Zablokowany rejestr i menadżer zadań

**Posty:** 330 · przez **Kapucino** 08 Lis 2009, 16:13

Co prawda logi nie z mojego kompa, ale kolega nie ma obecnie dostępu do internetu. Problemy jak w temacie, czyli zablokowany rejest i menadżer zadań. siedzi pewnie pełno syfu, oto logi:
OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2009-11-08 14:21:53 - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Dokumenty i ustawienia\UserX\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,48 Mb Total Physical Memory | 206,50 Mb Available Physical Memory | 46,15% Memory free 1,03 Gb Paging File | 0,87 Gb Available in Paging File | 83,82% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 35,15 Gb Total Space | 31,03 Gb Free Space | 88,27% Space Free | Partition Type: NTFS Drive D: | 39,37 Gb Total Space | 12,70 Gb Free Space | 32,26% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EXTREMEXP Current User Name: UserX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-11-08 14:20:44 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Dokumenty i ustawienia\UserX\Pulpit\OTL.exe PRC - [2009-10-28 18:59:55 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-02-24 12:23:28 | 01,599,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-04-17 12:12:28 | 02,113,536 | ---- | M] (Gadu-Gadu S.A.) -- D:\Programy\Gadu-Gadu\gg.exe PRC - [2003-09-01 22:42:50 | 00,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe PRC - [2003-03-20 19:13:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009-11-08 14:20:44 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Dokumenty i ustawienia\UserX\Pulpit\OTL.exe MOD - [2008-04-14 22:50:32 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:29:10 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2006-12-21 13:30:44 | 00,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Programy\Gadu-Gadu\ggwhook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-08-03 14:28:10 | 00,230,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-04-04 23:49:36 | 00,991,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2003-03-20 19:13:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found -- -- (asc3360pr) DRV - [2023-10-29 15:52:59 | 00,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-04-11 12:47:07 | 00,013,976 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde) DRV - [2009-04-04 23:50:48 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2009-04-04 23:50:46 | 00,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) DRV - [2009-04-04 23:50:18 | 00,084,480 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) DRV - [2008-12-16 21:47:00 | 00,013,976 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2008-10-30 20:10:48 | 00,117,120 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007-04-16 12:46:34 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2003-03-20 19:13:00 | 01,261,418 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2001-12-19 10:45:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\System\CPL Bonus\vcdrom.sys -- (vcdrom) DRV - [2001-10-26 00:00:00 | 00,492,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sbpci.sys -- (sbpci) DRV - [2001-10-24 13:49:16 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT) DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-448539723-507921405-839522115-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-21-448539723-507921405-839522115-500\S-1-5-21-448539723-507921405-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-03 14:24:51 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-03 14:28:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-10-28 19:00:01 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-28 19:00:00 | 00,000,000 | ---D | M] [2009-08-03 14:49:42 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Extensions [2009-08-03 14:49:42 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-10-29 15:34:49 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Firefox\Profiles\i6m6d6bd.default\extensions [2009-08-03 18:53:24 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Firefox\Profiles\i6m6d6bd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009-08-03 14:49:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-10-28 19:00:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-10-28 18:59:55 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009-10-28 18:59:55 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009-10-28 18:59:56 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009-07-15 20:00:25 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-07-15 20:00:25 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-07-15 20:00:25 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009-07-15 20:00:25 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-07-15 20:00:25 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-07-15 20:00:25 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-07-15 20:00:25 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\Programy\FlashGet\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKU\.DEFAULT..\Run: [LClock] C:\Program Files\LClock\LClock.exe () O4 - HKU\S-1-5-18..\Run: [LClock] C:\Program Files\LClock\LClock.exe () O4 - HKU\S-1-5-20..\Run: [LClock] C:\Program Files\LClock\LClock.exe () O4 - HKU\S-1-5-21-448539723-507921405-839522115-500..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation) O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - Startup: C:\Dokumenty i ustawienia\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-448539723-507921405-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: &Download All by FlashGet - D:\Programy\FlashGet\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - D:\Programy\FlashGet\FlashGet universal\ComDlls\Bholink.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 89.174.53.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-08-03 14:14:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2023-10-29 15:53:26 | 00,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Hamachi [2009-11-08 14:20:25 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Dokumenty i ustawienia\UserX\Pulpit\OTL.exe [2009-11-08 14:02:59 | 00,000,000 | ---D | C] -- C:\SDFix [2009-11-08 10:51:12 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009-11-08 10:51:11 | 00,000,000 | ---D | C] -- C:\rsit [2009-11-07 20:08:42 | 00,000,000 | RH-D | C] -- C:\Dokumenty i ustawienia\UserX\Recent [2009-11-06 19:15:37 | 00,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\UserX\Pulpit\Tekken 3 [2009-11-06 19:15:23 | 00,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\UserX\Pulpit\Epsxe 152 [2009-11-03 13:20:22 | 00,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Media Player Classic [2009-10-30 13:34:24 | 00,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\NFS Underground 2 [2009-10-30 13:34:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX [2009-10-28 15:29:40 | 00,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\cache [2009-10-28 15:27:23 | 00,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Nowe Gadu-Gadu [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2023-10-29 15:52:59 | 00,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys [2009-11-08 14:20:44 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Dokumenty i ustawienia\UserX\Pulpit\OTL.exe [2009-11-08 14:10:57 | 00,003,364 | ---- | M] () -- C:\WINDOWS\System32\NOTEPAD.ini [2009-11-08 14:10:42 | 01,835,008 | -H-- | M] () -- C:\Dokumenty i ustawienia\UserX\NTUSER.DAT [2009-11-08 14:08:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-11-08 14:07:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-11-08 10:50:56 | 00,863,829 | ---- | M] () -- C:\Dokumenty i ustawienia\UserX\Pulpit\RSIT.exe [2009-11-07 20:08:45 | 00,000,188 | -HS- | M] () -- C:\Dokumenty i ustawienia\UserX\ntuser.ini [2009-11-07 20:08:41 | 02,637,192 | -H-- | M] () -- C:\Dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-07 19:21:09 | 00,042,496 | ---- | M] () -- C:\Dokumenty i ustawienia\UserX\Pulpit\dsfs.doc [2009-11-06 19:16:13 | 00,000,265 | ---- | M] () -- C:\WINDOWS\system.ini [2009-11-05 14:32:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-10-25 09:49:30 | 01,105,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-10-25 09:49:30 | 00,497,124 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-10-25 09:49:30 | 00,438,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-10-25 09:49:30 | 00,087,426 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-10-25 09:49:30 | 00,069,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-11-08 10:50:38 | 00,863,829 | ---- | C] () -- C:\Dokumenty i ustawienia\UserX\Pulpit\RSIT.exe [2009-11-07 17:52:43 | 00,042,496 | ---- | C] () -- C:\Dokumenty i ustawienia\UserX\Pulpit\dsfs.doc [2009-10-07 18:25:44 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-08-25 16:06:29 | 00,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2009-08-03 16:01:37 | 00,000,062 | -HS- | C] () -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\desktop.ini [2009-08-03 15:03:03 | 02,637,192 | -H-- | C] () -- C:\Dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-03 14:40:39 | 00,003,364 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.ini [2009-08-03 14:39:30 | 00,009,240 | ---- | C] () -- C:\Dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-08-03 14:35:47 | 00,000,062 | -HS- | C] () -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\desktop.ini [2009-08-03 14:29:15 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-08-03 14:29:08 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-08-03 14:29:08 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-08-03 14:29:06 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-08-03 14:29:02 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-08-03 14:29:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006-06-29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006-06-29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006-04-18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006-04-18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2001-07-22 01:16:20 | 00,000,560 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 01:15:52 | 00,000,265 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== LOP Check ==========[/color] [2009-08-03 15:44:48 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\DAEMON Tools Lite [2009-09-12 18:48:53 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\FarmFrenzy3 [2009-08-15 17:02:22 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\BITS [2009-08-03 14:54:18 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Gadu-Gadu [2009-08-05 18:43:48 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\GrassGames [2009-10-28 15:30:29 | 00,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Nowe Gadu-Gadu [2001-07-22 01:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-11-08 14:08:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] < End of report >

RSIT:

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by UserX at 2009-11-08 10:52:59 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 32 GB (88%) free of 36 GB Total RAM: 447 MB (35% free) ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}] FG2CatchUrl - D:\Programy\FlashGet\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-03 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-03 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-03-20 4616192] "nwiz"=nwiz.exe /install [] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"=C:\WINDOWS\system32\NVMCTRAY.DLL [2003-03-20 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe [2007-04-17 2113536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock] C:\Program Files\LClock\LClock.exe [2004-09-19 135168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl] D:\Programy\sandboxie\SbieCtrl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar] C:\Program Files\Vista Rainbar\Rainmeter.exe [2006-01-21 118784] C:\Dokumenty i ustawienia\All Users\Menu Start\Programy\Autostart Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-04-04 133632] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=1 "DisableRegistryTools"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableCAD"=1 "DisableStatusMessages"=1 "SynchronousUserGroupPolicy"=0 "SynchronousMachineGroupPolicy"=0 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMHelp"=1 "ForceClassicControlPanel"=1 "NoSMMyPictures"=1 "NoSMConfigurePrograms"=1 "StartMenuLogoff"=1 "ForceStartMenuLogoff"=0 "NoUserNameInStartMenu"=1 "NoResolveTrack"=1 "NoResolveSearch"=1 "NoSMBalloonTip"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoClose"= "NoStartMenuEjectPC"= "StartMenuLogoff"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Programy\Gadu-Gadu\gg.exe"="D:\Programy\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "D:\Programy\GameSpy\Aphex.exe"="D:\Programy\GameSpy\Aphex.exe:*:Enabled:GameSpy Arcade" "D:\Programy\FlashGet\FlashGet universal\FlashGet.exe"="D:\Programy\FlashGet\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2" "D:\Programy\FlashGet\FlashGet universal\LiveUpdate.exe"="D:\Programy\FlashGet\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate" "D:\Programy\FlashGet\FlashGet universal\LiveUpdateEx.exe"="D:\Programy\FlashGet\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx" "D:\Gry\THPS4\Game\Skate4.exe"="D:\Gry\THPS4\Game\Skate4.exe:*:Enabled:Skate4" "D:\Programy\GG\Nowe Gadu-Gadu\gg.exe"="D:\Programy\GG\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "D:\Gry\LF2\LF2_v2.0a\lf2.exe"="D:\Gry\LF2\LF2_v2.0a\lf2.exe:*:Enabled:lf2" "D:\Gry\LF2B\LF2_B-N.exe"="D:\Gry\LF2B\LF2_B-N.exe:*:Enabled:LF2_B-N" "D:\Gry\Need for Speed Underground 2\speed2.exe"="D:\Gry\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2" "D:\Gry\WWP\WWP\wwp.exe"="D:\Gry\WWP\WWP\wwp.exe:*:Enabled:Worms World Party" "C:\Dokumenty i ustawienia\UserX\Pulpit\Epsxe 152\Epsxe.exe"="C:\Dokumenty i ustawienia\UserX\Pulpit\Epsxe 152\Epsxe.exe:*:Enabled:ipsec" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec" "C:\WINDOWS\system32\nwiz.exe"="C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======File associations====== .reg - open - "regedit.exe" "%1" ======List of files/folders created in the last 1 months====== 2023-10-29 15:53:26 ----D---- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Hamachi 2009-11-08 10:51:12 ----D---- C:\Program Files\trend micro 2009-11-08 10:51:11 ----D---- C:\rsit 2009-11-03 13:20:22 ----D---- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Media Player Classic 2009-10-30 13:34:18 ----D---- C:\Program Files\Common Files\DirectX 2009-10-28 15:27:23 ----D---- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Nowe Gadu-Gadu ======List of files/folders modified in the last 1 months====== 2009-11-08 10:52:42 ----A---- C:\WINDOWS\system32\NOTEPAD.ini 2009-11-08 10:51:12 ----D---- C:\Program Files 2009-11-08 10:43:11 ----D---- C:\WINDOWS\Temp 2009-11-08 10:41:49 ----D---- C:\Program Files\Mozilla Firefox 2009-11-08 10:41:41 ----D---- C:\WINDOWS\system32\drivers 2009-11-07 20:08:47 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-07 13:08:18 ----D---- C:\WINDOWS\Prefetch 2009-11-07 11:22:28 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-06 19:16:13 ----A---- C:\WINDOWS\system.ini 2009-11-03 17:57:43 ----SHD---- C:\WINDOWS\CSC 2009-10-30 13:34:18 ----D---- C:\Program Files\Common Files 2009-10-30 13:02:29 ----D---- C:\WINDOWS 2009-10-28 20:12:53 ----HD---- C:\WINDOWS\inf 2009-10-28 15:28:48 ----SHD---- C:\WINDOWS\Installer 2009-10-28 15:28:44 ----D---- C:\WINDOWS\WinSxS 2009-10-25 09:49:30 ----D---- C:\WINDOWS\system32 2009-10-25 09:49:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdPPM;Sterownik procesora AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792] R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\Program Files\System\CPL Bonus\Vcdrom.sys [] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys [] R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\knrmoi.sys [] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-04-11 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-03-20 1261418] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-10-30 117120] R3 sbpci;Sound Blaster PCI128 Audio Driver (WDM); C:\WINDOWS\system32\drivers\sbpci.sys [2001-10-26 492672] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 VIAudio;Kontroler VIA AC'97 Audio (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2009-04-04 84480] S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2009-04-04 40704] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2023-10-29 17480] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2009-04-04 25856] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-04-04 133632] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-03-20 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-04-04 991744] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-03 230808] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

**Posty:** 433 · przez **Pawsonek** 08 Lis 2009, 17:23

podrzuć logi z combofixa i zainstaluj wraz z nim konsolę odzyskiwania ( [url=http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix]instrukcja do combofixa,

mi kiedyś pomogło skanowanie samym combofixem, ale też jest sposób jeżeli to nie wirus (skanowałeś komputer jakimś anty?)

Tworzymy pusty plik w notatniku i wpisujemy do niego poniższe dane:

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\System]

"DisableRegistryTools"=dword:00000000
[ tutaj naciśnij enter !! ]

Zapisujemy plik jako *.reg, czyli np. Zapisz jako...|odblokuj.reg
Pamiętaj, że ostatnia linijka musi być potwierdzona enterem, inaczej cała instrukcja zostanie zignorowana!

możesz skorzystać jeszcze z instrukcji podanej w tym temacie http://forum.pclab.pl/t379219.html ale nie korzystałem z niej więc nie wypowiadam się, w/w przykłady mi pomogły bez specjalnych sprawdzań loga, pozdrawiam

**Posty:** 330 · przez **Kapucino** 08 Lis 2009, 19:18

Oto log z Combo

Kod: Zaznacz wszystko: ComboFix 09-11-07.04 - UserX 2009-11-08 17:25.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.447.268 [GMT 1:00] Uruchomiony z: c:\dokumenty i ustawienia\UserX\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumenty i ustawienia\UserX\Dane aplikacji\BITS c:\dokumenty i ustawienia\UserX\Dane aplikacji\BITS\BITS.ini c:\dokumenty i ustawienia\UserX\Dane aplikacji\BITS\DHTTable.dat c:\dokumenty i ustawienia\UserX\Dane aplikacji\BITS\ProxyList.ini c:\dokumenty i ustawienia\UserX\Dane aplikacji\BITS\UPnP.ini c:\windows\system32\msconfig.exe c:\windows\system32\srsvc.dll . . . jest zainfekowany!! . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr ((((((((((((((((((((((((( Pliki utworzone od 2009-10-08 do 2009-11-08 ))))))))))))))))))))))))))))))) . 2023-10-29 14:53 . 2009-10-30 16:49 -------- d-----w- c:\dokumenty i ustawienia\UserX\Dane aplikacji\Hamachi 2009-11-08 16:34 . 2009-11-08 16:34 -------- d-----w- c:\windows\system32\wbem\snmp 2009-11-08 16:34 . 2009-11-08 16:34 -------- d-----w- c:\windows\system32\xircom 2009-11-08 16:34 . 2009-11-08 16:34 -------- d-----w- c:\windows\system32\restore 2009-11-08 16:34 . 2009-11-08 16:34 -------- d-----w- c:\windows\srchasst 2009-11-08 16:34 . 2009-11-08 16:34 -------- d-----w- c:\program files\microsoft frontpage 2009-11-08 13:02 . 2008-11-06 01:03 -------- d-----w- C:\SDFix 2009-11-08 09:51 . 2009-11-08 09:53 -------- d-----w- c:\program files\trend micro 2009-11-08 09:51 . 2009-11-08 09:51 -------- d-----w- C:\rsit 2009-11-03 12:20 . 2009-11-03 12:20 -------- d-----w- c:\dokumenty i ustawienia\UserX\Dane aplikacji\Media Player Classic 2009-10-30 12:34 . 2009-10-30 12:36 -------- d-----w- c:\dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\NFS Underground 2 2009-10-30 12:34 . 2009-10-30 12:34 -------- d-----w- c:\program files\Common Files\DirectX 2009-10-28 14:29 . 2009-10-28 14:29 -------- d-----w- c:\dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\cache 2009-10-28 14:27 . 2009-10-28 14:30 -------- d-----w- c:\dokumenty i ustawienia\UserX\Dane aplikacji\Nowe Gadu-Gadu . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2023-10-29 14:52 . 2009-08-03 14:16 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-11-08 15:29 . 2009-08-03 17:53 949712 ----a-w- c:\dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Firefox\Profiles\i6m6d6bd.default\FlashGot.exe 2009-10-25 08:49 . 2001-10-26 18:15 87426 ----a-w- c:\windows\system32\perfc015.dat 2009-10-25 08:49 . 2001-10-26 18:15 497124 ----a-w- c:\windows\system32\perfh015.dat 2009-10-07 17:24 . 2009-10-07 17:24 -------- d-----w- c:\dokumenty i ustawienia\UserX\Dane aplikacji\Microsoft Web Folders 2009-09-30 16:06 . 2009-09-30 16:06 4096 ----a-w- c:\windows\d3dx.dat 2009-09-12 17:48 . 2009-09-12 17:48 -------- d-----w- c:\dokumenty i ustawienia\All Users\Dane aplikacji\FarmFrenzy3 2009-08-31 16:07 . 2009-08-31 16:07 42088 ----a-w- c:\dokumenty i ustawienia\UserX\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-08-31 15:21 . 2009-08-31 15:21 11264 ----a-w- c:\dokumenty i ustawienia\UserX\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ------- Sigcheck ------- [-] 2009-04-11 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-04-11 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll [-] 2009-03-19 . 877E25A38D6392EAA45BDB8C160B1D84 . 2330368 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe [-] 2009-04-07 . D4388DD826021C132C1B95D0F5BB9263 . 643072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2009-04-11 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll [-] 2009-02-24 . 092488D6C2BAEAEC7E9CA00384EFF2FD . 1681408 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2009-03-19 . F20214E9FD2DAA82B0FCDE4B11C06642 . 2207232 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe c:\windows\system32\wuauclt.exe ... - brak elementu !! c:\windows\system32\srsvc.dll ... - brak elementu !! c:\windows\system32\wscntfy.exe ... - brak elementu !! c:\windows\system32\ctfmon.exe ... - brak elementu !! c:\windows\system32\regsvc.dll ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-03-20 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-03-20 4616192] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-03-20 401408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 135168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-11 128512] c:\dokumenty i ustawienia\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 143412] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "DisableStatusMessages"= 1 (0x1) "SynchronousUserGroupPolicy"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuEjectPC"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "StartMenuLogoff"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Programy\\Gadu-Gadu\\gg.exe"= "d:\\Programy\\GameSpy\\Aphex.exe"= "d:\\Programy\\FlashGet\\FlashGet universal\\FlashGet.exe"= "d:\\Gry\\THPS4\\Game\\Skate4.exe"= "d:\\Gry\\LF2\\LF2_v2.0a\\lf2.exe"= "d:\\Gry\\Need for Speed Underground 2\\speed2.exe"= "d:\\Gry\\WWP\\WWP\\wwp.exe"= "c:\\Dokumenty i ustawienia\\UserX\\Pulpit\\Epsxe 152\\Epsxe.exe"= "c:\\WINDOWS\\system32\\nwiz.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"= R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [2009-08-03 8576] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - MBR *NewlyCreated* - VCDROM *Deregistered* - mbr NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Netman Nla NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt xmlprov napagent hkmsvc BITS ShellHWDetection WmdmPmSN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ IE: &Download All by FlashGet - d:\programy\FlashGet\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - d:\programy\FlashGet\FlashGet universal\ComDlls\Bholink.htm FF - ProfilePath - c:\dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Firefox\Profiles\i6m6d6bd.default\ FF - plugin: c:\dokumenty i ustawienia\UserX\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-{758A4269-70E5-4B11-B419-F692882408A9} - d:\gry\Gothic PL\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 17:35 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-448539723-507921405-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,00,ca,49,1d,3a,e0,42,87,8e,f1,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,00,ca,49,1d,3a,e0,42,87,8e,f1,\ [HKEY_USERS\S-1-5-21-448539723-507921405-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E381E64-2F5C-C59F-09C4-F7A7D7880C35}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "panbnjbnaememlolmaddedjefniobgbj"=hex:69,61,67,6b,66,62,6a,61,6b,68,67,70,6e, 69,69,6c,63,6d,00,00 "oalcholjnaoebkcoadbhnepkjfabho"=hex:69,61,67,6b,66,62,6a,61,6b,68,67,70,6e,69, 69,6c,63,6d,00,00 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(704) c:\windows\system32\scecli.dll - - - - - - - > 'explorer.exe'(2524) c:\windows\system32\ntshrui.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Czas ukończenia: 2009-11-08 17:38 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-11-08 16:38 Przed: 33 530 368 000 bajtów wolnych Po: 33 600 114 688 bajtów wolnych - - End Of File - - 4C08F3E279A3C9DB47F6ED4A8E53ADBF

mówi, że nie da sie tego wpisu do rejestru dodać, wyskakuje że zablokowany przez administratora dalej

**Posty:** 18165 · przez **wojtas** 08 Lis 2009, 22:57

1. Pobierz świeży pliki http://www.sendspace.com/file/o4hibb Wypakuj je i bezpośrednio na dysku C;

Otworz notatnik i wklej w nim to:

FCopy::
c:\wuauclt.exe | c:\windows\system32\wuauclt.exe
c:\srsvc.dll | c:\windows\system32\srsvc.dll
c:\wscntfy.exe | c:\windows\system32\wscntfy.exe
c:\ctfmon.exe | c:\windows\system32\ctfmon.exe
c:\regsvc.dll | c:\windows\system32\regsvc.dll

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=-
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,54,00,65,00,72,00,6d,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,\
73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,\
00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,\
6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,78,00,6d,00,6c,\
00,70,00,72,00,6f,00,76,00,00,00,77,00,73,00,63,00,73,00,76,00,63,00,00,00,\
57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Rozpocznie się usuwanie powstanie log. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie ) daj loga z combofixa i raport z Malwarebytes

**Posty:** 330 · przez **Kapucino** 10 Lis 2009, 17:35

combofix rozwalił kupmlowi windowsa, ale juz jest po formacie. mozna zamknąć