Explorer.exe nie działa pulpit się nie ładuje


(Wizard4) #1

Wiem, że temat był klepany już milion razy, inna sprawa że u mnie żaden ze znalezionych sposobów nie działa, zaczynając od ręcznego uruchomienia procesu (wyłącza się zaraz po włączeniu nie wyświetlając nawet ikon), na modyfikowaniu wpisów rejestru kończąc. Problem wyskoczył niespodziewanie, jednego dnia poprawnie zamykam komputer po sesji bez niespodzianek, następnego Windows startuje z chekdiskiem i nie wyświetla pulpitu. Proszę o pomoc.

-- Dodane 19.07.2009 (N) 18:21 --

Wklejam jeszcze log z HijackThis, nie mam jak go zamieścić w innej formie, z powodu braku dostępu do plików

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:17, on 2009-07-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\sbt\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [explorer] c:\windows\raven.exe

O4 - HKCU..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

O4 - HKUS\S-1-5-21-1177238915-1708537768-854245398-1003..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" (User '?')

O4 - HKUS\S-1-5-21-1177238915-1708537768-854245398-1003..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Wireless PCI_CardBus utility V1.01.exe.lnk = ?

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 5610 bytes


(Olixxx94) #2

Fix w HijackThis.


(Wizard4) #3

Nadal nie działa :frowning: ale dzięki za chęci. Proszę nikt nie ma więcej pomysłów? To ważne


(Danielm86) #4
  1. Użyj przywracania systemu :wink:

wpisz w Nowe zadanie: C:\windows\system32\restore\rstrui.exe

  1. zobacz ten temat problem-explorer-exe-t100668.html

(Wizard4) #5

Przywracanie systemu nie chce się uruchomić. Pojawia się proces w menedżerze, ale nie pojawia się okno programu, ani nic


(Danielm86) #6

w takim razie odpal konsolę odzyskiwania z płyty CD

expand X:\i386\explorer.ex_ C:\Windows\

jak wysoczy bład to

ren explorer.exe explorer.bak

expand X:\i386\explorer.ex_ C:\Windows\

x-to litera twojego napędu


(Wizard4) #7

nie mam płyty z xp ponieważ była to instalacja seryjna ;[

-- Dodane 21.07.2009 (Wt) 17:23 --

Nie macie żadnych pomysłów? :frowning:


(Xponichter) #8

mam podobny problem więc wklejam log z combofixa możę da sie cos zaradzić:

ComboFix 11-07-27.02 - Kamillos 2011-07-27 18:56:24.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3326.2441 [GMT 2:00]

Uruchomiony z: c:\users\Kamillos\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Kamillos\Documents\cc_20110722_161255.reg

c:\users\Kamillos\Documents\rejestr kopia.reg

c:\windows\system32\reginv.dll

c:\windows\system32\winkey.dll

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))

.

.

2011-07-27 16:59 . 2011-07-27 16:59 -------- d-----w- c:\users\Kamillos\AppData\Local\temp

2011-07-27 16:59 . 2011-07-27 16:59 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-07-27 16:59 . 2011-07-27 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-27 16:37 . 2011-07-27 16:37 -------- d-----w- c:\program files\IObit

2011-07-27 16:37 . 2011-07-27 16:37 -------- d-----w- c:\programdata\IObit

2011-07-27 16:36 . 2011-07-27 16:36 -------- d-----w- c:\users\Kamillos\AppData\Roaming\IObit

2011-07-26 18:49 . 2011-07-26 18:49 -------- d-----w- c:\program files\Ask.com

2011-07-26 18:46 . 2008-11-06 00:03 -------- d-----w- C:\SDFix

2011-07-22 14:01 . 2011-07-22 14:01 -------- d-----w- c:\program files\CCleaner

2011-07-22 13:54 . 2011-07-22 13:54 -------- d-----w- c:\users\Kamillos\AppData\Roaming\Bitdefender

2011-07-22 13:40 . 2011-07-27 16:56 81984 ----a-w- c:\windows\system32\bdod.bin

2011-07-22 13:34 . 2011-07-22 13:35 -------- d-----w- c:\programdata\BitDefender

2011-07-22 13:34 . 2011-07-22 13:34 -------- d-----w- c:\program files\Common Files\Softwin

2011-07-19 19:17 . 2011-07-19 19:17 -------- d-----w- c:\users\Kamillos\AppData\Roaming\Activision

2011-07-19 19:17 . 2011-07-19 19:17 -------- d-----w- c:\programdata\Activision

2011-07-06 11:39 . 2011-07-06 11:39 -------- d-----w- c:\users\Kamillos\AppData\Roaming\BlackBean

2011-07-01 12:43 . 2011-07-01 12:43 -------- d-----w- c:\users\Kamillos\AppData\Local\Electronic Arts

2011-06-29 22:20 . 2011-06-29 22:20 -------- d-----w- c:\users\Kamillos\AppData\Roaming\Day 1 Studios

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-09 10:43 . 2011-06-04 09:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-16 14:58 . 2011-06-16 14:58 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-06-04 13:27 . 2011-06-04 13:27 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-05-26 14:08 . 2011-05-26 14:08 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-05-20 13:26 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2011-05-20 13:26 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-05-10 15:16 . 2011-01-28 19:34 258048 ----a-w- c:\windows\system32\libFLAC.dll

2011-05-10 15:16 . 2011-05-10 15:16 80384 ----a-w- c:\windows\system32\mkzlib.dll

2011-05-10 15:16 . 2011-05-10 15:16 24576 ----a-w- c:\windows\system32\mkunicode.dll

2011-05-06 12:12 . 2011-05-05 18:30 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys

2011-05-05 18:30 . 2011-05-05 18:30 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2011-06-27 15:15 . 2011-06-05 10:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"= "c:\program files\Gossiper\prxtbGoss.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

2011-03-28 16:22 176936 ----a-w- c:\program files\Gossiper\prxtbGoss.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]

2011-02-09 17:29 400384 ----a-w- c:\programy\ALLPlayer\Iplex\IplexToALLPlayer.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"= "c:\program files\Gossiper\prxtbGoss.dll" [2011-03-28 176936]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

.

[HKEY_CLASSES_ROOT\clsid{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

.

[HKEY_CLASSES_ROOT\clsid{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{0A452A47-C5A8-4854-A237-4B9B06B376F0}"= "c:\program files\Gossiper\prxtbGoss.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"BDMCon"="c:\programy\BitDefender10\bdmcon.exe" [2007-04-02 290816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^Users^Kamillos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]

path=c:\users\Kamillos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk

backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]

2011-06-16 12:29 413072 ----a-w- c:\programy\IObit\Advanced SystemCare 4\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]

2011-02-07 22:44 1362944 ----a-w- c:\programy\ALLPlayer\ALLUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

2007-03-26 12:49 69632 ----a-w- c:\programy\BitDefender10\bdagent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]

2010-11-16 10:07 422912 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [x]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [x]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [x]

R2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-29 13224]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]

R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-01 98672]

R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-01 14960]

R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-01 124016]

R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-01 117872]

R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-01 25456]

R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-01 113904]

R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-01 123504]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]

R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1343400]

S0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\windows\system32\drivers\pe3ah4nb.sys [2007-07-09 64616]

S0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys [2007-07-09 54896]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-28 721904]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-25 218688]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programy\IObit\Advanced SystemCare 4\ASCService.exe [2011-06-16 353168]

S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-12-29 27632]

.

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://start.facemoods.com/?a=ironto

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.11.1 217.17.34.10

FF - ProfilePath - c:\users\Kamillos\AppData\Roaming\Mozilla\Firefox\Profiles\n7rnft9v.default\

FF - prefs.js: network.proxy.type - 0

.

  • USUNIĘTO PUSTE WPISY - - - -

.

HKLM_ActiveSetup-{5Y99AE78-58TT-11dW-BE53-Y67078979Y} - c:\windows\system\sservice.exe

.

.

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_USERS.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,43,0c,5e,10,79,93,4d,a0,50,83,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,43,0c,5e,10,79,93,4d,a0,50,83,\

.

[HKEY_USERS\S-1-5-21-1628495058-3065868583-1346079862-1001\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:9c,36,59,11,85,6d,c9,d7,0e,f0,83,83,6d,c4,bf,3d,e0,22,02,53,b6,24,09,

6a,d1,2f,ea,5c,b0,a0,e9,38,cd,85,d3,6a,f7,9b,81,0f,15,c7,e3,2b,dd,c2,61,8c,\

"??"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de

.

[HKEY_USERS\S-1-5-21-1628495058-3065868583-1346079862-1001\Software\SecuROM\License information*]

"datasecu"=hex:11,c9,94,e1,52,ee,95,5e,07,90,d0,e7,1b,22,bc,da,2a,27,ad,ea,98,

3d,46,64,65,45,45,9d,e7,8d,c3,89,7a,bc,d1,c6,e0,40,cc,4e,d5,de,6c,c5,45,27,\

"rkeysecu"=hex:44,7b,3e,ec,6e,f7,1d,9b,c1,1e,8a,eb,4a,58,a1,9c

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Czas ukończenia: 2011-07-27 19:00:08

ComboFix-quarantined-files.txt 2011-07-27 17:00

.

Przed: 126 690 148 352 bajtów wolnych

Po: 126 682 398 720 bajtów wolnych

.

  • End Of File - - 6B5BC249FB541DE49E0B95567F11B007