Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
Nie działający regedit, taskmgr; wirusy • programosy.pl
Aktualizacje na programosy.pl: ChromiumKaspersky Rescue DiskVimSwitch Sound File ConverterFL Studio (Fruity Loops)UCheckFarbar Recovery Scan ToolMonkey′s AudioXnViewMP  

  • Ogłoszenie:

Nie działający regedit, taskmgr; wirusy

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Nie działający regedit, taskmgr; wirusy

Postprzez Andrew_wojownik 03 Mar 2009, 17:10

reklama
Witam, załapałem jakiegoś wirusa. Objawy są takie, że blokuje mi on regedita i taskmgr. Przy probie skanowania systemu AVG wyrzuca BSODa, FixIEDef wyrzuca błąd:
Kod: Zaznacz wszystko
Line-1:
Eroor: The requested action with this object has failed.

Jak skanuje trojan removlerem to wykrywa zablokowany rejest i menadżera zadań i przyrwaca mi dostęp, ale tylko na parenaście sekund :/
Dodatkowo jak zmieniam w opcjach widoku folderów, żeby pokazywał ukryte pliki to po paru sekundach opcja ta przestaje działać.
Do tego wirus ten proboje słać z mojego kompa tysiące maili na minute :/
Z góry dzięki za pomoc.

Log z ComboFixa:
Kod: Zaznacz wszystko
ComboFix 09-03-02.03 - Andrew 2009-03-03 15:51:36.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2047.1287 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Andrew\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-02-03 do 2009-03-03  )))))))))))))))))))))))))))))))
.

2009-03-03 15:22 . 2009-03-03 15:22   <DIR>   d--h-----   C:\$AVG8.VAULT$
2009-03-03 01:10 . 2009-03-03 01:10   <DIR>   d--------   c:\program files\Trojan Remover
2009-03-03 01:10 . 2009-03-03 01:10   <DIR>   d--------   c:\documents and settings\Andrew\Dane aplikacji\Simply Super Software
2009-03-03 01:10 . 2009-03-03 01:10   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2009-03-03 01:10 . 2006-05-25 14:52   162,304   --a------   c:\windows\system32\ztvunrar36.dll
2009-03-03 01:10 . 2003-02-02 19:06   153,088   --a------   c:\windows\system32\UNRAR3.dll
2009-03-03 01:10 . 2005-08-26 00:50   77,312   --a------   c:\windows\system32\ztvunace26.dll
2009-03-03 01:10 . 2002-03-06 00:00   75,264   --a------   c:\windows\system32\unacev2.dll
2009-03-03 01:10 . 2006-06-19 12:01   69,632   --a------   c:\windows\system32\ztvcabinet.dll
2009-02-28 19:28 . 2009-03-01 22:37   321   --a------   c:\windows\WPE PRO.INI
2009-02-28 11:14 . 2009-02-28 16:56   <DIR>   d--------   c:\program files\Windows Live Safety Center
2009-02-27 15:02 . 2006-12-26 20:37   241,770   --a------   C:\WZ_MU2003_EVENT_SERVER_new.exe
2009-02-27 14:53 . 2006-11-20 06:39   458,831   --a------   C:\WZ_MU2003_EVENT_SERVER.exe
2009-02-26 18:34 . 2009-02-26 18:34   <DIR>   d--------   c:\documents and settings\Andrew\WINDOWS
2009-02-25 15:23 . 2004-04-19 17:58   143,360   --a------   C:\transaction log shrink tool.exe
2009-02-23 19:38 . 2009-02-23 19:38   <DIR>   d--------   c:\program files\directx
2009-02-15 23:21 . 2009-02-15 23:21   <DIR>   d--------   c:\documents and settings\Andrew\Dane aplikacji\Wireshark
2009-02-15 23:13 . 2009-02-15 23:13   <DIR>   d--------   c:\program files\WinPcap
2009-02-15 00:01 . 2009-02-15 15:56   <DIR>   d--------   c:\documents and settings\Andrew\Dane aplikacji\Gzegzolka XP
2009-02-09 16:24 . 2009-02-09 16:24   <DIR>   d--------   c:\windows\system32\AGEIA
2009-02-09 16:24 . 2009-02-09 16:24   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-02-09 16:24 . 2009-02-09 16:24   <DIR>   d--------   c:\program files\AGEIA Technologies
2009-02-08 17:25 . 2009-02-08 17:25   88,855   --a------   C:\CS.rar
2009-02-08 16:27 . 2009-03-03 00:49   <DIR>   d---s----   c:\documents and settings\Andrew\UserData
2009-02-07 13:47 . 2001-07-22 01:25   107,882   --a------   c:\windows\system32\mib_ii.mib
2009-02-07 13:45 . 2009-02-07 13:45   17,408   --a------   c:\windows\system32\ocmsn.dll
2009-02-07 13:44 . 2009-02-07 13:44   19,232   --a------   c:\windows\system32\msnmsn.PNF
2009-02-07 13:44 . 2009-02-07 13:44   13,260   --a------   c:\windows\system32\igames.PNF
2009-02-07 13:44 . 2009-02-07 13:44   8,865   --a------   c:\windows\system32\MSNMSN.INF
2009-02-07 13:44 . 2009-02-07 13:44   8,261   --a------   c:\windows\system32\zoneoc.dll
2009-02-07 13:44 . 2009-02-07 13:44   6,324   --a------   c:\windows\system32\IGAMES.INF
2009-02-07 13:43 . 2009-02-07 13:43   15,092   --a------   c:\windows\system32\games.PNF
2009-02-07 13:43 . 2009-02-07 13:43   12,368   --a------   c:\windows\system32\pinball.PNF
2009-02-07 13:43 . 2009-02-07 13:43   8,860   --a------   c:\windows\system32\GAMES.INF
2009-02-07 13:43 . 2009-02-07 13:43   3,551   --a------   c:\windows\system32\PINBALL.INF
2009-02-07 13:42 . 2009-02-07 13:42   15,360   --a------   c:\windows\system32\msgrocm.dll
2009-02-07 13:42 . 2009-02-07 13:42   3,932   --a------   c:\windows\system32\rootau.PNF
2009-02-07 13:42 . 2009-02-07 13:42   859   --a------   c:\windows\system32\ROOTAU.INF
2009-02-07 13:40 . 2009-02-07 13:40   19,992   --a------   c:\windows\system32\fp40ext.PNF
2009-02-07 13:39 . 2009-02-07 13:39   32,828   --a------   c:\windows\system32\fp40ext.dll
2009-02-07 13:39 . 2009-02-07 13:39   9,938   --a------   c:\windows\system32\fp40ext.INF
2009-02-07 13:38 . 2009-02-07 13:38   101,376   --a------   c:\windows\system32\setupqry.dll
2009-02-07 13:38 . 2005-03-19 12:23   43,229   --a------   c:\windows\system32\setupqry.inf
2009-02-07 13:38 . 2009-02-07 13:38   41,164   --a------   c:\windows\system32\setupqry.PNF
2009-02-07 13:36 . 2009-02-07 13:36   132,608   --a------   c:\windows\system32\fxsocm.dll
2009-02-07 13:36 . 2009-02-07 13:36   55,728   --a------   c:\windows\system32\fxsocm.PNF
2009-02-07 13:36 . 2009-02-07 13:36   50,680   --a------   c:\windows\system32\fxsocm.inf
2009-02-06 18:52 . 2009-02-06 18:52   49,504   --a------   c:\windows\system32\sirenacm.dll
2009-02-06 02:35 . 2009-02-06 02:35   <DIR>   d--h-----   c:\windows\PIF
2009-02-06 01:39 . 2007-11-20 18:05   986,522   --a------   C:\DLLKI-SYSTEM32.rar
2009-02-05 23:36 . 2009-02-06 00:36   30,795,954   --a------   C:\zgrac.rar
2009-02-05 14:43 . 2009-03-03 15:20   <DIR>   d--------   c:\documents and settings\Andrew\Tracing
2009-02-05 14:24 . 2009-02-05 14:24   <DIR>   d--------   c:\program files\Microsoft
2009-02-05 14:23 . 2009-02-05 14:23   <DIR>   d--------   c:\program files\Windows Live SkyDrive
2009-02-05 14:23 . 2009-02-05 14:24   <DIR>   d--------   c:\program files\Windows Live
2009-02-05 14:17 . 2009-02-05 14:17   <DIR>   d--------   c:\program files\Common Files\Windows Live
2009-02-04 02:56 . 2009-02-04 03:56   88,798   --a------   C:\CS_kgames.rar
2009-02-04 01:03 . 2009-02-04 00:47   28,610,824   --a------   C:\CIS_Setup_3.5.57173.439_XP_Vista_x32.exe
2009-02-03 20:30 . 2009-02-03 20:30   <DIR>   d--------   C:\i386

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 14:49   ---------   d-----w   c:\documents and settings\Andrew\Dane aplikacji\stickies
2009-03-03 14:30   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-03 14:29   ---------   d-----w   c:\documents and settings\NetworkService\Dane aplikacji\VMware
2009-03-03 14:29   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\VMware
2009-03-03 14:29   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\avg8
2009-03-03 14:25   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\IJJIGame
2009-03-02 16:47   ---------   d-----w   c:\documents and settings\Andrew\Dane aplikacji\VMware
2009-02-28 21:40   ---------   d-----w   c:\documents and settings\Andrew\Dane aplikacji\Azureus
2009-02-24 13:50   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-01 17:03   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-02-01 16:44   ---------   d-----w   c:\program files\Spybot - Search & Destroy
2009-02-01 07:17   10,520   ----a-w   c:\windows\system32\avgrsstx.dll
2009-02-01 07:16   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-02-01 07:16   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-01-31 12:25   ---------   d-----w   c:\documents and settings\Andrew\Dane aplikacji\Kingston
2009-01-23 01:41   3,911,813   ----a-w   C:\GameServer_CS.exe
2009-01-22 22:23   76,800   ----a-w   C:\GameServer.dll
2009-01-20 13:50   ---------   d-----w   c:\program files\Microsoft SQL Server
2009-01-10 22:52   ---------   d--h--w   c:\documents and settings\Andrew\Dane aplikacji\ijjigame
2009-01-04 22:28   ---------   d-----w   c:\program files\VMware
2009-01-02 23:24   795,648   ----a-w   c:\windows\system32\xvidcore.dll
2009-01-02 23:24   130,048   ----a-w   c:\windows\system32\xvidvfw.dll
2008-12-22 20:56   678,367   ----a-w   C:\gs.zip
2008-12-17 09:57   129,552   ----a-w   c:\windows\system32\VBoxNetFltNotify.dll
2008-12-07 18:05   43,520   ----a-w   c:\windows\system32\CmdLineExt03.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52   80384   --a------   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52   80384   --a------   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52   80384   --a------   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52   80384   --a------   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52   80384   --a------   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52   80384   --a------   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52   80384   --a------   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52   80384   --a------   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52   80384   --a------   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatBar"="d:\programy\StatBar\StatBar.exe" [2003-07-25 335872]
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 521128]
"Steam"="d:\gry\steam\steam.exe" [2008-10-10 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-21 1211784]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 c:\windows\RTHDCPL.exe]

c:\documents and settings\Andrew\Menu Start\Programy\Autostart\
Stickies.lnk - d:\programy\Stickies\stickies.exe [2008-08-28 765952]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 08:17 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\[u]0[/u]oodbs

[HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=c:\documents and settings\Andrew\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Andrew\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Menu Start^Programy^Autostart^WinMySQLadmin.lnk]
path=c:\documents and settings\Andrew\Menu Start\Programy\Autostart\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
--a------ 2008-11-24 20:44 869888 d:\programy\MarBit\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2009-03-03 15:22 132608 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 02:42 144784 c:\program files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"d:\\Gry\\Kalypso\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"d:\\Gry\\RedFaction\\RF.exe"=
"e:\\Gry\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"e:\\Gry\\LucasArts\\Star Wars Empire at War Siły korupcji\\swfoc.exe"=
"d:\\Gry\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"d:\\Gry\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Gry\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Gry\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"=
"e:\\Gry\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"e:\\Gry\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"e:\\Gry\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Documents and Settings\\Andrew\\Pulpit\\MuServer_1.00.18_GS__1.00.19_JPN_Orginal\\MuServer 1.00.18 GS +1.00.19 JPN Orginal\\DataServer\\Dataserver.exe"=
"d:\\Programy\\TortoiseSVN\\bin\\TSVNCache.exe"=
"c:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe"=
"c:\\Program Files\\Trojan Remover\\Sschk.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=

R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-08 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-08 107272]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-08-10 100368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-08-10 41680]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-01-13 15872]
R2 Apache2.2;Apache2.2;f:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 298264]
R2 Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor;c:\program files\Parallels\Parallels Server\Drivers\prl_hypervisor_32.sys [2008-08-10 538176]
R2 prl_net;Parallels Networking Driver;c:\windows\system32\drivers\prl_net.sys [2008-08-10 23616]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-12 54960]
R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [2008-10-12 322096]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [2008-10-12 57344]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\fjlnnn.sys --> c:\windows\system32\drivers\fjlnnn.sys [?]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2008-12-18 81360]
S2 AODService;AODService;d:\programy\AMD\OverDrive\AODAssist --> d:\programy\AMD\OverDrive\AODAssist [?]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-09 903960]
S2 prl_usb_mng;Parallels USB Device Manager;\??\c:\program files\Parallels\Parallels Server\Drivers\prl_usb_mng.sys --> c:\program files\Parallels\Parallels Server\Drivers\prl_usb_mng.sys [?]
S3 cglptnt;cglptnt;d:\programy\TC UP\CGLPTNT.SYS [2008-07-29 7888]
S3 kbeepm;kbeepm;\??\c:\docume~1\Andrew\USTAWI~1\Temp\kbeepm.sys --> c:\docume~1\Andrew\USTAWI~1\Temp\kbeepm.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Andrew\Pulpit\Cabalbot\NtProcDrv.sys --> c:\documents and settings\Andrew\Pulpit\Cabalbot\NtProcDrv.sys [?]
S3 Parallels Dispatcher Service;Parallels Dispatcher Service;c:\program files\Parallels\Parallels Server\Application\prl_disp_service.exe [2008-08-10 11959744]
S3 Parallels Networking Service;Parallels Networking Service;c:\program files\Parallels\Parallels Server\Application\prl_naptd.exe [2008-08-10 2002368]
S3 PRLVNIC;Parallels Virtual NIC Adapter;c:\windows\system32\drivers\prl_vnic.sys [2008-08-10 12992]
S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\system32\drivers\VBoxTAP.sys [2008-08-10 47152]
S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [2008-10-12 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.0.0.21#data]
\ShELl\AuToplay\comManD - M:\ylrj.cmd
\ShELl\AutoRun\command - M:\ylrj.cmd
\ShELl\explorE\COMmANd - M:\ylrj.cmd
\ShELl\oPEN\COmManD - M:\ylrj.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{240623b5-b322-11dd-909f-005056c00008}]
\Shell\AutoRun\command - N:\SETUP.EXE /AUTORUN
\Shell\configure\command - N:\SETUP.EXE
\Shell\install\command - N:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce7f93c1-6cac-11dd-907f-001d92b44444}]
\Shell\AutoRun\command - H:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{729CC054-9FC8-238E-0A98-75B7A1C73972}]
c:\windows\system32\kb478342122.exe s
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
LSP: c:\program files\VMware\VMware Server\vsocklib.dll
TCP: {BA577A95-5EE9-4E1E-B044-03FC1F93CA15} = 195.177.64.34,195.177.64.66,195.177.64.69
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 15:52:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AODService]
"ImagePath"="d:\programy\AMD\OverDrive\AODAssist"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-343818398-839522115-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3746B97A-557E-4C69-5B54-C974A424E428}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="92D2132C798B5ACCE08348591E5F4082E3FC01B3A619CF77855E50ADAE88B2E3F47C78C483F7F3F1E5C0CF40E1F0AE22CB50BF42C84F530ABB114D2A4FAAFA55C86FB5C09C03492480FA94BEDFCB5BB071D6251761BF4EC8BD73041C21015295469C916C0510C935DCD3D8B69515FD230F7E8AC850E9606E7860076E8309E045ABEDF7A53CBB484CA9DE7F1C47A0B3C564266D7FBA01918C5B258A201DF3B55AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A2D97226D213B555A6A0AC4980AC7933EFBE008C4265673C1C58598822F0496FAE6F3B48B8236349EBEFAA46EA522C00F3470706D14414E55918D034D9D919354451821AEF7AE92DAF7F83D9425D176EAA0297FE0E9ED541AE8272627E23531508C34A5B974B16DA503D0A383BF6F131EA098719315F89D6A39C4D89CBB65EF8D3D977738F1B7947966A9EE0F56297DF90684D893DA67083C6601333C4AF8423849A96E57825053752B8446A559543E2FB218819F5C63074283C1B7DACDEF4A8FB81D5C3B9D513C3D6D123FA013A947B9129F8A662C7D1AFDB92DC1B8E494271A07C87347C4E5DDAF8D288CFE4B0913BB6E702A1CF65448C7BB878D2B627613ADAEFA3F2AF64833F93C8E1B82D88228959BC2F904D0FD6B52278ADFEB5652D1598B1C4CF85228806083AC51B508C12216776AB0C3068BFAB7291E40CE1A365E4CB0D29AD73C55498351F6AEC83331211D55B49C18FC899C2103426FE53B7AAE3EAC0B404343E323605612B3C42ADB63A9A247C72C83C5FA2A3071FEBE729849DED816DDCC5B3D1EEDE63892A4D5D7855B3FDDDF47B81F446D9A3A3FDBF345C745474FED8E9FDC529B477A869A459336C9F0AAA300B0C1E7DE29928F3414B829B9D36B72B27AA061F77E6D04191EAA7DE615CC323210584EC746A461F1690A71ED1D38A1BC7FCED5E1D6D6D119F127B5E817E2F5D28C5368B460A3DE529DDE2D579D28F8359E83EC7A23A8E469D81B4730B6E9386D0DE242695E4EDC2AD3F2EF4A1A77FD22F19971204F168669D9DC1F60E1C3F561193245B22585EC417F5E701DB3FBA0FDE6904C645ACD10A7703F0981E6CA39B1F5C6E20B135388D2075D2D140F7C4CCC16C6C446DF6495D4600F85BD2B9D33576E322BA0DC34B53C4E79514E424423877E7A23C074F6BA0E9957016C8CF8A19590A3F48003C86E047A8B9C86A0C80106055D8B320AB7DA6047C55F11EEF23D24B622BB7DB4E81132BC72E45EF6A6D29A4E1A504CA72E85A7D1E07EF764F207C93B3B1CDF399F65DBB0A45B01E6D1BE82CEE865C1F81B6367F1849627B17A54ABF797C20A236C2C505E8B68A1C38C14D279259BD372699497BBE46EDD5E3FC7F1EE41F1E43AD68E657909AA0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-03-03 15:53:22
ComboFix-quarantined-files.txt  2009-03-03 14:53:20
ComboFix2.txt  2009-02-01 18:23:17

Przed: 875 216 896 bajtów wolnych
Po: 977,420,288 bajtów wolnych

320


Log z HiJackThis:
Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:22, on 2009-03-03
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Programy\TortoiseSVN\bin\TSVNCache.exe
D:\Programy\StatBar\StatBar.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
D:\gry\steam\steam.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\XAMPP\apache\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmware-hostd.exe
F:\XAMPP\apache\bin\apache.exe
D:\Przegladarki internetowe\Opera\opera.exe
C:\DOCUME~1\Andrew\USTAWI~1\Temp\winaplx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Andrew\Pulpit\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [StatBar] D:\Programy\StatBar\StatBar.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [Steam] "d:\gry\steam\steam.exe" -silent
O4 - Startup: Stickies.lnk = D:\Programy\Stickies\stickies.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA577A95-5EE9-4E1E-B044-03FC1F93CA15}: NameServer = 195.177.64.34,195.177.64.66,195.177.64.69
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AODService - Unknown owner - D:\Programy\AMD\OverDrive\AODAssist (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - F:\XAMPP\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - F:\XAMPP\filezillaftp\filezillaserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Parallels Dispatcher Service - Parallels, Inc. - C:\Program Files\Parallels\Parallels Server\Application\prl_disp_service.exe
O23 - Service: Parallels Networking Service - Parallels, Inc. - C:\Program Files\Parallels\Parallels Server\Application\prl_naptd.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-hostd.exe
O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmVssWriter.exe

--
End of file - 6558 bytes


Log z SillentRunnersa:

http://wklej.org/id/59625/

Pozdrawiam Andrew
Andrew_wojownik
~user
 
Posty: 77
Dołączenie: 23 Maj 2005, 10:45


Góra

Nie działający regedit, taskmgr; wirusy

Postprzez wojtas 03 Mar 2009, 23:51

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 10 gości

Powered by phpBB © Group
Forum Programosy.pl