Nie mozliwe otwarcie folderow i mojego komputera

[christophe]

Czesc tak jak napisalem w temacie mam problem z otwarciem byle jakiego folderu albo np mojego komputera.Klikam jak zawsze i nagle znika pulpit na jakies 4 sek i znow sie pojawia tylko ze wszystkie programy zostaly zamkniete .Ale jesli z pulpitu uruchomie jakis program to dziala.

[Okocza]

christophe, wstaw log z combofixa w tagi 'code'

[christophe]

Kod: Zaznacz wszystko

ComboFix 08-12-31.01 - Administrator 2009-01-01 18:19:25.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.255.145 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Moje dokumenty\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dane aplikacji\Seekmo
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.idx
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.dat
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.txt
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\default.cdf
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.idx
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.dat
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\layout.cdf
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.txt
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\progress.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.res
c:\documents and settings\Administrator\Dane aplikacji\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
c:\documents and settings\All Users\Dane aplikacji\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Dane aplikacji\SeekmoSA
c:\documents and settings\All Users\Dane aplikacji\SeekmoSA\SeekmoSA.dat
c:\documents and settings\All Users\Dane aplikacji\SeekmoSA\SeekmoSA_kyf.dat
c:\documents and settings\All Users\Dane aplikacji\SeekmoSA\SeekmoSAAbout.mht
c:\documents and settings\All Users\Dane aplikacji\SeekmoSA\SeekmoSAau.dat
c:\documents and settings\All Users\Dane aplikacji\SeekmoSA\SeekmoSAEULA.mht
c:\documents and settings\All Users\Menu Start\Online Security Guide.url
c:\documents and settings\All Users\Menu Start\Programy\Seekmo
c:\documents and settings\All Users\Menu Start\Programy\Seekmo\Reset Cursor.lnk
c:\documents and settings\All Users\Menu Start\Programy\Seekmo\Seekmo Customer Support Center.lnk
c:\documents and settings\All Users\Menu Start\Security Troubleshooting.url
c:\windows\system32\dumphive.exe
c:\windows\system32\Fnu8Vsq6.exe.a_a
c:\windows\system32\kdpxs.exe
c:\windows\system32\msxml71.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-12-01 do 2009-01-01  )))))))))))))))))))))))))))))))
.

2009-01-01 13:15 . 2009-01-01 13:15   73,728   --a------   c:\windows\system32\Fnu8Vsq6.exe
2008-12-30 10:07 . 2008-12-30 10:07   <DIR>   d--------   c:\program files\YouTube Downloader
2008-12-29 23:11 . 2006-08-25 04:47   115,880   ---------   c:\windows\system32\pxinsi64.exe
2008-12-29 23:02 . 2008-12-29 23:02   <DIR>   d--------   c:\program files\Free Audio Pack
2008-12-29 22:50 . 2009-01-01 17:56   <DIR>   d--------   c:\program files\YouTube Video Downloader
2008-12-26 22:47 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\foobar2000
2008-12-26 22:47 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\foobar2000
2008-12-26 22:47 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\foobar2000
2008-12-25 19:41 . 2008-12-25 19:41   <DIR>   d--------   c:\program files\LittleFighter2
2008-12-25 19:23 . 2008-12-25 19:23   <DIR>   d--------   c:\documents and settings\Administrator\Dane aplikacji\Wireshark
2008-12-25 18:58 . 2008-12-25 18:58   <DIR>   d--------   c:\program files\foobar2000
2008-12-25 18:58 . 2009-01-01 17:44   <DIR>   d--------   c:\documents and settings\Administrator\Dane aplikacji\foobar2000
2008-12-24 19:43 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\Spyware Terminator
2008-12-24 19:43 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\Spyware Terminator
2008-12-24 19:43 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\Spyware Terminator
2008-12-24 15:24 . 2008-12-24 15:24   <DIR>   d--------   c:\program files\Crawler
2008-12-24 14:04 . 2008-12-24 14:04   <DIR>   d--------   c:\program files\a-squared Free
2008-12-21 21:21 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\Seekmo
2008-12-21 21:21 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\Seekmo
2008-12-21 21:21 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\Seekmo
2008-12-21 21:20 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\ShoppingReport
2008-12-21 21:20 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\ShoppingReport
2008-12-21 21:20 .    <DIR>      c:\documents and settings\budyń\Dane aplikacji\ShoppingReport

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 17:14   ---------   d-----w   c:\program files\Neostrada TP
2009-01-01 15:53   ---------   d-----w   c:\documents and settings\budyń\Dane aplikacji\Skype
2009-01-01 15:53   ---------   d-----w   c:\documents and settings\budyń\Dane aplikacji\Skype
2009-01-01 15:53   ---------   d-----w   c:\documents and settings\budyń\Dane aplikacji\Skype
2009-01-01 15:39   ---------   d-----w   c:\documents and settings\budyń\Dane aplikacji\skypePM
2009-01-01 15:39   ---------   d-----w   c:\documents and settings\budyń\Dane aplikacji\skypePM
2009-01-01 15:39   ---------   d-----w   c:\documents and settings\budyń\Dane aplikacji\skypePM
2009-01-01 12:10   ---------   d-----w   c:\program files\Kalendarz XP
2008-12-28 18:28   ---------   d-----w   c:\program files\Odkurzacz
2008-12-27 20:57   ---------   d-----w   c:\program files\Gadu-Gadu
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"WinampAgent"="d:\winamp !!!!!!\Winamp\winampa.exe" [2006-11-21 35328]
"nwiz"="nwiz.exe" [2002-07-16 c:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2001-09-12 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="d:\prgram files\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2008-02-28 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\[u]0[/u]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 d:\prgram files\Nokia PC Suite 6\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 gwiopm;gwiopm;\??\c:\documents and settings\budyń\Pulpit\TV-SAT\gwiopm.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch   REG_MULTI_SZ      DcomLaunch

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Schedule
Seclogon
Sharedaccess
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
ShellHWDetection

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs


*Newly Created Service* - HELPSVC
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-01 c:\windows\Tasks\At1.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At10.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At11.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At12.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At13.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At14.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At15.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At16.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At17.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At18.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At19.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At2.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At20.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At21.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At22.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At23.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At24.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At3.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At4.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At5.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At6.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At7.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At8.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At9.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{500BCA15-57A7-4eaf-8143-8C619470B13D} - c:\windows\system32\msxml71.dll
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Skan uzupełniający -------
.
IE: Crawler Search - tbr:iemenu
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} -
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\buudg9vp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://neostrada.pl
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 18:22:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*s*NULL*e*NULL*r*NULL*w*NULL*e*NULL*r*NULL*ó*NULL*w*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*u*NULL*|
y*NULL*t*NULL*k*NULL*o*NULL*w*NULL*n*NULL*i*NULL*k*NULL*ó*NULL*w*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*u*NULL*|
y*NULL*t*NULL*k*NULL*o*NULL*w*NULL*n*NULL*i*NULL*k*NULL*ó*NULL*w*NULL* *NULL*d*NULL*l*NULL*a*NULL* *NULL*d*NULL*o*NULL*m*NULL*e*NULL*n*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*o*NULL*d*NULL*g*NULL*l*NULL*
d*NULL* *NULL*z*NULL*d*NULL*a*NULL*r*NULL*z*NULL*e*NULL*D
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*s*NULL*e*NULL*r*NULL*w*NULL*e*NULL*r*NULL*ó*NULL*w*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*u*NULL*|
y*NULL*t*NULL*k*NULL*o*NULL*w*NULL*n*NULL*i*NULL*k*NULL*ó*NULL*w*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*u*NULL*|
y*NULL*t*NULL*k*NULL*o*NULL*w*NULL*n*NULL*i*NULL*k*NULL*ó*NULL*w*NULL* *NULL*d*NULL*l*NULL*a*NULL* *NULL*d*NULL*o*NULL*m*NULL*e*NULL*n*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*o*NULL*d*NULL*g*NULL*l*NULL*
d*NULL* *NULL*z*NULL*d*NULL*a*NULL*r*NULL*z*NULL*e*NULL*D
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*s*NULL*e*NULL*r*NULL*w*NULL*e*NULL*r*NULL*ó*NULL*w*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*u*NULL*|
y*NULL*t*NULL*k*NULL*o*NULL*w*NULL*n*NULL*i*NULL*k*NULL*ó*NULL*w*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*u*NULL*|
y*NULL*t*NULL*k*NULL*o*NULL*w*NULL*n*NULL*i*NULL*k*NULL*ó*NULL*w*NULL* *NULL*d*NULL*l*NULL*a*NULL* *NULL*d*NULL*o*NULL*m*NULL*e*NULL*n*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*o*NULL*d*NULL*g*NULL*l*NULL*
d*NULL* *NULL*z*NULL*d*NULL*a*NULL*r*NULL*z*NULL*e*NULL*D
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\C-Media Wave Device\R*NULL*e*NULL*g*NULL*u*NULL*l*NULL*a*NULL*c*NULL*j*NULL*a*NULL* *NULL*g*NULL*B
o*NULL*[
n*NULL*]
@Security="Inherited"
"LineStates"=hex:00,00,00,00,52,00,65,00,67,00,75,00,6c,00,61,00,63,00,6a,00,\
  61,00,20,00,67,00,42,01,6f,00,5b,01,6e,00,6f,00,5b,01,63,00,69,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,57,00,61,00,76,00,65,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,53,00,\
  79,00,6e,00,74,00,65,00,7a,00,61,00,74,00,6f,00,72,00,20,00,53,00,57,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,4d,00,6f,00,6e,00,6f,00,20,00,49,00,6e,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,04,00,00,00,4d,00,69,00,6b,00,72,00,6f,00,66,00,6f,\
  00,6e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,41,00,75,00,64,00,\
  69,00,6f,00,20,00,43,00,44,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,\
  00,41,00,55,00,58,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,57,00,65,00,6a,00,5b,01,63,00,69,00,65,00,20,00,6c,\
  00,69,00,6e,00,69,00,6f,00,77,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\N*NULL*a*NULL*r*NULL*z*NULL*
d*NULL*z*NULL*i*NULL*a*NULL* *NULL*a*NULL*d*NULL*m*NULL*i*NULL*n*NULL*i*NULL*s*NULL*t*NULL*r*NULL*a*NULL*c*NULL*y*NULL*j*NULL*n*NULL*e*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,56,05,00,00,01,00,00,00,08,00,00,00,be,00,\
  00,00,00,00,00,00,b0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9e,00,32,\
  00,53,04,00,00,94,37,69,a8,20,00,4d,49,43,52,4f,53,7e,31,2e,4c,4e,4b,00,00,\
  74,00,03,00,04,00,ef,be,94,37,69,a8,94,37,69,a8,14,00,00,00,4d,00,69,00,63,\
  00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,2e,00,4e,00,45,00,54,00,20,00,\
  46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,72,00,6b,00,20,00,31,00,2e,00,31,\
  00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,\
  6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,01,\
  00,00,00,1c,00,00,00,00,00,00,00,00,00,b2,00,00,00,01,00,00,00,a4,00,00,00,\
  41,75,67,4d,02,00,00,00,01,00,00,00,92,00,32,00,86,04,00,00,94,37,69,a8,20,\
  00,4d,49,43,52,4f,53,7e,32,2e,4c,4e,4b,00,00,68,00,03,00,04,00,ef,be,94,37,\
  69,a8,94,37,69,a8,14,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
  00,74,00,20,00,2e,00,4e,00,45,00,54,00,20,00,46,00,72,00,61,00,6d,00,65,00,\
  77,00,6f,00,72,00,6b,00,20,00,31,00,2e,00,31,00,20,00,57,00,69,00,7a,00,61,\
  00,72,00,64,00,73,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
  ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,9c,00,00,00,02,00,00,00,8e,\
  00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,00,38,06,00,00,94,37,\
  b9,a4,20,00,50,4f,44,47,4c,44,7e,31,2e,4c,4e,4b,00,00,52,00,03,00,04,00,ef,\
  be,94,37,b9,a4,94,37,b9,a4,14,00,3c,00,50,00,6f,00,64,00,67,00,6c,00,05,01,\
  64,00,20,00,7a,00,64,00,61,00,72,00,7a,00,65,00,44,01,2e,00,6c,00,6e,00,6b,\
  00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,32,39,00,1c,00,\
  0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,88,00,00,\
  00,03,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,00,\
  42,06,00,00,94,37,ba,a4,20,00,55,53,55,47,49,7e,31,2e,4c,4e,4b,00,40,00,03,\
  00,04,00,ef,be,94,37,ba,a4,94,37,ba,a4,14,00,2a,00,55,00,73,00,42,01,75,00,\
  67,00,69,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,\
  6c,2c,2d,32,32,30,35,39,00,1a,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1a,00,\
  00,00,00,00,00,00,00,00,ae,00,00,00,04,00,00,00,a0,00,00,00,41,75,67,4d,02,\
  00,00,00,01,00,00,00,8e,00,32,00,2e,06,00,00,94,37,63,a4,20,00,55,53,55,47,\
  49,53,7e,31,2e,4c,4e,4b,00,00,64,00,03,00,04,00,ef,be,94,37,63,a4,94,37,63,\
  a4,14,00,3c,00,55,00,73,00,42,01,75,00,67,00,69,00,20,00,73,00,6b,00,42,01,\
  61,00,64,00,6f,00,77,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,\
  49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,63,6f,6d,72,65,73,2e,64,6c,\
  6c,2c,2d,36,36,31,00,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,\
  00,00,00,00,00,00,00,aa,00,00,00,05,00,00,00,9c,00,00,00,41,75,67,4d,02,00,\
  00,00,01,00,00,00,8a,00,32,00,42,06,00,00,94,37,b9,a4,20,00,5a,41,52,5a,44,\
  5a,7e,31,2e,4c,4e,4b,00,00,60,00,03,00,04,00,ef,be,94,37,b9,a4,94,37,b9,a4,\
  14,00,4a,00,5a,00,61,00,72,00,7a,00,05,01,64,00,7a,00,61,00,6e,00,69,00,65,\
  00,20,00,6b,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,65,00,6d,00,2e,00,\
  6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,\
  32,33,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,\
  00,00,b8,00,00,00,06,00,00,00,aa,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,\
  00,98,00,32,00,36,06,00,00,94,37,ba,a4,20,00,5a,41,53,41,44,59,7e,31,2e,4c,\
  4e,4b,00,00,6e,00,03,00,04,00,ef,be,94,37,ba,a4,94,37,ba,a4,14,00,58,00,5a,\
  00,61,00,73,00,61,00,64,00,79,00,20,00,7a,00,61,00,62,00,65,00,7a,00,70,00,\
  69,00,65,00,63,00,7a,00,65,00,44,01,20,00,6c,00,6f,00,6b,00,61,00,6c,00,6e,\
  00,79,00,63,00,68,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,\
  2e,64,6c,6c,2c,2d,32,32,30,34,30,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,\
  00,1c,00,00,00,00,00,00,00,00,00,a6,00,00,00,07,00,00,00,98,00,00,00,41,75,\
  67,4d,02,00,00,00,01,00,00,00,86,00,32,00,3c,06,00,00,94,37,b9,a4,20,00,52,\
  44,41,44,41,4e,7e,31,2e,4c,4e,4b,00,00,5c,00,03,00,04,00,ef,be,94,37,b9,a4,\
  94,37,b9,a4,14,00,46,00,79,01,72,00,f3,00,64,00,42,01,61,00,20,00,64,00,61,\
  00,6e,00,79,00,63,00,68,00,20,00,28,00,4f,00,44,00,42,00,43,00,29,00,2e,00,\
  6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,\
  32,35,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,\
  00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Odkurzacz\M*NULL*o*NULL*d*NULL*u*NULL*B
y*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,ba,03,00,00,01,00,00,00,06,00,00,00,8c,00,\
  00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,\
  00,bd,02,00,00,7d,39,89,74,20,00,4d,45,4e,45,44,45,7e,31,2e,4c,4e,4b,00,00,\
  42,00,03,00,04,00,ef,be,7d,39,89,74,7d,39,89,74,14,00,00,00,4d,00,65,00,6e,\
  00,65,00,64,00,7c,01,65,00,72,00,20,00,52,00,65,00,6a,00,65,00,73,00,74,00,\
  72,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
  00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,00,01,00,00,00,8a,00,00,00,\
  41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,dc,02,00,00,7d,39,89,74,20,\
  00,4d,4f,4e,49,54,4f,7e,31,2e,4c,4e,4b,00,00,4e,00,03,00,04,00,ef,be,7d,39,\
  89,74,7d,39,89,74,14,00,00,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,20,\
  00,43,00,7a,00,79,00,73,00,74,00,6f,00,5b,01,63,00,69,00,20,00,44,00,79,00,\
  73,00,6b,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
  be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ac,00,00,00,02,00,00,00,9e,00,\
  00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8c,00,32,00,c4,02,00,00,7d,39,89,\
  74,20,00,4d,4f,4e,49,54,4f,7e,32,2e,4c,4e,4b,00,00,62,00,03,00,04,00,ef,be,\
  7d,39,89,74,7d,39,89,74,14,00,00,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,\
  00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,61,00,63,00,6a,00,69,00,20,00,\
  4f,00,70,00,72,00,6f,00,67,00,72,00,61,00,6d,00,6f,00,77,00,61,00,6e,00,69,\
  00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
  00,00,1c,00,00,00,00,00,00,00,00,00,a2,00,00,00,03,00,00,00,94,00,00,00,41,\
  75,67,4d,02,00,00,00,01,00,00,00,82,00,32,00,c8,02,00,00,7d,39,89,74,20,00,\
  4d,4f,4e,49,54,4f,7e,33,2e,4c,4e,4b,00,00,58,00,03,00,04,00,ef,be,7d,39,89,\
  74,7d,39,89,74,14,00,00,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,20,00,\
  50,00,6f,00,72,00,7a,00,75,00,63,00,6f,00,6e,00,79,00,63,00,68,00,20,00,46,\
  00,6f,00,6c,00,64,00,65,00,72,00,f3,00,77,00,2e,00,6c,00,6e,00,6b,00,00,00,\
  1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,9c,\
  00,00,00,04,00,00,00,8e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,\
  32,00,cc,02,00,00,7d,39,89,74,20,00,53,5a,59,42,4b,49,7e,31,2e,4c,4e,4b,00,\
  00,52,00,03,00,04,00,ef,be,7d,39,89,74,7d,39,89,74,14,00,00,00,53,00,7a,00,\
  79,00,62,00,6b,00,69,00,65,00,20,00,43,00,7a,00,79,00,73,00,7a,00,63,00,7a,\
  00,65,00,6e,00,69,00,65,00,20,00,44,00,79,00,73,00,6b,00,75,00,2e,00,6c,00,\
  6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,\
  00,00,00,00,00,a0,00,00,00,05,00,00,00,92,00,00,00,41,75,67,4d,02,00,00,00,\
  01,00,00,00,80,00,32,00,d8,02,00,00,7d,39,89,74,20,00,55,53,55,57,41,4e,7e,\
  31,2e,4c,4e,4b,00,00,56,00,03,00,04,00,ef,be,7d,39,89,74,7d,39,89,74,14,00,\
  00,00,55,00,73,00,75,00,77,00,61,00,6e,00,69,00,65,00,20,00,5a,00,61,00,62,\
  00,6c,00,6f,00,6b,00,6f,00,77,00,79,00,63,00,68,00,20,00,50,00,6c,00,69,00,\
  6b,00,f3,00,77,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
  be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Akcesoria\N*NULL*a*NULL*r*NULL*z*NULL*
d*NULL*z*NULL*i*NULL*a*NULL* *NULL*s*NULL*y*NULL*s*NULL*t*NULL*e*NULL*m*NULL*o*NULL*w*NULL*e*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,b0,00,00,00,01,00,00,00,01,00,00,00,a4,00,\
  00,00,00,00,00,00,96,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,84,00,32,\
  00,d9,06,00,00,94,37,98,a4,20,00,5a,41,50,4c,41,4e,7e,31,2e,4c,4e,4b,00,00,\
  5a,00,03,00,04,00,ef,be,94,37,98,a4,94,37,98,a4,14,00,44,00,5a,00,61,00,70,\
  00,6c,00,61,00,6e,00,6f,00,77,00,61,00,6e,00,65,00,20,00,7a,00,61,00,64,00,\
  61,00,6e,00,69,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,\
  32,2e,64,6c,6c,2c,2d,32,32,30,35,38,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
  00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\N*NULL*a*NULL*r*NULL*z*NULL*
d*NULL*z*NULL*i*NULL*a*NULL* *NULL*a*NULL*d*NULL*m*NULL*i*NULL*n*NULL*i*NULL*s*NULL*t*NULL*r*NULL*a*NULL*c*NULL*y*NULL*j*NULL*n*NULL*e*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,56,05,00,00,01,00,00,00,08,00,00,00,be,00,\
  00,00,00,00,00,00,b0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9e,00,32,\
  00,53,04,00,00,94,37,69,a8,20,00,4d,49,43,52,4f,53,7e,31,2e,4c,4e,4b,00,00,\
  74,00,03,00,04,00,ef,be,94,37,69,a8,94,37,69,a8,14,00,00,00,4d,00,69,00,63,\
  00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,2e,00,4e,00,45,00,54,00,20,00,\
  46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,72,00,6b,00,20,00,31,00,2e,00,31,\
  00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,\
  6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,01,\
  00,00,00,1c,00,00,00,00,00,00,00,00,00,b2,00,00,00,01,00,00,00,a4,00,00,00,\
  41,75,67,4d,02,00,00,00,01,00,00,00,92,00,32,00,86,04,00,00,94,37,69,a8,20,\
  00,4d,49,43,52,4f,53,7e,32,2e,4c,4e,4b,00,00,68,00,03,00,04,00,ef,be,94,37,\
  69,a8,94,37,69,a8,14,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
  00,74,00,20,00,2e,00,4e,00,45,00,54,00,20,00,46,00,72,00,61,00,6d,00,65,00,\
  77,00,6f,00,72,00,6b,00,20,00,31,00,2e,00,31,00,20,00,57,00,69,00,7a,00,61,\
  00,72,00,64,00,73,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
  ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,9c,00,00,00,02,00,00,00,8e,\
  00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,00,38,06,00,00,94,37,\
  b9,a4,20,00,50,4f,44,47,4c,44,7e,31,2e,4c,4e,4b,00,00,52,00,03,00,04,00,ef,\
  be,94,37,b9,a4,94,37,b9,a4,14,00,3c,00,50,00,6f,00,64,00,67,00,6c,00,05,01,\
  64,00,20,00,7a,00,64,00,61,00,72,00,7a,00,65,00,44,01,2e,00,6c,00,6e,00,6b,\
  00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,32,39,00,1c,00,\
  0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,00,00,88,00,00,\
  00,03,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,00,\
  42,06,00,00,94,37,ba,a4,20,00,55,53,55,47,49,7e,31,2e,4c,4e,4b,00,40,00,03,\
  00,04,00,ef,be,94,37,ba,a4,94,37,ba,a4,14,00,2a,00,55,00,73,00,42,01,75,00,\
  67,00,69,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,\
  6c,2c,2d,32,32,30,35,39,00,1a,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1a,00,\
  00,00,00,00,00,00,00,00,ae,00,00,00,04,00,00,00,a0,00,00,00,41,75,67,4d,02,\
  00,00,00,01,00,00,00,8e,00,32,00,2e,06,00,00,94,37,63,a4,20,00,55,53,55,47,\
  49,53,7e,31,2e,4c,4e,4b,00,00,64,00,03,00,04,00,ef,be,94,37,63,a4,94,37,63,\
  a4,14,00,3c,00,55,00,73,00,42,01,75,00,67,00,69,00,20,00,73,00,6b,00,42,01,\
  61,00,64,00,6f,00,77,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,40,43,3a,5c,57,\
  49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,63,6f,6d,72,65,73,2e,64,6c,\
  6c,2c,2d,36,36,31,00,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,\
  00,00,00,00,00,00,00,aa,00,00,00,05,00,00,00,9c,00,00,00,41,75,67,4d,02,00,\
  00,00,01,00,00,00,8a,00,32,00,42,06,00,00,94,37,b9,a4,20,00,5a,41,52,5a,44,\
  5a,7e,31,2e,4c,4e,4b,00,00,60,00,03,00,04,00,ef,be,94,37,b9,a4,94,37,b9,a4,\
  14,00,4a,00,5a,00,61,00,72,00,7a,00,05,01,64,00,7a,00,61,00,6e,00,69,00,65,\
  00,20,00,6b,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,65,00,6d,00,2e,00,\
  6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,\
  32,33,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,\
  00,00,b8,00,00,00,06,00,00,00,aa,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,\
  00,98,00,32,00,36,06,00,00,94,37,ba,a4,20,00,5a,41,53,41,44,59,7e,31,2e,4c,\
  4e,4b,00,00,6e,00,03,00,04,00,ef,be,94,37,ba,a4,94,37,ba,a4,14,00,58,00,5a,\
  00,61,00,73,00,61,00,64,00,79,00,20,00,7a,00,61,00,62,00,65,00,7a,00,70,00,\
  69,00,65,00,63,00,7a,00,65,00,44,01,20,00,6c,00,6f,00,6b,00,61,00,6c,00,6e,\
  00,79,00,63,00,68,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,\
  2e,64,6c,6c,2c,2d,32,32,30,34,30,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,\
  00,1c,00,00,00,00,00,00,00,00,00,a6,00,00,00,07,00,00,00,98,00,00,00,41,75,\
  67,4d,02,00,00,00,01,00,00,00,86,00,32,00,3c,06,00,00,94,37,b9,a4,20,00,52,\
  44,41,44,41,4e,7e,31,2e,4c,4e,4b,00,00,5c,00,03,00,04,00,ef,be,94,37,b9,a4,\
  94,37,b9,a4,14,00,46,00,79,01,72,00,f3,00,64,00,42,01,61,00,20,00,64,00,61,\
  00,6e,00,79,00,63,00,68,00,20,00,28,00,4f,00,44,00,42,00,43,00,29,00,2e,00,\
  6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,\
  32,35,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1c,00,00,00,00,00,00,00,\
  00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SkaWit\A*NULL*u*NULL*t*NULL*o*NULL*m*NULL*a*NULL*t*NULL*y*NULL*c*NULL*z*NULL*n*NULL*y*NULL* *NULL*W*NULL*y*NULL*B

c*NULL*z*NULL*n*NULL*i*NULL*k*NULL* *NULL*S*NULL*y*NULL*s*NULL*t*NULL*e*NULL*m*NULL*u*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,52,02,00,00,01,00,00,00,03,00,00,00,a6,00,\
  00,00,00,00,00,00,98,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,86,00,32,\
  00,b1,02,00,00,46,2c,a4,83,20,00,41,55,54,4f,4d,41,7e,31,2e,4c,4e,4b,00,00,\
  5c,00,03,00,04,00,ef,be,46,2c,a4,83,46,2c,a4,83,14,00,00,00,41,00,75,00,74,\
  00,6f,00,6d,00,61,00,74,00,79,00,63,00,7a,00,6e,00,79,00,20,00,57,00,79,00,\
  42,01,05,01,63,00,7a,00,6e,00,69,00,6b,00,20,00,53,00,79,00,73,00,74,00,65,\
  00,6d,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
  00,00,00,00,1c,00,00,00,00,00,00,00,00,00,d2,00,00,00,01,00,00,00,c4,00,00,\
  00,41,75,67,4d,02,00,00,00,01,00,00,00,b2,00,32,00,b8,02,00,00,46,2c,a4,83,\
  20,00,44,45,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,88,00,03,00,04,00,ef,be,46,\
  2c,a4,83,46,2c,a4,83,14,00,00,00,44,00,65,00,69,00,6e,00,73,00,74,00,61,00,\
  6c,00,61,00,63,00,6a,00,61,00,20,00,70,00,72,00,6f,00,67,00,72,00,61,00,6d,\
  00,75,00,20,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,79,00,63,00,7a,00,\
  6e,00,79,00,20,00,57,00,79,00,42,01,05,01,63,00,7a,00,6e,00,69,00,6b,00,20,\
  00,53,00,79,00,73,00,74,00,65,00,6d,00,75,00,2e,00,6c,00,6e,00,6b,00,00,00,\
  1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ce,\
  00,00,00,02,00,00,00,c0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,ae,00,\
  32,00,ff,01,00,00,46,2c,a4,83,20,00,53,54,52,4f,4e,41,7e,31,2e,4c,4e,4b,00,\
  00,84,00,03,00,04,00,ef,be,46,2c,a4,83,46,2c,a4,83,14,00,00,00,53,00,74,00,\
  72,00,6f,00,6e,00,61,00,20,00,57,00,57,00,57,00,20,00,70,00,72,00,6f,00,67,\
  00,72,00,61,00,6d,00,75,00,20,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,\
  79,00,63,00,7a,00,6e,00,79,00,20,00,57,00,79,00,42,01,05,01,63,00,7a,00,6e,\
  00,69,00,6b,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,75,00,2e,00,6c,00,\
  6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,\
  00,00,00,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*s*NULL*e*NULL*r*NULL*w*NULL*e*NULL*r*NULL*ó*NULL*w*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*u*NULL*|
y*NULL*t*NULL*k*NULL*o*NULL*w*NULL*n*NULL*i*NULL*k*NULL*ó*NULL*w*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\M*NULL*e*NULL*n*NULL*e*NULL*d*NULL*|
e*NULL*r*NULL* *NULL*u*NULL*|
y*NULL*t*NULL*k*NULL*o*NULL*w*NULL*n*NULL*i*NULL*k*NULL*ó*NULL*w*NULL* *NULL*d*NULL*l*NULL*a*NULL* *NULL*d*NULL*o*NULL*m*NULL*e*NULL*n*NULL*]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_USERS\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Network\P*NULL*o*NULL*d*NULL*g*NULL*l*NULL*
d*NULL* *NULL*z*NULL*d*NULL*a*NULL*r*NULL*z*NULL*e*NULL*D
]
@Security="Inherited"
"SaveSettings"="1"

[HKEY_LOCAL_MACHINE\software\Classes\batfile\shell\M*NULL*o*NULL*n*NULL*i*NULL*t*NULL*o*NULL*r*NULL*u*NULL*j*NULL* *NULL*I*NULL*n*NULL*s*NULL*t*NULL*a*NULL*l*NULL*a*NULL*c*NULL*j*NULL*
*NULL*P*NULL*r*NULL*o*NULL*g*NULL*r*NULL*a*NULL*m*NULL*u*NULL*]
@Owner=S-1-5-21-515967899-113007714-1708537768-1001

[HKEY_LOCAL_MACHINE\software\Classes\batfile\shell\M*NULL*o*NULL*n*NULL*i*NULL*t*NULL*o*NULL*r*NULL*u*NULL*j*NULL* *NULL*I*NULL*n*NULL*s*NULL*t*NULL*a*NULL*l*NULL*a*NULL*c*NULL*j*NULL*
*NULL*P*NULL*r*NULL*o*NULL*g*NULL*r*NULL*a*NULL*m*NULL*u*NULL*\command]
@Security="Inherited"
@="c:\\Program Files\\Odkurzacz\\odk_mio.exe %1"

[HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\M*NULL*o*NULL*n*NULL*i*NULL*t*NULL*o*NULL*r*NULL*u*NULL*j*NULL* *NULL*I*NULL*n*NULL*s*NULL*t*NULL*a*NULL*l*NULL*a*NULL*c*NULL*j*NULL*
*NULL*P*NULL*r*NULL*o*NULL*g*NULL*r*NULL*a*NULL*m*NULL*u*NULL*]
@Owner=S-1-5-21-515967899-113007714-1708537768-1001

[HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\M*NULL*o*NULL*n*NULL*i*NULL*t*NULL*o*NULL*r*NULL*u*NULL*j*NULL* *NULL*I*NULL*n*NULL*s*NULL*t*NULL*a*NULL*l*NULL*a*NULL*c*NULL*j*NULL*
*NULL*P*NULL*r*NULL*o*NULL*g*NULL*r*NULL*a*NULL*m*NULL*u*NULL*\command]
@Security="Inherited"
@="c:\\Program Files\\Odkurzacz\\odk_mio.exe %1"

[HKEY_LOCAL_MACHINE\software\Classes\Msi.Package\shell\M*NULL*o*NULL*n*NULL*i*NULL*t*NULL*o*NULL*r*NULL*u*NULL*j*NULL* *NULL*I*NULL*n*NULL*s*NULL*t*NULL*a*NULL*l*NULL*a*NULL*c*NULL*j*NULL*
*NULL*P*NULL*r*NULL*o*NULL*g*NULL*r*NULL*a*NULL*m*NULL*u*NULL*]
@Owner=S-1-5-21-515967899-113007714-1708537768-1001

[HKEY_LOCAL_MACHINE\software\Classes\Msi.Package\shell\M*NULL*o*NULL*n*NULL*i*NULL*t*NULL*o*NULL*r*NULL*u*NULL*j*NULL* *NULL*I*NULL*n*NULL*s*NULL*t*NULL*a*NULL*l*NULL*a*NULL*c*NULL*j*NULL*
*NULL*P*NULL*r*NULL*o*NULL*g*NULL*r*NULL*a*NULL*m*NULL*u*NULL*\command]
@Security="Inherited"
@="c:\\Program Files\\Odkurzacz\\odk_mio.exe %1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\A*NULL*u*NULL*t*NULL*o*NULL*m*NULL*a*NULL*t*NULL*y*NULL*c*NULL*z*NULL*n*NULL*y*NULL* *NULL*W*NULL*y*NULL*B

c*NULL*z*NULL*n*NULL*i*NULL*k*NULL* *NULL*S*NULL*y*NULL*s*NULL*t*NULL*e*NULL*m*NULL*u*NULL*_*NULL*i*NULL*s*NULL*1*NULL*]
@Security="Inherited"
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,40,14,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
  61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,6b,00,61,00,57,\
  00,69,00,74,00,5c,00,41,00,57,00,53,00,5c,00,41,00,57,00,53,00,20,00,32,00,\
  2e,00,30,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Hints\b*NULL*u*NULL*d*NULL*y*NULL*D
]
@Owner=Administrator
@Allowed: (2) (S-1-5-21-515967899-113007714-1708537768-1001)
"PictureSource"="d:\\17.02.2007\\IMG_0047.JPG"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\A*NULL*u*NULL*t*NULL*o*NULL*m*NULL*a*NULL*t*NULL*y*NULL*c*NULL*z*NULL*n*NULL*y*NULL* *NULL*W*NULL*y*NULL*B

c*NULL*z*NULL*n*NULL*i*NULL*k*NULL* *NULL*S*NULL*y*NULL*s*NULL*t*NULL*e*NULL*m*NULL*u*NULL*_*NULL*i*NULL*s*NULL*1*NULL*]
@Owner=S-1-5-21-515967899-113007714-1708537768-1001
"Inno Setup: Setup Version"="5.1.8"
"Inno Setup: App Path"="c:\\Program Files\\SkaWit\\AWS"
"InstallLocation"="c:\\Program Files\\SkaWit\\AWS\\"
"Inno Setup: Icon Group"="SkaWit\\Automatyczny Wyłącznik Systemu"
"Inno Setup: User"="budyń"
"Inno Setup: Selected Tasks"="desktopicon"
"Inno Setup: Deselected Tasks"="quicklaunchicon"
"DisplayName"="Automatyczny Wyłącznik Systemu 2.0"
"UninstallString"="\"c:\\Program Files\\SkaWit\\AWS\\unins000.exe\""
"QuietUninstallString"="\"c:\\Program Files\\SkaWit\\AWS\\unins000.exe\" /SILENT"
"Publisher"="SkaWit - Witold Skałka"
"URLInfoAbout"="http://www.skawit.com"
"HelpLink"="http://www.skawit.com"
"URLUpdateInfo"="http://www.skawit.com"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallDate"="20020206"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\a-squared Free\a2service.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-01 18:24:12 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-01-01 17:24:09

Przed: 4,245,549,056 bajt˘w wolnych
Po: 4,246,568,960 bajt˘w wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

661


[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[christophe]

combo wczesniej znalazl i usuna rootkit'a

hijack

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:59, on 2009-01-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Neostrada TP\Watch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\winamp !!!!!!\Winamp\winampa.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\prgram files\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\prgram files\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4969 bytes


Kod: Zaznacz wszystko


ComboFix 08-12-31.01 - Administrator 2009-01-01 22:26:39.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.255.98 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Moje dokumenty\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\budyä\Ustawienia lokalne\Temporary Internet Files\

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-12-01 do 2009-01-01  )))))))))))))))))))))))))))))))
.

2009-01-01 13:15 . 2009-01-01 13:15   73,728   --a------   c:\windows\system32\Fnu8Vsq6.exe
2008-12-30 10:07 . 2008-12-30 10:07   <DIR>   d--------   c:\program files\YouTube Downloader
2008-12-29 23:11 . 2006-08-25 04:47   115,880   ---------   c:\windows\system32\pxinsi64.exe
2008-12-29 23:02 . 2008-12-29 23:02   <DIR>   d--------   c:\program files\Free Audio Pack
2008-12-29 22:50 . 2009-01-01 17:56   <DIR>   d--------   c:\program files\YouTube Video Downloader
2008-12-25 19:41 . 2008-12-25 19:41   <DIR>   d--------   c:\program files\LittleFighter2
2008-12-25 19:23 . 2008-12-25 19:23   <DIR>   d--------   c:\documents and settings\Administrator\Dane aplikacji\Wireshark
2008-12-25 18:58 . 2008-12-25 18:58   <DIR>   d--------   c:\program files\foobar2000
2008-12-25 18:58 . 2009-01-01 22:05   <DIR>   d--------   c:\documents and settings\Administrator\Dane aplikacji\foobar2000
2008-12-24 15:24 . 2008-12-24 15:24   <DIR>   d--------   c:\program files\Crawler
2008-12-24 14:04 . 2008-12-24 14:04   <DIR>   d--------   c:\program files\a-squared Free

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 21:05   ---------   d-----w   c:\program files\Kalendarz XP
2009-01-01 20:50   ---------   d-----w   c:\program files\Neostrada TP
2009-01-01 18:34   ---------   d-----w   c:\program files\Gadu-Gadu
2008-12-28 18:28   ---------   d-----w   c:\program files\Odkurzacz
.

(((((((((((((((((((((((((((((   snapshot@2009-01-01_18.23.01.39   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-16 23:05:04   163,328   ----a-w   c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-07 14:27:04   163,328   ----a-w   c:\windows\ERUNT\SDFIX\ERDNT.EXE
- 2002-02-08 00:18:53   2,412,544   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-01-01 21:07:46   2,412,544   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
- 2002-02-08 00:18:53   8,192   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2009-01-01 21:07:46   8,192   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
- 2009-01-01 16:58:17   43,260   ----a-w   c:\windows\system32\perfc009.dat
+ 2009-01-01 21:22:04   43,260   ----a-w   c:\windows\system32\perfc009.dat
- 2009-01-01 16:58:17   54,590   ----a-w   c:\windows\system32\perfc015.dat
+ 2009-01-01 21:22:04   54,590   ----a-w   c:\windows\system32\perfc015.dat
- 2009-01-01 16:58:17   346,056   ----a-w   c:\windows\system32\perfh009.dat
+ 2009-01-01 21:22:04   346,056   ----a-w   c:\windows\system32\perfh009.dat
- 2009-01-01 16:58:17   399,908   ----a-w   c:\windows\system32\perfh015.dat
+ 2009-01-01 21:22:04   399,908   ----a-w   c:\windows\system32\perfh015.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"WinampAgent"="d:\winamp !!!!!!\Winamp\winampa.exe" [2006-11-21 35328]
"nwiz"="nwiz.exe" [2002-07-16 c:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2001-09-12 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="d:\prgram files\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2008-02-28 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\[u]0[/u]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 d:\prgram files\Nokia PC Suite 6\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 gwiopm;gwiopm;\??\c:\documents and settings\budyń\Pulpit\TV-SAT\gwiopm.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch   REG_MULTI_SZ      DcomLaunch

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Schedule
Seclogon
Sharedaccess
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
ShellHWDetection

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
Zawartość folderu 'Zaplanowane zadania'

2009-01-01 c:\windows\Tasks\At1.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At10.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At11.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At12.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At13.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At14.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At15.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At16.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At17.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At18.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At19.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At2.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At20.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At21.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At22.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At23.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At24.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At3.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At4.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At5.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At6.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At7.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At8.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]

2009-01-01 c:\windows\Tasks\At9.job
- c:\windows\system32\Fnu8Vsq6.exe [2009-01-01 13:15]
.
.
------- Skan uzupełniający -------
.
IE: Crawler Search - tbr:iemenu
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\buudg9vp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://neostrada.pl
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 22:27:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-01-01 22:28:51
ComboFix-quarantined-files.txt  2009-01-01 21:28:25
ComboFix2.txt  2009-01-01 17:24:13

Przed: 4 256 772 096 bajtów wolnych
Po: 4,252,008,448 bajtów wolnych

215


Kod: Zaznacz wszystko


[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2009-01-01 at 22:09

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 22:21:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]



[wojtas]

odinstaluj Crawler Toolbar

skasuj ten plik:

c:\windows\system32\Fnu8Vsq6.exe

skasuj zawartość tego folderu:

c:\windows\Tasks

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[christophe]

Kod: Zaznacz wszystko

c:\windows\Tasks

niemoge wykasowac zawartosci

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.5.2.6023                              *
*                                                                              *
********************************************************************************

Created at 19:46:05 on Friday, January 02, 2009

Time Zone         :

Logged On User    : Administrator

Operating System  : Microsoft Windows XP Professional Dodatek Service Pack 2
OS Version        : 5.1.2600
System Langauge   : Polish
Keyboard Layout   : Polish
Processor         : X86 AMD Athlon(tm) Processor

System Drive      : C:\
Windows Directory : C:\WINDOWS
System Directory  : C:\WINDOWS\system32

Total Physical Memory : 261616 KB
Free Physical Memory  : 127296 KB
Total Virtual Memory  : 2097024 KB
Free Virtual Memory   : 2021220 KB

Boot State        : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\Documents and Settings\Administrator\Dane aplikacji\Sun\Java\Deployment\cache\javapi\*.*

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Kod: Zaznacz wszystko




--------------------------------------------------------------------------------
RAPORT KASPERSKY ONLINE SCANNER 7.0
piątek, 2 styczeń 2009
System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Friday, January 02, 2009 16:16:52
Liczba wpisów: 1549017
--------------------------------------------------------------------------------

Ustawienia skanowania:
   Typ bazy danych użytej do skanowania: rozszerzona
   Skanuj archiwa: tak
   Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
   A:\
   C:\
   D:\
   E:\
   F:\

Statystyki skanowania:
   Przeskanowanych plików: 22761
   Nazwa zagrożenia: 0
   Zainfekowanych obiektów: 0
   Podejrzanych obiektów: 0
   Czas skanowania: 00:07:23

Nie wykryto zagrożeń. Obszar skanowania jest czysty.

Wybrany obszar został przeskanowany.


A i jeszcze nie ma tak jak by przywracania systemu tutaj niewiem czemu ;?

I jak wpisuje msconfig to wyskakuje blad

System niemoze znalesc pliku msconfig ...

[Okocza]

I jak wpisuje msconfig to wyskakuje blad

ostatnio bardzo częsty błąd...

więc tak, zainstaluj program STARTER i pokaż screen z niego.

[christophe]

o to chodzi ??

[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.