Logi - Nie można zalogować się do systemu

Witam,
Jestem tutaj nowym użytkownikiem. Podłączam się pod temat o sprawdzenie logu OTL. Problem występuje w windows serwer 2003, po zainstalowaniu Adobe Reader, zostało zmienione/zablokowane hasło administratora. Hasło znam i potwierdziłem je z plikem SAM, jest prawidłowe. Natomiast przy logowaniu windows zwraca błędne hasło. Nie jestem możliwe zalogowanie się do systemu. Poniżej log.

OTL logfile created on: 1/8/2013 1:11:27 PM - Run
OTLPE by OldTimer - Version 3.1.48.0	 Folder = X:\Programs\OTLPE
Microsoft Windows Server 2003 R2 Dodatek Service Pack 2 (Version = 5.2.3790) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 91.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 7.17 Gb Free Space | 18.35% Space Free | Partition Type: NTFS
Drive E: | 72.72 Gb Total Space | 8.81 Gb Free Space | 12.12% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand] --  -- (WinHttpAutoProxySvc)
SRV - [2007/07/03 11:17:52 | 000,094,208 | ---- | M] (Sage Symfonia sp. z o.o.) [Auto] -- C:\Symfonia\HkServer.exe -- (SymfoniaNetKey)
SRV - [2007/02/17 13:13:21 | 000,071,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 13:12:54 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/17 13:12:41 | 000,792,576 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/17 13:11:58 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/17 13:11:57 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/17 13:11:31 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2006/05/18 11:46:22 | 000,028,724 | ---- | M] (Pervasive Software Inc.) [Auto] -- C:\PVSW\bin\w3sqlmgr.exe -- (Pervasive.SQL (relational)) Pervasive.SQL (relational)
SRV - [2006/05/18 10:51:06 | 000,069,680 | ---- | M] () [Auto] -- C:\PVSW\bin\ntbtrv.exe -- (Pervasive.SQL (transactional)) Pervasive.SQL (transactional)
SRV - [2006/04/14 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2006/04/14 07:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | Auto] --  -- (LMIInfo)
DRV - File not found [Adapter | On_Demand] --  -- (LicenseInfo)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/03/01 05:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/01/12 04:42:16 | 000,013,304 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TVMonitor.sys -- (MonitorFunction)
DRV - [2010/09/17 08:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/03/07 00:35:32 | 000,017,408 | ---- | M] (MARX Datentechnik GmbH ) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CBN.SYS -- (CBN)
DRV - [2007/02/17 11:54:31 | 000,074,240 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/17 11:49:15 | 000,179,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/17 01:02:56 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2007/02/17 00:51:18 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2006/01/12 05:56:56 | 000,102,528 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2004/11/01 05:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2003/03/25 03:10:24 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/03/25 03:09:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2003/03/25 03:08:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3legacy.sys -- (s3legacy)
DRV - [2002/11/27 01:46:28 | 000,730,700 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]Google[/url]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Justyna_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardUser.htm
IE - HKU\Justyna_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardUser.htm
IE - HKU\Justyna_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardUser.htm
IE - HKU\Justyna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)



O1 HOSTS File: ([2006/04/14 07:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	   localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE (CANON INC.)
O4 - HKLM..\Run: [LogMeIn GUI]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QPrinter 2.0 monitor] C:\Program Files\QPrinter Bookmaker\qprintmon.exe ()
O4 - HKLM..\Run: [Sage Komunikator] C:\Program Files\Sage\Komunikator\SageUpdt.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\Administrator_ON_C..\Run: [CWK (Czasowy Wyłącznik Komputera) 1]  File not found
O4 - HKU\Administrator_ON_C..\Run: [King_ar]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\1platnik.bat ()
O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Canon LASER SHOT LBP-1120 Status window.LNK =  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SATARaid.lnk = C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe (Silicon Image, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symfonia® PDF.lnk =  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\True [2007/05/10 12:25:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Justyna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [url="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301416130421"]http://update.micros...b?1301416130421[/url] (WUWebControl Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.p...kanerOnline.cab[/url] (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [url="https://secure.logmein.com/activex/ractrl.cab?lmi=100"]https://secure.logme...trl.cab?lmi=100[/url] (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/20 13:33:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{97902da0-5df9-11dd-9802-0020ed720c1c}\Shell\AutoRun\command - "" = G:\cgaqyi.exe
O33 - MountPoints2\{97902da0-5df9-11dd-9802-0020ed720c1c}\Shell\open\Command - "" = G:\cgaqyi.exe
O33 - MountPoints2\{cbf4b31a-1c29-11dd-bb54-0020ed720c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{cbf4b31a-1c29-11dd-bb54-0020ed720c1c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{cbf4b31b-1c29-11dd-bb54-0020ed720c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{cbf4b31b-1c29-11dd-bb54-0020ed720c1c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/01/07 21:41:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/07 12:48:16 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2013/01/07 12:48:13 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2013/01/07 12:48:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013/01/07 12:48:04 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/01/08 07:03:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/07 21:18:15 | 000,569,332 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2013/01/07 21:18:15 | 000,511,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/07 21:18:15 | 000,117,444 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2013/01/07 21:18:15 | 000,101,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/07 11:12:00 | 000,121,344 | ---- | M] () -- C:\WINDOWS\System32\pwdspy.exe
[2013/01/07 08:58:22 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Płatnik 8.01.001A.lnk
[2013/01/07 01:48:12 | 000,000,180 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2013/01/07 01:32:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/05 17:57:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\wylaczanie.job
[2013/01/04 17:57:39 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\copy.job
[2013/01/04 15:58:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1platnik.job
[2012/12/13 16:27:06 | 1610,612,736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/01/07 11:12:00 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\pwdspy.exe
[2012/01/23 01:34:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\fmt_jb2.dll
[2012/01/23 01:34:54 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\fmt_xcx.dll
[2012/01/23 01:34:54 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\xc_local.dll
[2012/01/23 01:34:54 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\fmt_xmf.dll
[2011/11/02 10:19:10 | 000,001,233 | ---- | C] () -- C:\WINDOWS\AmFK.ini
[2011/10/28 14:34:06 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.DLL
[2011/10/28 14:27:22 | 000,003,293 | ---- | C] () -- C:\WINDOWS\AmKd.ini
[2011/09/22 12:11:41 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Backup.INI
[2011/08/09 11:52:55 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/19 16:59:09 | 000,001,499 | ---- | C] () -- C:\WINDOWS\AmST.ini
[2010/01/25 06:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/13 12:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TAX.INI
[2008/11/11 08:55:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008/11/08 14:29:38 | 000,001,960 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/08/09 13:16:44 | 000,000,180 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/06/12 09:16:45 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\pdfxcds.dll
[2007/06/08 11:26:39 | 000,006,378 | ---- | C] () -- C:\WINDOWS\MxGrid.INI
[2007/04/26 12:24:15 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/21 04:34:26 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/04/21 02:50:58 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/04/20 16:21:45 | 000,000,318 | ---- | C] () -- C:\WINDOWS\mxreader.INI
[2007/04/20 16:16:07 | 000,000,732 | ---- | C] () -- C:\WINDOWS\amakt.INI
[2007/04/20 16:16:07 | 000,000,057 | ---- | C] () -- C:\WINDOWS\HK.INI
[2007/04/20 16:16:04 | 000,024,734 | ---- | C] () -- C:\WINDOWS\System32\mwdtbl2.dll
[2007/04/20 16:16:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CBNDLL.DLL
[2007/04/20 15:18:26 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/20 15:17:22 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/20 14:50:47 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2007/04/20 14:07:51 | 000,002,055 | R--- | C] () -- C:\WINDOWS\BTI.INI
[2007/04/20 14:03:12 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2007/04/20 13:39:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/20 13:29:51 | 000,021,372 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/14 07:00:00 | 000,569,332 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2006/04/14 07:00:00 | 000,511,284 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/14 07:00:00 | 000,316,494 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2006/04/14 07:00:00 | 000,275,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/14 07:00:00 | 000,216,006 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/14 07:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2006/04/14 07:00:00 | 000,117,444 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2006/04/14 07:00:00 | 000,101,254 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/14 07:00:00 | 000,051,737 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2006/04/14 07:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2006/04/14 07:00:00 | 000,041,400 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2006/04/14 07:00:00 | 000,036,076 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2006/04/14 07:00:00 | 000,029,710 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/14 07:00:00 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2006/04/14 07:00:00 | 000,023,192 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2006/04/14 07:00:00 | 000,010,621 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2006/04/14 07:00:00 | 000,005,676 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/04/14 07:00:00 | 000,004,725 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/14 07:00:00 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\mqtgsvc.exe.cfg
[2001/10/28 11:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2001/07/30 21:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/07/06 09:30:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

[color=#E56717]========== LOP Check ==========[/color]

[2008/11/09 07:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org
[2008/11/11 08:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\QPrint
[2008/11/09 07:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\QPrinter
[2011/11/02 10:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sage
[2011/07/13 02:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\TeamViewer
[2009/06/03 06:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Asseco Poland SA
[2011/06/16 12:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LogMeIn
[2010/01/13 12:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Puzzle
[2011/10/28 14:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sage
[2008/03/05 12:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Symfonia
[2013/01/04 15:58:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1platnik.job
[2013/01/04 17:57:39 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\copy.job
[2013/01/07 09:06:08 | 000,032,456 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2013/01/05 17:57:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\wylaczanie.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

Proszę o pomoc ponieważ muszę pilnie odzyskać dostęp do serwera.

[uwaga=pawel315]
Temat wydzielam i wstawiam logi w tagi [code=auto:0]
[/uwaga]

Użytkownik pawel315 edytował ten post 08 01 2013 - 16:52

otwórz notatnik i wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=-
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

Plik->Zapisz jako->fix.reg
Prawy klik i wybierz Scal.
Jak możesz to skan USBFix USBFix - Logi - Forum Komputerowe Tweaks.pl
I następnym razem zakładaj nowy temat.

Użytkownik bipiw edytował ten post 08 01 2013 - 16:32

Ja radzę zrobić tak:
1. Pobierz ten plik i wklej go do C:\Windows\system32\ link do pliku ->http://www36.zippysh...59534/file.html
2. Z poziomu OTLPE uruchom OTL i w oknie Custom Scans/Fixes wklej:

:OTL
O4 - HKLM..\Run: [LogMeIn GUI] File not found
O4 - HKU\Administrator_ON_C..\Run: [CWK (Czasowy Wyłącznik Komputera) 1] File not found
O4 - HKU\Administrator_ON_C..\Run: [King_ar] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symfonia® PDF.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

:Commands
[reboot]

Kliknij "Run fix"
Potem:

powiedz czy zadziałało jak tak to daj logi z OTL'a z poziomu systemu
użyj usbfix z postu bipiwa ( opcja Lising ) i daj loga z niego

P.S znasz te pliki?

C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\1platnik.bat
C:\WINDOWS\System32\pwdspy.exe

Użytkownik pawel315 edytował ten post 08 01 2013 - 17:46