Nie działający Menadżer zadań!


(Borsuq123) #1

Witam, otóż podłączając PenDrive po pewnym czasie zauważyłem że nie działa mi Menadżer zadań. Poszukałem więc troche po internecie lecz większość tematów nie pomogła, ponieważ podczas włączania opcji “uruchom” pojawia się taki błąd “Edycja rejestru została wyłączona przez administratora sieci”

Mój system to Windows XP

Tutaj mam loga:

ComboFix 10-07-08.02 - Adam Jastrzępski 2010-07-09 23:56:52.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3327.3019 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Adam Jastrzępski\Moje dokumenty\Pobieranie\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\FlashGet Network

c:\program files\FlashGet Network\FlashGet 3\adns.dll

c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll

c:\program files\FlashGet Network\FlashGet 3\BugReport.dll

c:\program files\FlashGet Network\FlashGet 3\BugReport.exe

c:\program files\FlashGet Network\FlashGet 3\cd1.ico

c:\program files\FlashGet Network\FlashGet 3\ckcore.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll

c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll

c:\program files\FlashGet Network\FlashGet 3\commonlib.dll

c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll

c:\program files\FlashGet Network\FlashGet 3\config\clients.met

c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak

c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat

c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met

c:\program files\FlashGet Network\FlashGet 3\config\known.met

c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met

c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat

c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini

c:\program files\FlashGet Network\FlashGet 3\config\server.met

c:\program files\FlashGet Network\FlashGet 3\config\server_met.old

c:\program files\FlashGet Network\FlashGet 3\config\upload.met

c:\program files\FlashGet Network\FlashGet 3\corestat.dll

c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg

c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak

c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db

c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll

c:\program files\FlashGet Network\FlashGet 3\fg.ico

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png

c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml

c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe

c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe

c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi

c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll

c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll

c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll

c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll

c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll

c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll

c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll

c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll

c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll

c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll

c:\program files\FlashGet Network\FlashGet 3\game.ico

c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic

c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll

c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm

c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm

c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe

c:\program files\FlashGet Network\FlashGet 3\libem.dll

c:\program files\FlashGet Network\FlashGet 3\license.txt

c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin

c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini

c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll

c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll

c:\program files\FlashGet Network\FlashGet 3\perf.ini

c:\program files\FlashGet Network\FlashGet 3\pncrt.dll

c:\program files\FlashGet Network\FlashGet 3\pstat.dat

c:\program files\FlashGet Network\FlashGet 3\pup.dat

c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll

c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_clock.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_disk.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml

c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav

c:\program files\FlashGet Network\FlashGet 3\skin\international\Gray\BarSet.png

c:\program files\FlashGet Network\FlashGet 3\storage.dll

c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe

c:\program files\FlashGet Network\FlashGet 3\uninst.exe

c:\program files\FlashGet Network\FlashGet 3\VodCore.dll

c:\program files\FlashGet Network\FlashGet 3\zlib.dll

c:\windows\Ic.Inf

c:\windows\system32\bpkr.exe

c:\windows\system32\inst.dat

c:\windows\system32\pk.bin

c:\windows\system32\rinst.exe

c:\windows\system32\secushr.dat

c:\windows\system32\secustat.dat

c:\windows\system32\sknc.dll

c:\windows\update.exe

Zainfekowana kopia c:\windows\system32\ws2_32.dll została znaleziona. Problem naprawiono

Plik odzyskano z - c:\windows\system32\dllcache\ws2_32.dll

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ABP470N5

-------\Service_abp470n5

((((((((((((((((((((((((( Pliki utworzone od 2010-06-09 do 2010-07-09 )))))))))))))))))))))))))))))))

.

2010-07-09 21:16 . 2010-07-09 21:16 -------- d-----w- c:\program files\Lavasoft

2010-07-09 21:09 . 2010-07-09 21:09 -------- d-----w- c:\program files\Unlocker

2010-07-09 20:58 . 2010-07-09 20:58 -------- d-----w- c:\program files\Gadu-Gadu 10

2010-07-08 14:56 . 2010-07-08 14:56 -------- d-----w- c:\program files\Counter-Strikefafa

2010-07-08 12:00 . 2010-07-08 12:00 -------- d-----w- c:\program files\Electronic Arts

2010-07-08 12:00 . 2005-06-24 14:24 438272 ----a-r- c:\windows\system32\vp6vfw.dll

2010-07-06 10:26 . 2010-07-07 12:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM

2010-07-05 12:20 . 2010-07-05 12:20 -------- d-----w- c:\program files\Metin2

2010-06-28 07:19 . 2010-06-28 07:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PMB Files

2010-06-28 07:19 . 2010-06-28 07:19 -------- d-----w- c:\program files\Pando Networks

2010-06-28 07:19 . 2010-06-28 07:19 -------- d-----w- c:\program files\GamersFirst

2010-06-28 06:36 . 2010-06-28 06:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TEMP

2010-06-24 09:02 . 2010-07-08 14:21 70 ----a-w- c:\program files\Common Files\userInit.dll

2010-06-23 13:57 . 2010-06-23 13:57 27958 ----a-w- c:\program files\Common Files\logonInit.dll

2010-06-23 13:55 . 2010-06-23 13:57 -------- d-----w- c:\program files\ElfBot NG

2010-06-23 13:49 . 2010-07-07 15:36 -------- d-----w- c:\program files\Tibia81

2010-06-23 09:38 . 2010-06-25 17:53 -------- d-----w- c:\program files\Tibia854

2010-06-22 20:04 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-22 20:04 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-22 20:04 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-22 20:04 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-22 20:04 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-22 20:04 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-22 20:04 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-22 20:04 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-06-22 20:04 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-22 20:04 . 2010-06-22 20:04 -------- d-----w- c:\program files\Alwil Software

2010-06-22 20:04 . 2010-06-22 20:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software

2010-06-22 16:53 . 2010-06-23 09:07 -------- d-----w- c:\program files\Tibia98

2010-06-22 11:33 . 2010-06-22 11:33 -------- d-----w- c:\windows\IP LIST

2010-06-20 18:09 . 2010-06-20 18:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Backup

2010-06-20 13:46 . 2008-04-13 22:17 25856 -c–a-w- c:\windows\system32\dllcache\usbprint.sys

2010-06-20 13:46 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-06-19 18:53 . 2010-06-19 18:53 -------- d-----w- c:\program files\PowerMenu

2010-06-19 18:43 . 2010-06-19 18:43 -------- d-----w- c:\windows\Language

2010-06-19 18:43 . 2010-07-08 22:33 324 ----a-w- c:\windows\Last.dat

2010-06-19 18:43 . 2010-07-07 15:13 416 ----a-w- c:\windows\memlist.dat

2010-06-19 18:43 . 2010-06-19 18:43 9 ----a-w- c:\windows\Language.dat

2010-06-19 18:43 . 2009-12-21 14:15 108217 ----a-w- c:\windows\os4.exe

2010-06-19 18:43 . 2009-12-20 08:24 4 ----a-w- c:\windows\test.dat

2010-06-19 18:43 . 2009-02-26 10:46 176128 ----a-w- c:\windows\libcurl.dll

2010-06-19 18:43 . 2009-02-26 10:45 59904 ----a-w- c:\windows\zlib1.dll

2010-06-19 18:39 . 2010-07-08 11:36 -------- d-----w- c:\program files\Tibia

2010-06-17 20:13 . 2008-04-13 22:15 26112 -c–a-w- c:\windows\system32\dllcache\usbser.sys

2010-06-17 20:13 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2010-06-15 16:28 . 2010-07-09 22:01 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

2010-06-15 16:28 . 2010-07-07 21:32 -------- d-----w- c:\program files\LogMeIn Hamachi

2010-06-10 15:18 . 2010-06-29 20:40 -------- d-----w- C:\Downloads

2010-06-10 13:37 . 2010-06-10 13:37 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-06-10 13:36 . 2010-06-10 13:36 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-06-10 13:36 . 2010-06-10 13:36 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-06-10 13:36 . 2010-06-10 13:36 2250024 ----a-w- c:\windows\system32\pbsvc.exe

2010-06-10 13:36 . 2010-06-10 13:36 -------- d-----w- c:\windows\system32\LogFiles

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-09 21:51 . 2009-08-08 18:54 -------- d-----w- c:\program files\Kalendarz XP

2010-07-08 12:00 . 2009-08-08 16:39 -------- d–h--w- c:\program files\InstallShield Installation Information

2010-07-07 21:32 . 2010-05-31 19:30 -------- d-----w- c:\program files\iPlus

2010-06-28 06:30 . 2010-06-28 06:30 2382039 ----a-w- c:\program files\ElfBot NG.rar

2010-06-25 07:07 . 2008-04-15 12:00 83880 ----a-w- c:\windows\system32\perfc015.dat

2010-06-25 07:07 . 2008-04-15 12:00 490628 ----a-w- c:\windows\system32\perfh015.dat

2010-06-21 12:35 . 2010-06-21 12:32 -------- d-----w- c:\program files\FrameShow

2010-06-17 20:13 . 2010-06-17 20:13 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2010-06-17 20:13 . 2010-06-17 20:13 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-06-15 18:36 . 2010-06-15 18:36 -------- d-----w- c:\program files\MSBuild

2010-06-15 18:36 . 2010-06-15 18:36 -------- d-----w- c:\program files\Reference Assemblies

2010-06-10 15:06 . 2009-08-28 16:58 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-06-10 13:47 . 2009-08-10 08:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-06-07 15:09 . 2010-06-07 15:09 -------- d-----w- c:\program files\CCleaner

2010-06-04 08:06 . 2010-06-04 08:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ubisoft

2010-06-04 08:00 . 2010-06-03 20:15 -------- d-----w- c:\program files\Ubisoft

2010-06-04 07:58 . 2010-06-04 07:58 -------- d-----w- c:\program files\Alcohol Soft

2010-06-04 07:57 . 2009-08-18 14:06 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-06-04 07:50 . 2010-06-04 07:50 -------- d-----w- c:\program files\Alcohol

2010-06-03 20:36 . 2010-06-03 20:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Solidshield

2010-06-02 21:46 . 2010-06-02 21:46 -------- d-----w- c:\program files\MSXML 4.0

2010-06-02 20:57 . 2010-06-02 20:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10

2010-06-02 20:47 . 2010-06-02 20:47 -------- d-----w- c:\program files\SystemRequirementsLab

2010-06-02 20:43 . 2010-06-02 20:43 -------- d-----w- c:\program files\Common Files\Java

2010-06-02 20:43 . 2010-06-02 20:43 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-02 20:43 . 2010-06-02 20:43 -------- d-----w- c:\program files\Java

2010-05-31 20:07 . 2010-05-31 20:07 0 ----a-w- c:\windows\nsreg.dat

2010-05-31 20:04 . 2010-05-31 20:04 -------- d-----w- c:\program files\ALLPlayer

2010-05-31 20:04 . 2010-05-31 20:04 -------- d-----w- c:\program files\NAPI-PROJEKT

2010-05-28 15:50 . 2010-05-28 15:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA

2010-05-06 10:35 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 14:05 . 2010-05-04 14:05 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll

2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10_userdata\npgg.2.dll

2010-05-02 08:09 . 2008-04-15 12:00 1851520 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:34 . 2008-04-15 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2004-05-06 10:11 . 2010-05-31 20:13 777 ----a-w- c:\program files\trial_setup.ini

2004-05-06 10:11 . 2010-05-31 20:13 114176 ----a-w- c:\program files\trial_setup.exe

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows$NtUninstallKB951748$\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-07-18 451872]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-01 153136]

“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2010-03-23 1432064]

“Pando Media Booster”=“c:\program files\Pando Networks\Media Booster\PMB.exe” [2010-06-28 2937528]

“Gadu-Gadu 10”=“c:\program files\Gadu-Gadu 10\gg.exe” [2010-05-04 11981408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“RTHDCPL”=“RTHDCPL.EXE” [2008-03-31 16857600]

“Gainward”=“c:\program files\VDOTool\TBPanel.exe” [2006-09-13 2154496]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-08-11 7630848]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-08-11 86016]

“QuickTime Task”=“c:\windows\system32\qttask.exe” [2009-08-08 98304]

“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe” [2003-12-08 32768]

“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-02-18 248040]

“UnlockerAssistant”=“c:\program files\Unlocker\UnlockerAssistant.exe” [2010-07-04 17408]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]

c:\documents and settings\Adam Jastrz©pski\Menu Start\Programy\Autostart\

ocs.exe [2000-8-7 12288]

raw32.dll [2009-12-10 37888]

update.exe [2010-6-19 484446]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-8-8 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

“FirewallOverride”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

“AntiVirusOverride”=dword:00000001

“AntiVirusDisableNotify”=dword:00000001

“FirewallDisableNotify”=dword:00000001

“FirewallOverride”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

“UacDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe”=

“d:\Gry\Need for Speed Most Wanted\speed.exe”=

“c:\Program Files\City Interactive\The Heat of War\System\Iwo.exe”=

“c:\Program Files\Gadu-Gadu 10\gg.exe”=

“d:\FinaLongju2\Server1Ch1.exe”=

“d:\FinaLongju2\Server2Ch1.exe”=

“c:\Program Files\Ubisoft\James Cameron’s AVATAR - THE GAME\bin\Avatar.exe”=

“c:\Program Files\Ubisoft\James Cameron’s AVATAR - THE GAME\bin\AvatarLauncher.exe”=

“c:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe”=

“c:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe”=

“c:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe”=

“d:\NovaMT2\NovaMt2\NovaMT2.exe”=

“d:\cs\cstrike.exe”=

“d:\cs\hl.exe”=

“d:\Program Files\Ubisoft\Brothers in Arms Road to Hill 30\System\bia.exe”=

“d:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe”=

“d:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe”=

“d:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe”=

“c:\WINDOWS\system32\PnkBstrA.exe”=

“c:\WINDOWS\system32\PnkBstrB.exe”=

“d:\Metin2\metin2.bin”=

“d:\FinaLongju2\DreamLongju lucher.exe”=

“d:\SuckMT2\pack\game.exe”=

“d:\ÍřÂçÓÎĎ·\´´ĘŔÁúľÔ\???2010.5.29.exe”=

“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Metin2\Metin2Mod.bin”=

“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Nowy folder (2)\ElfBot NG 8.54\navserv.exe”=

“c:\Documents and Settings\Adam Jastrzępski\Pulpit\ÍřÂçÓÎĎ·\´´ĘŔÁúľÔ\Metin2Mod.bin”=

“c:\Documents and Settings\Adam Jastrzępski\Pulpit\ÍřÂçÓÎĎ·\´´ĘŔÁúľÔ\???2010.5.29.exe”=

“c:\Program Files\Pando Networks\Media Booster\PMB.exe”=

“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Metin2\zzyok spol by DrAluFelg.exe”=

“d:\Metin2United\Metin2client.bin”=

“d:\Metin2lol\Yitian2.exe”=

“d:\Metin2lol\MijagiMt2 spol by DrAlufelg.exe”=

“d:\Metin2lol\metin2client.bin”=

“d:\Metin2lol\Metin2Mod.bin”=

“d:\Metin2lol\xFkYT2 by Schittset.exe”=

“d:\Metin2lol\0_universe_mt2_spol_by_sejg.exe”=

“d:\Metin2lol\IsusaMT2_dawmar37_4_MPCFORUM.exe”=

“d:\Metin2lol\cRimeMT2 spol by GheddoStylE.exe”=

“d:\Metin2lol\0_lryt2_spol_by_lost.exe”=

“d:\Metin2lol\cRimeMT2 spol by mikepolak.exe”=

“d:\Metin2United\mc.exe”=

“d:\Metin2lol\YaliMt2 spol by Kraczuss.exe”=

“d:\Metin2lol\blacknight by becatech.exe”=

“d:\Metin2lol\MCmetinPRO.exe”=

“d:\Metin2lol\MoonMt2_by_dawmar37.exe”=

“d:\Metin2lol\0_soulmt2_bywrobelptak1.exe”=

“d:\Metin2lol\LpYT2.exe”=

“d:\Metin2lol\0_spolszczenie_zzyt2_by_macius156.exe”=

“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Nowy folder (2)\Evo by Bartex012\By Bartex012.exe”=

“c:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe”=

“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Nowy folder (2)\Multi IP Changer.exe”=

“c:\Program Files\Mozilla Firefox\firefox.exe”=

“c:\WINDOWS\RTHDCPL.EXE”=

“c:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe”=

“c:\Documents and Settings\Adam Jastrzępski\Pulpit\csss\cstrike.exe”=

“c:\WINDOWS\system32\qttask.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“59057:TCP”= 59057:TCP:Pando Media Booster

“59057:UDP”= 59057:UDP:Pando Media Booster

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-06-22 164048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-06-22 19024]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]

R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-08-08 1176192]

S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]

S2 PavProc;Panda Process Protection Driver;??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]

S3 wh78;wh78;??\c:\documents and settings\Adam Jastrzępski\Pulpit\WallHack - sXe-I 7.8 all fixes\wh78.sys --> c:\documents and settings\Adam Jastrzępski\Pulpit\WallHack - sXe-I 7.8 all fixes\wh78.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-18 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-07-18 15:53 525600 -c–a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://google.flashget.com/

IE: Download all by FlashGet3 - c:\documents and settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - c:\documents and settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetUrl.htm

IE: ???3?? - c:\documents and settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetUrl.htm

IE: ???3??? - c:\documents and settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetAllUrl.htm

.

        • USUNIĘTO PUSTE WPISY - - - -

Notify-LogonInit - logonInit.dll

AddRemove-FlashGet 3.5 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe

**************************************************************************

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki:

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]

@=“c:\Documents and Settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetUrl.htm”

“contexts”=dword:00000022

[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]

@=“c:\Documents and Settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetAllUrl.htm”

“contexts”=dword:000000f3

[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{1F7BCB2F-8675-C5E4-E82E-F9C660CDEA7F}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

“oaophkikcdfamaccnnocflebiilihh”=hex:61,69,65,65,63,65,6b,6d,63,6c,6e,68,67,6f,

66,70,62,63,67,68,68,68,70,61,61,69,6a,6c,61,69,61,6e,61,6c,6f,70,6d,63,68,\

“iahppjlkgajcahohho”=hex:6a,61,6c,65,64,62,65,63,65,66,6d,6c,6d,66,67,6a,64,64,

62,6c,00,00

“hanpbnijepmckeod”=hex:6a,61,6c,65,64,62,65,63,65,66,6d,6c,6d,66,67,6a,64,64,

62,6c,00,00

[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]

“??”=hex:62,ff,64,74,be,95,46,38,31,5c,87,7d,87,b7,5b,1c,e5,cb,ca,12,40,a5,cc,

82,e5,e3,a2,e8,3c,ea,d9,87,25,03,cd,69,9e,cc,9c,6b,7a,cc,68,be,10,ab,78,4e,\

“??”=hex:08,4b,cb,64,7f,e7,34,a9,67,49,05,9b,a8,87,83,b8

[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\SecuROM\License information*]

“datasecu”=hex:94,7f,4e,bf,57,13,38,cc,c4,f8,d3,c8,71,51,3c,57,88,63,29,87,14,

89,29,32,63,c6,76,4c,62,23,1c,2e,f9,19,20,29,c0,f0,76,cc,ae,84,a3,9d,27,76,\

“rkeysecu”=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • > ‘explorer.exe’(3956)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Kalendarz XP\Kalendarz.exe

c:\documents and settings\Adam Jastrzępski\Menu Start\Programy\Autostart\ocs.exe

c:\documents and settings\Adam Jastrzępski\Menu Start\Programy\Autostart\update.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Czas ukończenia: 2010-07-10 00:04:12 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2010-07-09 22:04

Przed: 28 391 903 232 bajtów wolnych

Po: 28 222 767 104 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect

    • End Of File - - CDC5F3B807FE98B2EB6C0DD9AEB9FD03

(Leon$) #2

Sality

usuwanie-znanych-wirusow-sality-jeefo-parite-virut-itp-t370365.html

:slight_smile:


(squeet) #3

@Borsuq14 - bardzo proszę o lekturę tego tematu:

:arrow: zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html

Edytuj proszę swojego posta i wklej odpowiednio log, zgodnie z zasadami w powyższym temacie.