michal1992pawlak utworzono 23 marca 2010 utworzono 23 marca 2010 Witam mam problem, a mianowicie coś się stało ostatnio z moim kompe, kiedy wciskam kombinacje alt+ctrl+del to wyskakuje "Menadżer zadań został wyłączony przez administratora", nie mogę nawet wejść w uruchom -> regedit i pisze "Edycja rejestru została wyłączona przez administratora sieci". Czy da się to jakoś naprawić ?
asmodeuszz komentarz 23 marca 2010 komentarz 23 marca 2010 Wrzuć logi z OTL, gdyż najpewniej jest to infekcja.
szaki komentarz 23 marca 2010 komentarz 23 marca 2010 Cyprian ma rację. Spróbuj: start->uruchom->wpisać gpedit.msc i usługach odnaleźć Szablony administracyjne->>SYstem-> Opcje klawiszy CTRL+ALT+DEL -> Usunąć Menedżera zadań-> ustawić na wyłączone Zastosuj->OK
michal1992pawlak komentarz 23 marca 2010 Autor komentarz 23 marca 2010 [log]OTL logfile created on: 2010-03-23 19:49:46 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Dom\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 894,00 Mb Total Physical Memory | 400,00 Mb Available Physical Memory | 45,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 21,82 Gb Free Space | 55,85% Space Free | Partition Type: NTFS Drive D: | 35,46 Gb Total Space | 22,87 Gb Free Space | 64,49% Space Free | Partition Type: NTFS Drive E: | 1,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 696,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS I: Drive not present or media not loaded Computer Name: DOM-680297A355A Current User Name: Dom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 60 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-03-23 19:48:36 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe PRC - [2009-02-06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2009-02-06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2008-10-28 17:45:02 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005-12-06 13:53:30 | 000,819,200 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\neostradatp.exe PRC - [2005-11-22 11:54:18 | 000,249,856 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\ComComp.exe PRC - [2005-08-05 08:15:04 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM305_STI.EXE PRC - [2005-05-17 18:48:32 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2004-11-02 14:31:20 | 000,069,632 | ---- | M] (France Telecom R&D) -- C:\Program Files\neostrada tp\Toaster.exe PRC - [2004-10-27 10:30:44 | 000,032,768 | ---- | M] () -- C:\Program Files\neostrada tp\Inactivity.exe PRC - [2004-10-27 10:07:06 | 000,069,632 | ---- | M] () -- C:\Program Files\neostrada tp\PollingModule.exe PRC - [2004-10-21 07:50:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\AlertModule\AlertModule.exe PRC - [2004-10-05 16:00:12 | 000,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\TaskBarIcon.exe PRC - [2004-08-23 13:49:56 | 000,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe PRC - [2004-08-23 13:49:56 | 000,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\Watch.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-03-23 19:48:36 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe MOD - [2004-10-26 08:49:34 | 000,028,672 | ---- | M] () -- C:\Program Files\neostrada tp\Inactivity.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-02-06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-02-06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2004-08-23 13:49:56 | 000,040,960 | ---- | M] (France Telecom) [Auto | Running] -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-02-09 15:11:17 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009-02-06 14:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi) DRV - [2009-02-06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2009-02-06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw) DRV - [2009-02-06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-02-06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2006-09-19 11:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2006-09-15 11:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys) DRV - [2005-11-30 05:50:14 | 000,392,316 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305) DRV - [2005-08-11 15:04:54 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005-06-22 22:14:22 | 001,198,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005-06-04 05:50:40 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005-05-18 17:50:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005-01-14 17:22:54 | 000,005,504 | ---- | M] (EnE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EKBfltr.sys -- (EKBfltr) DRV - [2004-10-11 12:24:52 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1085031214-1958367476-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl IE - HKU\S-1-5-21-1085031214-1958367476-1801674531-1005\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll () IE - HKU\S-1-5-21-1085031214-1958367476-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl/ig?hl=pl&source=iglk" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-16 16:29:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-13 13:29:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-03-23 18:37:26 | 000,000,000 | ---D | M] [2009-11-07 15:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Extensions [2010-03-23 18:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\ce3hhhhd.default\extensions [2010-03-19 18:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\ce3hhhhd.default\extensions\personas@christopher.beard [2010-03-23 18:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-03-13 13:29:34 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-13 13:29:34 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-13 13:29:34 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-13 13:29:34 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-13 13:29:34 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-13 13:29:34 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE (Vimicro) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1085031214-1958367476-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O7 - HKU\S-1-5-21-1085031214-1958367476-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-1085031214-1958367476-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-07 14:39:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006-09-09 16:06:22 | 000,000,000 | R--D | M] - H:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2006-09-09 16:01:57 | 000,704,512 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2006-09-09 08:13:17 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - H:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2006-09-09 16:05:49 | 000,000,146 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{629d6fec-d106-11de-bce0-4d6564696130}\Shell\AutoRun\command - "" = F:\s1.exe -- File not found O33 - MountPoints2\{629d6fec-d106-11de-bce0-4d6564696130}\Shell\open\Command - "" = F:\s1.exe -- File not found O33 - MountPoints2\{629d6fed-d106-11de-bce0-4d6564696130}\Shell\AutoplAy\COmMand - "" = G:\ivwfxw.cmd -- File not found O33 - MountPoints2\{629d6fed-d106-11de-bce0-4d6564696130}\Shell\AutoRun\command - "" = G:\ivwfxw.cmd -- File not found O33 - MountPoints2\{629d6fed-d106-11de-bce0-4d6564696130}\Shell\ExpLOrE\coMMand - "" = G:\ivwfxw.cmd -- File not found O33 - MountPoints2\{629d6fed-d106-11de-bce0-4d6564696130}\Shell\OpeN\CommAND - "" = G:\ivwfxw.cmd -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2006-09-09 16:01:57 | 000,704,512 | R--- | M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-07 14:38:32 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-03-23 19:48:25 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2010-03-23 19:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET [2010-03-23 18:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Dane aplikacji\ESET [2010-03-23 18:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\ESET [2010-03-23 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010-03-23 18:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-03-20 19:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Dane aplikacji\VSO [2010-03-20 19:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\VSO [2010-03-20 19:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Pulpit\zawody [2010-03-14 18:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-03-14 18:51:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010-03-14 11:20:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010-03-14 11:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl [2010-03-14 11:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010-03-14 11:12:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2010-03-14 11:00:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010-03-14 11:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome [2010-03-06 16:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Dane aplikacji\ipla [2010-03-06 16:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-03-06 16:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\ipla [2010-03-06 16:19:05 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010-03-06 16:19:05 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll [2010-03-06 16:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-03-06 16:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Dane aplikacji\Gadu-Gadu 10 [2010-03-06 16:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2010-02-21 09:55:01 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010-02-21 09:55:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010-02-21 09:55:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010-02-20 10:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Pulpit\TS2W_asnyBiznes [2010-02-09 15:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\EA Games [2010-02-09 15:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Dane aplikacji\DAEMON Tools Pro [2010-02-09 15:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems [2010-02-09 15:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO [2010-02-09 15:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Moje dokumenty\My ISO Files [2010-02-09 15:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Pulpit\The Sims 2 Pets [2010-02-09 15:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-02-09 15:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2010-02-09 15:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-02-09 15:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Dane aplikacji\DAEMON Tools Lite [2010-02-09 15:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Pulpit\Mini Image [2010-02-09 15:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Moje dokumenty\EA Games [2010-02-09 13:45:13 | 000,442,368 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll [2010-02-06 18:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground [2010-02-06 18:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX [2010-02-06 18:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Pulpit\Nowy folder [2010-02-06 18:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Moje dokumenty\FIFA 07 [2009-11-07 14:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-11-07 14:39:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-11-07 14:39:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-03-23 19:48:36 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2010-03-23 19:00:35 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D23AD607-BDE1-46D0-B0D3-333F261151BD}.job [2010-03-23 18:51:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-23 18:51:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-03-23 18:50:14 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Dom\NTUSER.DAT [2010-03-23 18:50:14 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Dom\ntuser.ini [2010-03-23 18:29:50 | 035,367,140 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\ESET_Smart_Security_32bit_Fix_and_Keys.rar [2010-03-23 17:14:26 | 000,000,267 | ---- | M] () -- C:\WINDOWS\system.ini [2010-03-23 17:11:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-22 14:21:17 | 000,946,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-22 14:21:17 | 000,436,560 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-03-22 14:21:17 | 000,380,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-03-22 14:21:17 | 000,067,496 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-03-22 14:21:17 | 000,053,098 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-03-21 18:03:21 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-15 18:57:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-03-14 18:52:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010-03-14 18:50:33 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-03-14 11:11:41 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-03-12 19:14:49 | 003,392,990 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\kalwi & remi - find you.mp31267894818_[mp3.teledyski.info].mp3 [2010-03-07 12:00:28 | 003,365,405 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\david guetta feat. kid cudi - memories.mp31267895118_[mp3.teledyski.info].mp3 [2010-03-07 11:57:02 | 004,065,487 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\jay-z - young forever (featuring mr hudson).mp31267895419_[mp3.teledyski.info].mp3 [2010-03-07 11:49:09 | 003,732,373 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\kazachstar - fristajlooo (village rmx).mp31267898111_[mp3.teledyski.info].mp3 [2010-03-06 16:19:29 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-03-06 16:19:05 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010-03-06 16:19:05 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll [2010-03-05 07:55:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-02-20 11:10:32 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Skrót do Sims2EP3.lnk [2010-02-19 21:55:54 | 005,334,314 | -H-- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-19 17:03:01 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Skrót do Sims2EP4.lnk [2010-02-09 15:11:17 | 000,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-09 15:06:26 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\The Sims 2.lnk [2010-02-06 18:57:25 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Need For Speed Underground.lnk [2010-02-05 11:44:04 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 07.lnk [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-03-23 18:30:32 | 035,511,296 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\ESET Smart Security 4 32bit.msi [2010-03-23 18:30:28 | 000,728,405 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Eset Fix.exe [2010-03-23 18:23:41 | 035,367,140 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\ESET_Smart_Security_32bit_Fix_and_Keys.rar [2010-03-23 17:13:58 | 654,542,848 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\DESPERADO FULL DIVX.avi [2010-03-06 18:45:00 | 003,732,373 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\kazachstar - fristajlooo (village rmx).mp31267898111_[mp3.teledyski.info].mp3 [2010-03-06 18:02:40 | 003,365,405 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\david guetta feat. kid cudi - memories.mp31267895118_[mp3.teledyski.info].mp3 [2010-03-06 18:00:06 | 004,065,487 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\jay-z - young forever (featuring mr hudson).mp31267895419_[mp3.teledyski.info].mp3 [2010-03-06 17:57:40 | 003,392,990 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\kalwi & remi - find you.mp31267894818_[mp3.teledyski.info].mp3 [2010-02-20 11:10:33 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Skrót do Sims2EP3.lnk [2010-02-19 17:03:03 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Skrót do Sims2EP4.lnk [2010-02-09 15:11:16 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-09 15:06:26 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\The Sims 2.lnk [2010-02-06 18:57:25 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Need For Speed Underground.lnk [2010-02-06 18:49:22 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-05 11:44:04 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 07.lnk [2009-11-28 21:26:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-11-07 15:34:56 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-07 15:34:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-11-07 15:34:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-11-07 15:34:51 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-11-07 15:34:51 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-11-07 15:34:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-11-07 15:34:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-11-07 15:19:00 | 000,000,168 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2009-11-07 15:19:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2009-11-07 15:18:54 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2009-11-07 15:18:54 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL [2009-11-07 14:58:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2009-11-07 14:58:44 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2009-11-07 14:44:28 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004-01-14 08:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [color=#E56717]========== LOP Check ==========[/color] [2010-02-09 15:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-03-23 18:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-03-06 16:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-03-06 16:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-02-06 18:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground [2010-03-19 18:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-02-09 15:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\DAEMON Tools Lite [2010-02-09 15:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\DAEMON Tools Pro [2010-03-23 18:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\ESET [2010-03-06 16:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Gadu-Gadu 10 [2010-03-06 16:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\ipla [2009-11-07 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Nowe Gadu-Gadu [2009-11-15 12:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\OpenFM [2009-11-07 15:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Opera [2010-03-20 19:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\VSO [2010-03-23 19:00:35 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D23AD607-BDE1-46D0-B0D3-333F261151BD}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-11-07 14:39:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009-11-07 14:24:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2004-08-04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-11-07 14:39:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-07 15:02:47 | 000,001,404 | ---- | M] () -- C:\FSC-DeskUpdate.txt [2009-11-07 14:39:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-07 14:39:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010-03-14 11:11:41 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-03-23 18:51:21 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys [2009-12-04 19:42:28 | 000,000,000 | ---- | M] () -- C:\TP13B5CE.$$$ [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2010-03-14 11:00:23 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2010-03-14 11:00:23 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2010-03-14 11:00:23 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sp3.cab:agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010-03-14 11:00:23 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010-03-14 11:00:23 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2010-03-14 11:00:23 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sp3.cab:atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004-08-04 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2004-08-04 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2010-03-14 11:00:23 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2010-03-14 11:00:23 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2010-03-14 11:00:23 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sp3.cab:cdrom.sys [2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cdrom.sys [2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-04 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll [2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys [2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 13:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report >[/log] [quote]start->uruchom->wpisać gpedit.msc i usługach odnaleźć Szablony administracyjne->>SYstem-> Opcje klawiszy CTRL+ALT+DEL -> Usunąć Menedżera zadań-> ustawić na wyłączone Zastosuj->OK[/quote] jak wpisze gpedit.msc to w uruchom to wyskakuje "System Windows nie może odnaleźć pliku "gpedit.msc" i tam dalej jeszcze pisze żebym sie upewnił czy dobrze wpisałem i spróbował ponownie... [color="#FF0000"]// Przenoszę do działu Bezpieczeństwo // Cyprian[/color]
Psycholandia komentarz 23 marca 2010 komentarz 23 marca 2010 Daj loga z Combofixa: http://www.forumpc.pl/index.php?showtopic=153621 1
michal1992pawlak komentarz 24 marca 2010 Autor komentarz 24 marca 2010 [log]ComboFix 10-03-23.04 - Dom 2010-03-24 13:21:30.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.894.412 [GMT 1:00] Uruchomiony z: c:\documents and settings\Dom\Pulpit\ComboFix.exe AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ABP470N5 -------\Service_abp470n5 ((((((((((((((((((((((((( Pliki utworzone od 2010-02-24 do 2010-03-24 ))))))))))))))))))))))))))))))) . 2010-03-23 18:00 . 2010-03-23 18:00 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET 2010-03-23 17:50 . 2010-03-23 17:50 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\ESET 2010-03-23 17:49 . 2010-03-23 17:49 -------- d-----w- c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\ESET 2010-03-23 17:37 . 2010-03-23 17:37 -------- d-----w- c:\program files\ESET 2010-03-23 17:37 . 2010-03-23 17:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2010-03-20 18:31 . 2010-03-20 18:32 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\VSO 2010-03-20 18:30 . 2010-03-20 18:30 -------- d-----w- c:\program files\VSO 2010-03-14 17:51 . 2010-03-14 17:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-03-14 10:20 . 2010-03-14 10:20 -------- d-----w- c:\windows\l2schemas 2010-03-14 10:20 . 2010-03-14 10:20 -------- d-----w- c:\windows\system32\pl 2010-03-14 10:20 . 2010-03-14 10:20 -------- d-----w- c:\windows\system32\bits 2010-03-14 10:00 . 2010-03-14 10:00 -------- d-----w- c:\windows\EHome 2010-03-06 15:19 . 2010-03-06 15:19 12328 ----a-w- c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-03-06 15:19 . 2010-03-06 15:19 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\ipla 2010-03-06 15:19 . 2010-03-06 15:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2010-03-06 15:19 . 2010-03-23 18:17 -------- d-----w- c:\program files\ipla 2010-03-06 15:19 . 2010-03-06 15:19 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2010-03-06 15:19 . 2010-03-06 15:19 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-03-06 15:17 . 2010-03-06 15:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-03-06 15:17 . 2010-03-06 15:17 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\Gadu-Gadu 10 2010-03-06 15:16 . 2010-03-23 18:17 -------- d-----w- c:\program files\Gadu-Gadu 10 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-24 12:30 . 2009-11-07 15:11 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\Skype 2010-03-24 12:28 . 2009-11-07 14:17 -------- d-----w- c:\program files\neostrada tp 2010-03-24 07:54 . 2009-11-07 15:25 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\skypePM 2010-03-23 18:21 . 2009-11-07 14:31 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2010-03-22 13:21 . 2004-08-04 12:00 67496 ----a-w- c:\windows\system32\perfc015.dat 2010-03-22 13:21 . 2004-08-04 12:00 436560 ----a-w- c:\windows\system32\perfh015.dat 2010-03-19 17:24 . 2009-11-15 11:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-03-14 10:24 . 2009-11-07 13:38 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-02-21 08:54 . 2009-11-07 13:43 -------- d-----w- c:\program files\Java 2010-02-21 08:52 . 2010-02-21 08:52 152576 ----a-w- c:\documents and settings\Dom\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll 2010-02-21 08:52 . 2009-11-24 17:05 79488 ----a-w- c:\documents and settings\Dom\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-09 14:42 . 2010-02-09 14:42 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\DAEMON Tools Pro 2010-02-09 14:24 . 2010-02-09 14:24 -------- d-----w- c:\program files\Common Files\EZB Systems 2010-02-09 14:24 . 2010-02-09 14:24 -------- d-----w- c:\program files\UltraISO 2010-02-09 14:15 . 2010-02-09 14:11 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\DAEMON Tools Lite 2010-02-09 14:14 . 2010-02-09 14:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2010-02-09 14:14 . 2010-02-09 14:14 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-02-09 14:14 . 2010-02-09 14:14 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-02-09 14:11 . 2010-02-09 14:11 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-06 17:58 . 2010-02-06 17:58 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NFS Underground 2010-02-06 17:57 . 2010-02-06 17:57 -------- d-----w- c:\program files\Common Files\DirectX 2010-01-20 12:05 . 2010-01-20 12:05 42088 ----a-w- c:\documents and settings\Dom\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2010-01-20 12:03 . 2010-01-20 12:03 11776 ----a-w- c:\documents and settings\Dom\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-22 344064] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Dom\\Pulpit\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Valve\\hl.exe"= "d:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"= "c:\\Documents and Settings\\Dom\\Pulpit\\Skróty\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Documents and Settings\\Dom\\Pulpit\\Counter-Strike 1.6\\hlds.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\PROGRA~1\\NEOSTR~1\\Inactivity.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-09 721904] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-11-07 116992] R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2009-11-07 5504] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-11-07 64000] S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2009-11-25 392316] . Zawartość folderu 'Zaplanowane zadania' 2010-03-24 c:\windows\Tasks\User_Feed_Synchronization-{D23AD607-BDE1-46D0-B0D3-333F261151BD}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl IE: { - c:\program files\Messenger\msmsgs.exe TCP: {3257B4B1-A071-4185-9892-30D10BB6F8D4} = 194.204.159.1 194.204.152.34 FF - ProfilePath - c:\documents and settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\ce3hhhhd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig?hl=pl&source=iglk FF - plugin: c:\documents and settings\Dom\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-24 13:28 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdp.sys >>UNKNOWN [0x84B8F938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7536f28 \Driver\ACPI -> ACPI.sys @ 0xf728fcb8 \Driver\atapi -> atapi.sys @ 0xf722cb40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7136bd4 PacketIndicateHandler -> NDIS.sys @ 0xf7124a0d SendHandler -> NDIS.sys @ 0xf7138b40 user & kernel MBR OK ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1072) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2312) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\SOUNDMAN.EXE c:\progra~1\NEOSTR~1\TaskBarIcon.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Czas ukończenia: 2010-03-24 13:35:10 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-03-24 12:35 Przed: 25 882 324 992 bajtów wolnych Po: 26 483 339 264 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - C32D1F0FD35DBF3C7921679953202AB8 [/log]
Psycholandia komentarz 24 marca 2010 komentarz 24 marca 2010 Pobierz: http://www.freedrweb.pl/livecd.php nagraj na płytę, reset kompa, podczas uruchamiania wciskaj F11, odpali się program i wykona skanowanie. Wszystko co znajdzie usuń. 1
michal1992pawlak komentarz 24 marca 2010 Autor komentarz 24 marca 2010 po combofixie już wszystko jest ok menadzer się włącza i uruchom tez chodzi
Psycholandia komentarz 24 marca 2010 komentarz 24 marca 2010 Uruchom OTL i kliknij CleanUP. Posprząta po skanerach.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.