5B0-177EF8C6C51E}" = Planescape Torment
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Odinstaluj LG PC Suite III
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F168AFC5-B8C9-4165-A23E-E3EA1BE5531E}" = Psi Ops
"{F59A3B93-6C1C-4C3E-BCC4-4897490E2963}" = LG Bluetooth Drivers
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Edimax Wireless LAN
"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03
"ActiveScan 2.0" = Panda ActiveScan 2.0
"avast5" = avast! Free Antivirus
"Codec_is1" = Codec 8.2 build 8
"CWK" = CWK (Czasowy Wyłącznik Komputera)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NVIDIA Drivers" = NVIDIA Drivers
"Painkiller Overdose_is1" = Painkiller Overdose
"RealAlt_is1" = Real Alternative 1.8.0
"SlamTilt Resurrection" = SlamTilt Resurrection
"ST5UNST #1" = Visual Basic 5.0
"TC_is1" = Tank Combat
"Winamp" = Winamp

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-02-17 07:20:56 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x0003feac.

Error - 2010-02-17 07:21:30 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x0003fee7.

Error - 2010-02-17 08:48:54 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x0003fee7.

Error - 2010-02-19 09:34:23 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x0003fee7.

Error - 2010-02-19 10:11:41 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x001f0ca8.

Error - 2010-02-19 11:20:43 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x000939e0.

Error - 2010-02-23 14:40:52 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x0003feac.

Error - 2010-02-25 13:39:09 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x0003feac.

Error - 2010-02-26 14:48:17 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x0003fee7.

Error - 2010-02-26 15:00:03 | Computer Name = W-F6AE2996F07D4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący
błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x0003feac.

[ System Events ]
Error - 2010-03-16 17:57:49 | Computer Name = W-F6AE2996F07D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego
błędu:   %%1058

Error - 2010-03-16 18:01:54 | Computer Name = W-F6AE2996F07D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego
błędu:   %%1058

Error - 2010-03-16 18:04:30 | Computer Name = W-F6AE2996F07D4 | Source = Windows Update Agent | ID = 20
Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować
następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Aktualizacja zabezpieczeń
dla programu Flash Player (KB923789).

Error - 2010-03-17 11:51:01 | Computer Name = W-F6AE2996F07D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego
błędu:   %%1058

Error - 2010-03-17 14:11:29 | Computer Name = W-F6AE2996F07D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego
błędu:   %%1058

Error - 2010-03-18 12:15:28 | Computer Name = W-F6AE2996F07D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego
błędu:   %%1058

Error - 2010-03-18 12:16:47 | Computer Name = W-F6AE2996F07D4 | Source = Windows Update Agent | ID = 20
Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować
następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Aktualizacja zabezpieczeń
dla programu Flash Player (KB923789).

Error - 2010-03-18 12:43:56 | Computer Name = W-F6AE2996F07D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego
błędu:   %%1058

Error - 2010-03-18 12:54:43 | Computer Name = W-F6AE2996F07D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego
błędu:   %%1058

Error - 2010-03-18 12:59:48 | Computer Name = W-F6AE2996F07D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego
błędu:   %%1058


< End of report >


Kod: Zaznacz wszystko

OTL logfile created on: 2010-03-18 18:04:24 - Run 1
OTL by OldTimer - Version 3.1.37.2     Folder = D:\Ściągniete z neta
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 1,43 Gb Free Space | 14,66% Space Free | Partition Type: NTFS
Drive D: | 92,77 Gb Total Space | 14,92 Gb Free Space | 16,09% Space Free | Partition Type: NTFS
Drive E: | 195,55 Gb Total Space | 17,99 Gb Free Space | 9,20% Space Free | Partition Type: NTFS
Drive F: | 330,39 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: W-F6AE2996F07D4
Current User Name: Właściciel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-03-17 18:46:58 | 000,556,032 | ---- | M] (OldTimer Tools) -- D:\Ściągniete z neta\OTL.exe
PRC - [2010-03-09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-12-14 14:28:02 | 000,716,800 | ---- | M] (Edimax Technology Co., Ltd) -- C:\Program Files\EDIMAX\Common\RaUI.exe
PRC - [2005-04-06 16:03:28 | 000,110,592 | ---- | M] () -- D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-03-17 18:46:58 | 000,556,032 | ---- | M] (OldTimer Tools) -- D:\Ściągniete z neta\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005-04-06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-03-09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-03-09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-03-09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-03-09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-03-09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-03-09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-07-31 09:25:36 | 000,004,716 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-06-30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009-06-19 12:59:10 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009-06-19 12:59:04 | 000,012,032 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009-06-19 12:59:02 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009-01-15 07:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-08-06 10:12:10 | 004,755,968 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-07-08 14:55:56 | 000,121,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgmdmdm.sys -- (lgmdmdm)
DRV - [2008-07-08 14:55:56 | 000,114,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgmdmgmt.sys -- (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM)
DRV - [2008-07-08 14:55:56 | 000,111,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgmdobex.sys -- (lgmdobex)
DRV - [2008-07-08 14:55:56 | 000,089,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgmdbus.sys -- (lgmdbus) LG Mobile driver (WDM)
DRV - [2008-07-08 14:55:56 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgmdmdfl.sys -- (lgmdmdfl)
DRV - [2008-04-13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-05 11:46:02 | 000,491,648 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2005-08-31 10:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005-08-31 10:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005-07-29 16:26:54 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005-07-29 16:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005-04-30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005-04-30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005-03-25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004-12-16 16:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004-12-09 16:25:49 | 000,047,104 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004-12-03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004-10-28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004-10-19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-16 19:26:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-16 19:26:03 | 000,000,000 | ---D | M]

[2010-03-16 19:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Extensions
[2010-03-16 19:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\oq2ty0dt.default\extensions
[2010-03-16 19:26:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-21-2000478354-1993962763-1801674531-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2000478354-1993962763-1801674531-1003..\Run: [wsctf.exe]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk = D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd)
O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\_uninst_setup_9.0.0.722_16.03.2010_20-33.exe.lnk = C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\_uninst_setup_9.0.0.722_16.03.2010_20-33.exe.bat File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1993962763-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-31 09:02:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-03-16 21:37:36 | 000,000,038 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-03-16 21:37:36 | 000,000,038 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-03-29 18:33:45 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-03-16 21:37:37 | 000,000,038 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-03-14 07:15:48 | 000,624,640 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-03-14 07:15:49 | 000,000,029 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008-03-14 07:15:49 | 000,002,723 | R--- | M] () - F:\AutoRun.ini -- [ CDFS ]
O33 - MountPoints2\{2c52e2b6-8da9-11de-a25e-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{2c52e2b6-8da9-11de-a25e-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{3e65b0c7-bede-11de-a29e-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{3e65b0c7-bede-11de-a29e-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{4af38dc0-7db7-11de-8bbd-806d6172696f}\Shell\open\Command - "" = rx.exe
O33 - MountPoints2\{4af38dc1-7db7-11de-8bbd-806d6172696f}\Shell\open\Command - "" = rx.exe
O33 - MountPoints2\{4af38dc2-7db7-11de-8bbd-806d6172696f}\Shell\open\Command - "" = rx.exe
O33 - MountPoints2\{5e356fb6-b36c-11de-a285-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{5e356fb6-b36c-11de-a285-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{7f513542-9344-11de-a262-002354ca5cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{7f513542-9344-11de-a262-002354ca5cb9}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7f513543-9344-11de-a262-002354ca5cb9}\Shell\AutoRun\command - "" = M:\rx.exe -- File not found
O33 - MountPoints2\{7f513543-9344-11de-a262-002354ca5cb9}\Shell\open\Command - "" = M:\rx.exe -- File not found
O33 - MountPoints2\{987a8d6a-e412-11de-a2de-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{987a8d6a-e412-11de-a2de-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{a6cd4a16-81e7-11de-a245-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{a6cd4a16-81e7-11de-a245-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{d0a91af4-86bf-11de-a252-002354ca5cb9}\Shell\AutoRun\command - "" = K:\22yj2fy1.exe -- File not found
O33 - MountPoints2\{d0a91af4-86bf-11de-a252-002354ca5cb9}\Shell\open\Command - "" = K:\22yj2fy1.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-03-16 23:04:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010-03-16 22:37:09 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-03-16 22:37:09 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-03-16 22:37:09 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-03-16 22:37:08 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-03-16 22:37:07 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-03-16 22:37:07 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-03-16 22:37:07 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-03-16 22:36:57 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-03-16 22:36:57 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010-03-16 22:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-03-16 22:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-03-16 22:06:06 | 002,190,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010-03-16 22:06:04 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010-03-16 22:06:01 | 002,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010-03-16 21:59:48 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010-03-16 21:22:01 | 000,455,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010-03-16 21:09:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-03-16 21:09:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2010-03-16 21:09:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-03-16 21:09:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2010-03-16 20:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010-03-16 20:54:16 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010-03-16 19:38:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010-03-16 19:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\Pobieranie
[2010-03-16 19:30:57 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010-03-16 19:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010-03-16 19:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla
[2010-03-16 19:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla
[2010-03-16 19:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-03-16 19:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Macromedia
[2010-03-15 18:05:30 | 000,491,648 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt61.sys
[2010-03-15 18:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\EDIMAX
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-03-18 17:59:48 | 000,197,303 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-03-18 17:59:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-03-18 17:59:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-03-18 17:59:09 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Właściciel\NTUSER.DAT
[2010-03-18 17:58:57 | 005,329,458 | -H-- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-18 17:48:02 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-18 17:48:02 | 000,355,830 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-03-18 17:48:02 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-18 17:48:02 | 000,049,712 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-03-18 17:48:02 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-18 17:16:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-03-17 18:06:22 | 000,163,312 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\bez tytułu.JPG
[2010-03-17 16:50:50 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-03-16 22:39:51 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\_uninst_setup_9.0.0.722_16.03.2010_20-33.exe.lnk
[2010-03-16 22:37:10 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk
[2010-03-16 22:37:07 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-03-16 21:37:36 | 000,000,038 | ---- | M] () -- C:\autorun.inf
[2010-03-16 21:02:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-16 21:02:49 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-16 19:26:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010-03-16 19:26:04 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2010-03-16 18:41:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-15 18:46:50 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Skrót do Moje dokumenty.lnk
[2010-03-15 18:37:08 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wireless Utility.lnk
[2010-03-15 18:05:36 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010-03-09 12:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010-03-09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-03-09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-03-09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-03-09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-03-09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-03-09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-03-09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-03-09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-03-04 21:05:00 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-03-17 18:06:22 | 000,163,312 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\bez tytułu.JPG
[2010-03-16 22:39:51 | 000,001,098 | ---- | C] () -- C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\_uninst_setup_9.0.0.722_16.03.2010_20-33.exe.lnk
[2010-03-16 22:37:10 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk
[2010-03-16 19:26:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-03-16 19:26:04 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2010-03-15 18:46:50 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Skrót do Moje dokumenty.lnk
[2010-03-15 18:05:36 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010-03-15 18:05:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2661.bin
[2010-03-15 18:05:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561s.bin
[2010-03-15 18:05:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561.bin
[2010-03-15 18:05:27 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wireless Utility.lnk
[2009-12-27 12:41:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009-08-08 18:41:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-08-08 18:41:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-08-08 18:41:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-08-04 20:59:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-04 20:46:27 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-04 00:43:46 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-07-31 20:28:18 | 000,024,924 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009-07-31 20:26:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-07-31 20:26:03 | 000,024,619 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-07-31 20:26:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-07-31 10:38:22 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007-04-12 16:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-04-12 16:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-04-12 16:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-04-12 16:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-04-12 16:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-07-29 16:21:32 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2004-12-16 16:32:54 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-03-16 22:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2009-12-13 17:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
[2010-03-16 22:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-10-08 13:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\POPWWPROFILES
[2009-08-05 18:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\DAEMON Tools Lite
[2009-08-04 00:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Leadertech
[2009-12-29 17:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\LG Electronics
[2010-02-08 09:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Tank Combat
[2009-12-29 17:09:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\{D94BA408-F110-488B-A65E-3AE7945F79E6}

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


i Gmer

Kod: Zaznacz wszystko

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 18:20:56
Windows 5.1.2600 Dodatek Service Pack 3
Running: tgn8qmxp.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\kgxdifow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwClose [0xB6C7BC56]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateKey [0xB6C7BB12]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDeleteKey [0xB6C7C0C6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDeleteValueKey [0xB6C7BFF0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDuplicateObject [0xB6C7B6E8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenKey [0xB6C7BBEC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenProcess [0xB6C7B628]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenThread [0xB6C7B68C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwQueryValueKey [0xB6C7BD0C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwRenameKey [0xB6C7C194]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwRestoreKey [0xB6C7BCCC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwSetValueKey [0xB6C7BE4C]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateProcessEx [0xB6C884FE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateSection [0xB6C88322]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwLoadDriver [0xB6C8845C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         NtCreateSection
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2CE0                                                                          8050457C 4 Bytes  CALL 17070D37
PAGE            ntkrnlpa.exe!ZwLoadDriver                                                                                     8058413A 7 Bytes  JMP B6C88460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!NtCreateSection                                                                                  805AB3AC 7 Bytes  JMP B6C88326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                            805BC520 5 Bytes  JMP B6C844BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                   805C2FA4 5 Bytes  JMP B6C85972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                805D1144 7 Bytes  JMP B6C88502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                      section is writeable [0xB97A2360, 0x3535DF, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3800] ntdll.dll!LdrLoadDll                                       7C9163C3 5 Bytes  JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[900] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  003D0002
IAT             C:\WINDOWS\system32\services.exe[900] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        003D0000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                        aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device          \Driver\usbstor \Device\0000009b                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\atapi \Device\Ide\IdePort0                                                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-e                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-6                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort2                                                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort3                                                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\usbstor \Device\00000097                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\usbstor \Device\00000098                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\usbstor \Device\00000099                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\usbstor \Device\0000009a                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                           0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                        0xB0 0xBB 0xA7 0xB1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                           0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                               0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                            0xB0 0xBB 0xA7 0xB1 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                               0xD4 0xC3 0x97 0x02 ...

---- EOF - GMER 1.0.15 ----


Jeśli można to opinii co łaska..

[wojtas]

na kompie widać avasta 5 i resztki od Pandy . usuń

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
O4 - HKU\S-1-5-21-2000478354-1993962763-1801674531-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2000478354-1993962763-1801674531-1003..\Run: [wsctf.exe] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\_uninst_setup_9.0.0.722_16.03.2010_20-33.exe.lnk = C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\_uninst_setup_9.0.0.722_16.03.2010_20-33.exe.bat File not found
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2010-03-16 21:37:36 | 000,000,038 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-03-16 21:37:36 | 000,000,038 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-03-29 18:33:45 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-03-16 21:37:37 | 000,000,038 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-03-14 07:15:48 | 000,624,640 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-03-14 07:15:49 | 000,000,029 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008-03-14 07:15:49 | 000,002,723 | R--- | M] () - F:\AutoRun.ini -- [ CDFS ]
O33 - MountPoints2\{2c52e2b6-8da9-11de-a25e-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{2c52e2b6-8da9-11de-a25e-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{3e65b0c7-bede-11de-a29e-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{3e65b0c7-bede-11de-a29e-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{4af38dc0-7db7-11de-8bbd-806d6172696f}\Shell\open\Command - "" = rx.exe
O33 - MountPoints2\{4af38dc1-7db7-11de-8bbd-806d6172696f}\Shell\open\Command - "" = rx.exe
O33 - MountPoints2\{4af38dc2-7db7-11de-8bbd-806d6172696f}\Shell\open\Command - "" = rx.exe
O33 - MountPoints2\{5e356fb6-b36c-11de-a285-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{5e356fb6-b36c-11de-a285-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{7f513542-9344-11de-a262-002354ca5cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{7f513542-9344-11de-a262-002354ca5cb9}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7f513543-9344-11de-a262-002354ca5cb9}\Shell\AutoRun\command - "" = M:\rx.exe -- File not found
O33 - MountPoints2\{7f513543-9344-11de-a262-002354ca5cb9}\Shell\open\Command - "" = M:\rx.exe -- File not found
O33 - MountPoints2\{987a8d6a-e412-11de-a2de-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{987a8d6a-e412-11de-a2de-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{a6cd4a16-81e7-11de-a245-002354ca5cb9}\Shell\AutoRun\command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{a6cd4a16-81e7-11de-a245-002354ca5cb9}\Shell\open\Command - "" = K:\rx.exe -- File not found
O33 - MountPoints2\{d0a91af4-86bf-11de-a252-002354ca5cb9}\Shell\AutoRun\command - "" = K:\22yj2fy1.exe -- File not found
O33 - MountPoints2\{d0a91af4-86bf-11de-a252-002354ca5cb9}\Shell\open\Command - "" = K:\22yj2fy1.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

:Files
C:\WINDOWS\System32\EXPLORER.EXE
C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\_uninst_setup_9.0.0.722_16.03.2010_20-33.exe.lnk

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]

Kliknij w Run Fix. I potwierdź reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera

[Przem_as_Pat]

Zrobiłem Wojtas wedle wskazówek, dostęp do folderów mam,Pomogło..

Wstawiam log z otl,po restarcie,ale.. nie rozumiem do końca co miałeś na myśli

oraz raport z czyszczenia komputera

Dodam,że używam Avasta 5,jako głównego anty (nic innego mi nie przyszło do głowy) Panda to po Scan online, i już usunięte..

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2000478354-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE deleted successfully.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
Registry value HKEY_USERS\S-1-5-21-2000478354-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\_uninst_setup_9.0.0.722_16.03.2010_20-33.exe.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:EXPLORER.EXE deleted successfully.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
File C:\autorun.inf not found.
File D:\autorun.inf not found.
E:\AUTOEXEC.BAT moved successfully.
File E:\autorun.inf not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\AutoRun.ini scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c52e2b6-8da9-11de-a25e-002354ca5cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c52e2b6-8da9-11de-a25e-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c52e2b6-8da9-11de-a25e-002354ca5cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c52e2b6-8da9-11de-a25e-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e65b0c7-bede-11de-a29e-002354ca5cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e65b0c7-bede-11de-a29e-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e65b0c7-bede-11de-a29e-002354ca5cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e65b0c7-bede-11de-a29e-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4af38dc0-7db7-11de-8bbd-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4af38dc0-7db7-11de-8bbd-806d6172696f}\ not found.
File rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4af38dc1-7db7-11de-8bbd-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4af38dc1-7db7-11de-8bbd-806d6172696f}\ not found.
File rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4af38dc2-7db7-11de-8bbd-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4af38dc2-7db7-11de-8bbd-806d6172696f}\ not found.
File rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e356fb6-b36c-11de-a285-002354ca5cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e356fb6-b36c-11de-a285-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e356fb6-b36c-11de-a285-002354ca5cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e356fb6-b36c-11de-a285-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f513542-9344-11de-a262-002354ca5cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f513542-9344-11de-a262-002354ca5cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f513542-9344-11de-a262-002354ca5cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f513542-9344-11de-a262-002354ca5cb9}\ not found.
File K:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f513543-9344-11de-a262-002354ca5cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f513543-9344-11de-a262-002354ca5cb9}\ not found.
File M:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f513543-9344-11de-a262-002354ca5cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f513543-9344-11de-a262-002354ca5cb9}\ not found.
File M:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{987a8d6a-e412-11de-a2de-002354ca5cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{987a8d6a-e412-11de-a2de-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{987a8d6a-e412-11de-a2de-002354ca5cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{987a8d6a-e412-11de-a2de-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6cd4a16-81e7-11de-a245-002354ca5cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6cd4a16-81e7-11de-a245-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6cd4a16-81e7-11de-a245-002354ca5cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6cd4a16-81e7-11de-a245-002354ca5cb9}\ not found.
File K:\rx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0a91af4-86bf-11de-a252-002354ca5cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a91af4-86bf-11de-a252-002354ca5cb9}\ not found.
File K:\22yj2fy1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0a91af4-86bf-11de-a252-002354ca5cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a91af4-86bf-11de-a252-002354ca5cb9}\ not found.
File K:\22yj2fy1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\LaunchU3.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\EXPLORER.EXE not found.
File\Folder C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\_uninst_setup_9.0.0.722_16.03.2010_20-33.exe.lnk not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Właściciel
->Temp folder emptied: 84886343 bytes
->Temporary Internet Files folder emptied: 13534441 bytes
->FireFox cache emptied: 86520754 bytes
->Flash cache emptied: 1609 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3822892 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1818497 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 182,00 mb


OTL by OldTimer - Version 3.1.37.2 log created on 03222010_171940

Files\Folders moved on Reboot...
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\AutoRun.ini scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


[wojtas]

Czynności końcowe :

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )


Zaktualizuj zabezpieczenia:
>>> Adobe Reader 9.3
>>> Internet Explorer 8
>>> Java™ 6 Update 18

[Przem_as_Pat]

Pojechałem Wojtas z tym koksem z góry w dół, według twojego Planu działania 1-4 z tym,że zastanawiałem się chwilkę w którym momencie Wyłączyć przywracanie systemu.. No ale Zrobiłem to Według 1-4

Jakby tu zastrzeżenia to proszę o poprawkę..

Wszystkimi tymi prog`ami objechałem sys, Maleware znalazł 1 syfek to Ja go No i chyba czyścioch w końcu jest..

Kolega lamar z opiniował Avasta jako kicha,a teraz patrze wogóle ,że jogo Post wcięło..


Dzięki póki co Wojtas za pomoc, nie pierwszą oczywiście bezcenną,a na marginesie to chciałbym zobaczyć was Chłopaki co wy NAPRAWDĘ potraficie z kompem..


P.S - Czy mógłbym prosić o jakiś namiar na Antyvir`a, (może być nawet bezpłatny, nie obrażę się) który jest w Opinii większości jako 'Dobry" ?

Dodano 22.03.2010 22:15:44:
Aaaa.. Miałem jeszcze.. Opuściłem akualizację Internet Explorer 8,bo Mozilli używam,to raczej wtedy nie potrzebne mi,ale gdyby,to również proszę o poprawę..

[lamar]

Opuściłem akualizację Internet Explorer 8,bo Mozilli używam

Mimo to zaktualizuj go
Antywirus najlepiej NOD32 albo Comodo Internet Security.I ciekawe kto wyrąbał stąd mój post...