Mam problem. Formatowałem ostatnio parę razy komputer i instalowałem windowsa od nowa i za każdym razem po drugim albo trzecim włączeniu wyskakuje komunikat, że edytor rejestru został wyłączony przez administratora co wiąże się z tym, iż nie mogę włączyć żadnych programów oprócz firefoxa. Skanowałem komputer już paroma programami jak Dr Web Curelt, VirusRemover czy Hijackthis.
Wklejam log z GMER-a
- Kod: Zaznacz wszystko
Rootkit scan 2011-01-31 16:29:43
Windows 5.1.2600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK100-24
Running: 9pk4susd.exe; Driver: C:\DOCUME~1\Trojan\USTAWI~1\Temp\kxryrfow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7F9C360, 0x242F9E, 0xE8000020]
? C:\WINDOWS\System32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[484] ntdll.dll!LdrLoadDll 77F569D2 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[484] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\Program Files\Mozilla Firefox\firefox.exe[484] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\Program Files\Mozilla Firefox\firefox.exe[484] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\Program Files\Mozilla Firefox\firefox.exe[484] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\system32\winlogon.exe[520] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\system32\services.exe[564] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\system32\lsass.exe[576] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\System32\svchost.exe[776] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\System32\svchost.exe[776] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\System32\svchost.exe[776] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\System32\svchost.exe[776] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\system32\spoolsv.exe[1172] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\system32\spoolsv.exe[1172] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\system32\spoolsv.exe[1172] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\system32\spoolsv.exe[1172] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\System32\nvsvc32.exe[1272] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\System32\nvsvc32.exe[1272] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\System32\nvsvc32.exe[1272] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\System32\nvsvc32.exe[1272] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.reloc C:\WINDOWS\Explorer.EXE[1440] C:\WINDOWS\Explorer.EXE section is executable [0x010F3000, 0xA600, 0xE2000060]
.reloc C:\WINDOWS\Explorer.EXE[1440] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x010F6600]
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\System32\Cilevb.com[1532] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\System32\Cilevb.com[1532] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\System32\Cilevb.com[1532] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\System32\Cilevb.com[1532] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\System32\ymcsxrv.exe[1540] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\System32\ymcsxrv.exe[1540] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\System32\ymcsxrv.exe[1540] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\System32\ymcsxrv.exe[1540] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\System32\RUNDLL32.EXE[1564] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\System32\RUNDLL32.EXE[1564] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\System32\RUNDLL32.EXE[1564] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\System32\RUNDLL32.EXE[1564] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\System32\ctfmon.exe[1572] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\System32\ctfmon.exe[1572] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\System32\ctfmon.exe[1572] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\System32\ctfmon.exe[1572] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\Program Files\Messenger\msmsgs.exe[1580] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\Program Files\Messenger\msmsgs.exe[1580] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\Program Files\Messenger\msmsgs.exe[1580] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1600] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1600] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1600] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1600] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\WINDOWS\system32\NOTEPAD.EXE[3152] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\WINDOWS\system32\NOTEPAD.EXE[3152] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\WINDOWS\system32\NOTEPAD.EXE[3152] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\WINDOWS\system32\NOTEPAD.EXE[3152] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
.text C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie\9pk4susd.exe[3176] ntdll.dll!NtCreateFile 77F7E603 5 Bytes CALL 7FFA1B38
.text C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie\9pk4susd.exe[3176] ntdll.dll!NtCreateProcess 77F7E6A3 5 Bytes CALL 7FFA1B8C
.text C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie\9pk4susd.exe[3176] ntdll.dll!NtCreateProcessEx 77F7E6B3 5 Bytes CALL 7FFA1B99
.text C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie\9pk4susd.exe[3176] ntdll.dll!NtOpenFile 77F7EAF3 5 Bytes CALL 7FFA1B85
---- EOF - GMER 1.0.15 ----
Dodano Dzisiaj, 17:46:
i dwa logi z OTL-a tak jak jest w regulaminie
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2011-01-31 16:35:27 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
511,00 Mb Total Physical Memory | 277,00 Mb Available Physical Memory | 54,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 17,24 Gb Free Space | 88,28% Space Free | Partition Type: NTFS
Drive D: | 55,02 Gb Total Space | 54,95 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive F: | 239,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: XXX-T89516BEMHI | User Name: Trojan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie\9137-[Guru3D.com].exe" = C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie\9137-[Guru3D.com].exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"AQQ" = WapSter AQQ
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ System Events ]
Error - 2011-01-31 10:14:02 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 10:14:30 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 10:14:30 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 10:15:22 | Computer Name = XXX-T89516BEMHI | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys)
z powodu następującego błędu: %%1058
Error - 2011-01-31 11:30:47 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:30:47 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:30:47 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:31:06 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:31:06 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:32:08 | Computer Name = XXX-T89516BEMHI | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys)
z powodu następującego błędu: %%1058
< End of report >
Dodano Dzisiaj, 17:46:
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2011-01-31 16:35:27 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
511,00 Mb Total Physical Memory | 277,00 Mb Available Physical Memory | 54,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 17,24 Gb Free Space | 88,28% Space Free | Partition Type: NTFS
Drive D: | 55,02 Gb Total Space | 54,95 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive F: | 239,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: XXX-T89516BEMHI | User Name: Trojan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie\9137-[Guru3D.com].exe" = C:\Documents and Settings\Trojan\Moje dokumenty\Pobieranie\9137-[Guru3D.com].exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"AQQ" = WapSter AQQ
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ System Events ]
Error - 2011-01-31 10:14:02 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 10:14:30 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 10:14:30 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 10:15:22 | Computer Name = XXX-T89516BEMHI | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys)
z powodu następującego błędu: %%1058
Error - 2011-01-31 11:30:47 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:30:47 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:30:47 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:31:06 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:31:06 | Computer Name = XXX-T89516BEMHI | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.
Error - 2011-01-31 11:32:08 | Computer Name = XXX-T89516BEMHI | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys)
z powodu następującego błędu: %%1058
< End of report >