mnich20 utworzono 13 lutego 2010 utworzono 13 lutego 2010 (edytowane) Witam koleżanka przyniosła mi lapka do naprawy. Problemy to: brak pliku - zlib4.dll brak dostępu do dysków lokalnych - po przywróceniu systemu z kilku dni wcześniej dostęp został przywrócony. Załączam logi do sprawdzenia z RSIT i OTL. Będę wdzięczny za szybką odpowiedz. Log z RSIT [log]Logfile of random's system information tool 1.06 (written by random/random) Run by monia at 2010-02-13 12:22:01 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 10 GB (37%) free of 26 GB Total RAM: 895 MB (80% free) HijackThis download failed ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}] MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}] My Global Search Bar BHO - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL [2009-12-13 225280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-25 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {37B85A29-692B-4205-9CAD-2626E4993404} - My Global Search Bar - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL [2009-12-13 225280] {0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-24 7569408] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-24 86016] "HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-04-17 110592] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-12 774233] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-10 37888] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-25 148888] "BearShare"=C:\Program Files\BearShare\BearShare.exe /pause [] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2002-05-10 73728] "VVSN"=C:\Program Files\VVSN\VVSN.exe [2004-12-22 107520] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2007-09-04 54576] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent [] "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536] "ALLUpdate"=C:\Program Files\ALLPlayer\ALLUpdate.exe sleep [] C:\Documents and Settings\monia\Menu Start\Programy\Autostart smgr32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] C:\WINDOWS\system32\antiwpa.dll [2006-10-14 5376] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Program Files\Bit Lord 1.1\BitLord.exe"="C:\Program Files\Bit Lord 1.1\BitLord.exe:*:Enabled:BitLord" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" "C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d747fa-bf1a-11de-8079-001a92dfa331}] shell\AutoRun\command - G:\esc.exe ======List of files/folders created in the last 1 months====== 2010-02-13 12:22:02 ----D---- C:\Program Files\trend micro 2010-02-13 12:22:01 ----D---- C:\rsit 2010-02-13 11:53:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 2010-02-13 11:52:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 2010-02-13 11:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$ 2010-02-13 11:52:35 ----N---- C:\WINDOWS\system32\xmllite.dll 2010-02-13 11:42:36 ----SHD---- C:\RECYCLER 2010-02-13 11:42:36 ----D---- C:\Program Files\MyGlobalSearch 2010-02-13 11:20:22 ----D---- C:\WINDOWS\temp 2010-02-13 11:17:09 ----D---- C:\WINDOWS\ERDNT 2010-02-13 11:17:09 ----D---- C:\Qoobox 2010-02-13 10:58:06 ----A---- C:\WINDOWS\ntbtlog.txt 2010-02-10 23:17:44 ----DC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-02-10 23:17:37 ----DC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-02-10 23:16:22 ----DC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-02-10 23:16:15 ----DC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-02-10 23:16:09 ----DC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-02-10 23:15:58 ----DC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-02-10 23:15:47 ----DC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-02-10 23:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$ 2010-01-29 09:42:32 ----SHD---- C:\found.000 2010-01-23 18:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$ ======List of files/folders modified in the last 1 months====== 2010-02-13 12:22:02 ----D---- C:\Program Files 2010-02-13 11:56:34 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-13 11:55:48 ----D---- C:\WINDOWS 2010-02-13 11:53:21 ----D---- C:\WINDOWS\Prefetch 2010-02-13 11:53:18 ----HD---- C:\WINDOWS\inf 2010-02-13 11:53:17 ----D---- C:\WINDOWS\system32 2010-02-13 11:53:01 ----A---- C:\WINDOWS\imsins.BAK 2010-02-13 11:52:38 ----HD---- C:\WINDOWS\$hf_mig$ 2010-02-13 11:50:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-02-13 11:50:07 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-13 11:47:07 ----D---- C:\WINDOWS\system32\drivers 2010-02-13 11:45:38 ----D---- C:\WINDOWS\system32\CatRoot 2010-02-13 11:43:12 ----D---- C:\WINDOWS\system32\config 2010-02-13 11:43:01 ----D---- C:\WINDOWS\system32\wbem 2010-02-13 11:43:00 ----D---- C:\WINDOWS\Registration 2010-02-13 11:18:47 ----A---- C:\WINDOWS\system.ini 2010-02-13 09:53:23 ----D---- C:\Documents and Settings\monia\Dane aplikacji\Winamp 2010-02-13 09:24:07 ----D---- C:\Program Files\Mozilla Firefox 2010-02-10 11:32:41 ----D---- C:\Documents and Settings\monia\Dane aplikacji\VSO 2010-02-07 13:27:03 ----D---- C:\Documents and Settings\monia\Dane aplikacji\gtk-2.0 2010-01-23 18:17:27 ----D---- C:\Program Files\Internet Explorer 2010-01-16 10:45:16 ----D---- C:\WINDOWS\Minidump ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-12 193056] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864] S2 NwlnkIpx;Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448] S2 NwlnkNb;System NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232] S2 NwlnkSpx;Protokół NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936] S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-07-17 494080] S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS [] S3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-24 3661184] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-04 34176] S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-04 13056] S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163584] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-25 152984] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-24 143427] S2 NWCWorkstation;Usługa klienta dla systemu NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------[/log] Log z OTL plik Extras [log]OTL Extras logfile created on: 2010-02-13 12:10:53 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\monia\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 895,00 Mb Total Physical Memory | 750,00 Mb Available Physical Memory | 84,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 25,00 Gb Total Space | 9,31 Gb Free Space | 37,24% Space Free | Partition Type: NTFS Drive D: | 86,78 Gb Total Space | 73,91 Gb Free Space | 85,17% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 298,09 Gb Total Space | 2,47 Gb Free Space | 0,83% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MONIA-DC4E85F71 Current User Name: monia Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1177238915-1715567821-839522115-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.) "C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC) "C:\Program Files\Bit Lord 1.1\BitLord.exe" = C:\Program Files\Bit Lord 1.1\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com) "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found "C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{29943E04-5E17-416A-9876-41EE64BF88E9}}[Files]_is1" = Driver CD Creator v1.3.1 "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.5.5c "{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{94A7D275-E658-4B29-8C7F-2AAEF6CF453F}" = DAEMON Tools "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "342C18BCBCBED6905E53C982AA36C4830D43716E" = Windows Driver Package - NVIDIA System (05/13/2005 5.1.2600.0450) "4E5BBDAC46CABC920502E7C8DC1428919A3DB83F" = Windows Driver Package - NVIDIA (nvsmu) System (03/06/2006 5.1.2600.0114) "53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "8616D564CF16B5649AD2CCD417FAF71FF9A55845" = Windows Driver Package - NVIDIA System (06/08/2006 4.5.7) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "B4D4DBEF57F64A9AC87AEA0057435ABC6E7A00D4" = Windows Driver Package - NVIDIA Corporation (nvata) HDC (01/27/2006 5.10.2600.0650) "BearShare" = BearShare "bearsharetb" = MediaBar "BitLord" = BitLord 1.1 "D3637900ECBCB65E5C282A5A02042EE7B3CA8885" = Windows Driver Package - NVIDIA (NVENETFD) Net (03/03/2006 50.2.4) "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "HControl" = ATK0100 ACPI UTILITY "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17) "My Global Search Uninstall" = My Global Search Bar "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "NVIDIA Drivers" = NVIDIA Drivers "SMPlayer" = SMPlayer 0.6.8 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WIC" = Windows Imaging Component "Winamp" = Winamp "Wincmd" = Windows Commander (Remove only) "Windows Media Format Runtime" = Windows Media Format Runtime "WinGimp-2.0_is1" = GIMP 2.6.6 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2009-08-19 04:47:20 | Computer Name = MONIA-DC4E85F71 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd mshtml.dll, wersja 6.0.2900.3603, adres błędu 0x0023bfba. Error - 2009-08-27 03:26:44 | Computer Name = | Source = JavaQuickStarterService | ID = 1 Description = Error - 2009-08-29 03:18:44 | Computer Name = | Source = JavaQuickStarterService | ID = 1 Description = Error - 2009-09-21 06:58:07 | Computer Name = | Source = JavaQuickStarterService | ID = 1 Description = Error - 2009-09-28 08:16:58 | Computer Name = | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80004002 z w wierszu 44 z d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2009-09-28 08:16:58 | Computer Name = | Source = SENS | ID = 0 Description = Error - 2009-11-07 16:02:30 | Computer Name = | Source = JavaQuickStarterService | ID = 1 Description = Error - 2009-11-18 16:12:40 | Computer Name = | Source = SENS | ID = 0 Description = Error - 2009-11-20 01:54:54 | Computer Name = | Source = JavaQuickStarterService | ID = 1 Description = Error - 2009-11-27 02:55:47 | Computer Name = | Source = JavaQuickStarterService | ID = 1 Description = [ System Events ] Error - 2010-02-13 06:45:57 | Computer Name = MONIA-DC4E85F71 | Source = System Error | ID = 1003 Description = Kod błędu c0000135, parametr 1 e1e8ac10, parametr 2 e28a2698, parametr 3 00000000, parametr 4 00000000. Error - 2010-02-13 06:53:27 | Computer Name = MONIA-DC4E85F71 | Source = Windows Update Agent | ID = 20 Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Windows Internet Explorer 7 dla systemu Windows XP. Error - 2010-02-13 07:03:55 | Computer Name = MONIA-DC4E85F71 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-02-13 07:04:08 | Computer Name = MONIA-DC4E85F71 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 2010-02-13 07:08:13 | Computer Name = MONIA-DC4E85F71 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} < End of report > [/log] plik OTL [log]OTL logfile created on: 2010-02-13 12:10:53 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\monia\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 895,00 Mb Total Physical Memory | 750,00 Mb Available Physical Memory | 84,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 25,00 Gb Total Space | 9,31 Gb Free Space | 37,24% Space Free | Partition Type: NTFS Drive D: | 86,78 Gb Total Space | 73,91 Gb Free Space | 85,17% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 298,09 Gb Total Space | 2,47 Gb Free Space | 0,83% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MONIA-DC4E85F71 Current User Name: monia Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-02-13 12:02:47 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monia\Pulpit\OTL.exe PRC - [2009-02-09 11:10:45 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-04 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-04 13:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-02-13 12:02:47 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monia\Pulpit\OTL.exe MOD - [2009-12-08 10:13:27 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 09:48:08 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 16:18:19 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 15:21:24 | 001,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 11:22:08 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 11:22:06 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-10-23 14:01:37 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-07-03 14:16:27 | 008,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-04 13:00:00 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 13:00:00 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-04 13:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 13:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 13:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 13:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-04 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-04 13:00:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2004-08-04 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 13:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2004-08-04 13:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 13:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 13:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2004-08-04 13:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-05-25 17:33:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2006-08-24 17:40:00 | 000,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2004-08-04 13:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2008-08-20 18:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006-08-24 17:40:00 | 003,661,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-07-24 14:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-07-17 06:49:54 | 000,494,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2006-06-18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-05-12 13:17:56 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2006-03-04 05:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-03-04 05:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006-01-28 05:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005-02-17 22:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005-01-07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004-08-04 13:00:00 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR) DRV - [2004-08-04 13:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2004-08-04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004-08-04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004-08-04 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2004-08-04 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004-05-28 09:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5) DRV - [2002-05-13 09:14:38 | 000,077,920 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stealth.sys -- (Stealth) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1177238915-1715567821-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ IE - HKU\S-1-5-21-1177238915-1715567821-839522115-1004\S-1-5-21-1177238915-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.wp.pl" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.0 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-11 16:26:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-13 11:18:29 | 000,000,000 | ---D | M] [2009-05-24 09:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Extensions [2010-02-12 13:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\extensions [2009-05-25 17:31:19 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-12-14 06:52:06 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2009-05-25 17:31:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\searchplugins\winamp-search.xml [2010-02-12 13:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-06-15 10:14:40 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2009-08-27 17:37:14 | 000,460,280 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAHJONG.dll [2009-07-16 17:23:34 | 000,685,552 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAKAOV2.dll [2009-12-13 22:20:29 | 000,024,576 | ---- | M] (My Global Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll [2009-07-22 22:12:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2008-04-03 18:19:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2007-03-31 18:11:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2006-06-03 17:43:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2008-03-28 22:36:04 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2007-01-05 12:40:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (My Global Search) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (My Global Search) O3 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (My Global Search) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (VeNoM386 and SwENSkE) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe (WhenU.com) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe File not found O4 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - Startup: C:\Documents and Settings\monia\Menu Start\Programy\Autostart\smgr32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\antiwpa.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\monia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\monia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-05-23 13:26:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{a6d747fa-bf1a-11de-8079-001a92dfa331}\Shell - "" = AutoRun O33 - MountPoints2\{a6d747fa-bf1a-11de-8079-001a92dfa331}\Shell\AutoRun\command - "" = G:\esc.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-05-23 13:26:18 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation) NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\monia\Pulpit\cykaj. [2010-02-13 12:08:20 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monia\Pulpit\OTL.exe [2010-02-13 11:53:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ [2010-02-13 11:52:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ [2010-02-13 11:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monia\Pulpit\Studniowka [2010-02-13 11:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monia\Pulpit\f [2010-02-13 11:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monia\Pulpit\ewi [2010-02-13 11:42:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-02-13 11:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\MyGlobalSearch [2010-02-13 11:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010-02-13 11:17:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-02-13 11:17:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-01-29 09:42:32 | 000,000,000 | -HSD | C] -- C:\found.000 [2009-05-23 13:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-05-23 13:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-05-23 13:26:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-05-23 13:26:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\monia\Pulpit\cykaj. [2010-02-13 12:03:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-13 12:02:57 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\monia\Pulpit\RSIT.exe [2010-02-13 12:02:47 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monia\Pulpit\OTL.exe [2010-02-13 11:56:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-13 11:56:29 | 003,108,864 | ---- | M] () -- C:\Documents and Settings\monia\ntuser.dat [2010-02-13 11:56:29 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\monia\ntuser.ini [2010-02-13 11:55:39 | 000,045,759 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-02-13 11:54:47 | 003,755,940 | -H-- | M] () -- C:\Documents and Settings\monia\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-13 11:53:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-13 11:47:07 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-02-13 11:43:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-13 11:18:47 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-13 11:05:17 | 041,766,616 | ---- | M] () -- C:\Documents and Settings\monia\Pulpit\setup_av_free_pol.exe [2010-02-07 13:28:19 | 000,005,372 | ---- | M] () -- C:\Documents and Settings\monia\.recently-used.xbel [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-13 12:08:22 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\monia\Pulpit\RSIT.exe [2010-02-13 11:51:03 | 041,766,616 | ---- | C] () -- C:\Documents and Settings\monia\Pulpit\setup_av_free_pol.exe [2010-02-09 20:24:29 | 003,108,864 | ---- | C] () -- C:\Documents and Settings\monia\ntuser.dat [2010-02-07 13:28:19 | 000,005,372 | ---- | C] () -- C:\Documents and Settings\monia\.recently-used.xbel [2009-07-24 15:25:29 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009-07-14 13:11:39 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\monia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-11 10:03:11 | 000,000,572 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-05-30 18:16:16 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\monia\Dane aplikacji\Smiley.ico [2009-05-23 15:25:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2009-05-23 15:14:23 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-05-23 15:14:22 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-05-23 15:14:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009-05-23 15:14:21 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009-05-23 15:14:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2009-05-23 14:24:47 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll [2004-08-04 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [color=#E56717]========== LOP Check ==========[/color] [2009-05-23 15:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\GetRightToGo [2009-05-30 18:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\1A138 [2009-07-28 17:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\D399 [2009-10-25 21:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2009-10-15 20:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-11-05 14:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2009-07-28 18:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\BearShare [2009-12-13 22:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\BearShareTb [2009-10-18 20:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\DC++ [2009-12-19 10:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\GanymedeNet [2010-02-07 13:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\gtk-2.0 [2009-11-22 15:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\Nowe Gadu-Gadu [2009-05-29 19:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\OpenFM [2010-02-10 11:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\VSO [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%*.* >[/color] [2009-05-23 13:26:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009-05-23 13:41:48 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2004-08-04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-05-23 13:26:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-05-23 13:26:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-05-23 13:26:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-08-04 13:00:00 | 000,250,624 | RHS- | M] () -- C:\ntldr [2010-02-13 12:03:25 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys < End of report > [/log]
Mateusz J. komentarz 14 lutego 2010 komentarz 14 lutego 2010 Masz wirusa z pendrive. Pokaż log z ComboFix.
mnich20 komentarz 15 lutego 2010 Autor komentarz 15 lutego 2010 (edytowane) Zrobiłem skana z: - Avasta wykrył wirusa - pliki usunąłem, - MKS vir online wykrył wirusa i trojana - pliki usunąłem, - skaner online kasperski - trojana pliki usunięte, - skaner online nod 32 -wykrył 2 wirusy i trojana - pliki usuną. Na forum znalazłem jeśli jest błąd pliku zlib4.dll aby wstawić w OTL: [log]:OTL O4 - Startup: C:\Documents and Settings\monia\Menu Start\Programy\Autostart\smgr32.exe () :Files C:\Documents and Settings\monia\Menu Start\Programy\Autostart\smgr32.exe :Commands [emptytemp] [start explorer] [Reboot] [/log] Komunikat o braku pliku już się nie pojawia. Wydaję mi się że juest tu jeszcze dużo śmieci w logach. Po uruchomieniu combofixa zaczął od razu skanować, usuną kilka folderów, zrestartował się i poniżej log. [log]ComboFix 10-02-12.01 - monia 2010-02-15 19:09:14.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.895.560 [GMT 1:00] Uruchomiony z: c:\documents and settings\monia\Pulpit\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll c:\program files\myglobalsearch c:\program files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST c:\program files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST c:\program files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL c:\program files\myglobalsearch\bar\Cache\0002D0B4 c:\program files\myglobalsearch\bar\Cache\0002D2F6.bin c:\program files\myglobalsearch\bar\Cache\0002D4CA.bin c:\program files\myglobalsearch\bar\Cache\0002D5E4.bin c:\program files\myglobalsearch\bar\Cache\files.ini c:\program files\myglobalsearch\bar\History\search c:\program files\myglobalsearch\bar\Settings\prevcfg.htm . ((((((((((((((((((((((((( Pliki utworzone od 2010-01-15 do 2010-02-15 ))))))))))))))))))))))))))))))) . 2010-02-15 18:02 . 2010-02-15 18:02 396288 ----a-w- c:\windows\system32\CF2970.exe 2010-02-14 21:04 . 2010-02-14 21:04 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\ArcaBit 2010-02-14 20:10 . 2010-02-14 20:10 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\Apple Computer 2010-02-14 20:10 . 2010-02-14 20:10 -------- d-----w- c:\documents and settings\monia\Ustawienia lokalne\Dane aplikacji\Apple Computer 2010-02-14 19:54 . 2009-04-06 10:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys 2010-02-14 19:52 . 2009-02-10 15:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys 2010-02-14 19:52 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-02-14 19:51 . 2009-02-18 16:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys 2010-02-14 19:50 . 2010-02-14 19:50 -------- d-----w- c:\program files\Agnitum 2010-02-14 19:50 . 2010-02-14 19:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Agnitum 2010-02-14 19:46 . 2010-02-14 20:08 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\ArcaVirMicroScan 2010-02-14 18:06 . 2010-02-14 18:06 -------- d-----w- c:\program files\ESET 2010-02-14 17:00 . 2010-02-14 17:15 -------- d-----w- c:\program files\SkanerOnline 2010-02-14 16:31 . 2010-02-14 16:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-02-14 16:29 . 2010-02-14 16:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage 2010-02-14 16:29 . 2008-06-19 19:53 60416 ----a-w- c:\windows\system32\antiwpa.dll 2010-02-14 16:19 . 2010-02-14 16:19 -------- d-sh--w- c:\documents and settings\monia\IECompatCache 2010-02-14 16:19 . 2010-02-14 16:19 -------- d-sh--w- c:\documents and settings\monia\PrivacIE 2010-02-14 16:16 . 2010-02-14 16:16 -------- d-sh--w- c:\documents and settings\monia\IETldCache 2010-02-14 16:14 . 2010-02-14 16:21 -------- d-----w- c:\windows\ie8updates 2010-02-14 16:12 . 2010-02-14 16:13 -------- dc-h--w- c:\windows\ie8 2010-02-14 16:10 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-02-14 16:10 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-02-14 16:10 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-02-14 16:10 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-02-14 16:10 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-02-14 16:10 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-02-14 16:10 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-02-14 16:00 . 2010-02-14 16:00 -------- d-----w- c:\windows\system32\LogFiles 2010-02-14 15:41 . 2010-02-14 16:16 -------- d-----w- c:\windows\system32\pl-pl 2010-02-14 15:41 . 2010-02-14 15:41 -------- d-----w- c:\windows\system32\pl 2010-02-14 15:41 . 2010-02-14 15:41 -------- d-----w- c:\windows\system32\bits 2010-02-14 15:41 . 2010-02-14 15:41 -------- d-----w- c:\windows\l2schemas 2010-02-14 14:03 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-02-14 14:03 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-02-14 14:03 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-02-14 14:03 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-02-14 14:03 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-02-14 14:03 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-02-14 14:03 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-02-14 14:03 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-02-14 14:03 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-02-14 14:03 . 2010-02-14 14:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2010-02-13 11:22 . 2010-02-13 11:22 -------- d-----w- c:\program files\trend micro 2010-02-13 10:43 . 2010-02-13 10:43 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-29 08:42 . 2010-01-29 08:42 -------- d-----w- C:\found.000 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-14 19:53 . 2009-05-25 16:28 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\Winamp 2010-02-14 16:50 . 2004-08-04 12:00 84062 ----a-w- c:\windows\system32\perfc015.dat 2010-02-14 16:50 . 2004-08-04 12:00 490852 ----a-w- c:\windows\system32\perfh015.dat 2010-02-14 15:43 . 2009-05-23 12:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-02-14 14:03 . 2009-05-23 15:26 -------- d-----w- c:\program files\Alwil Software 2010-02-10 10:32 . 2009-10-13 13:25 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\VSO 2010-02-09 11:32 . 2009-11-24 05:54 79488 ----a-w- c:\documents and settings\monia\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-07 12:27 . 2009-06-06 20:29 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\gtk-2.0 2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-19 09:35 . 2009-07-01 08:48 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\GanymedeNet 2009-12-19 09:34 . 2009-07-01 08:47 -------- d-----w- c:\program files\Ganymede 2009-12-17 07:42 . 2009-05-23 12:22 345088 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:37 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv(2).dll 2009-12-14 07:10 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-09 10:11 . 2004-08-04 12:00 2146816 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-09 10:11 . 2004-08-04 00:39 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:14 . 2004-08-04 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:14 . 2004-08-04 00:44 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:09 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:09 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:09 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:09 . 2004-08-04 00:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:09 . 2001-10-26 17:29 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-21 16:03 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}] 2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576] [HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7569408] "nwiz"="nwiz.exe" [2006-08-24 1617920] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-24 86016] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 774233] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2002-05-10 73728] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464] "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\Bit Lord 1.1\\BitLord.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 Stealth;Stealth;c:\windows\system32\drivers\stealth.sys [2002-05-13 77920] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-02-14 162512] S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-02-14 704384] S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2010-02-14 1195008] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-02-14 19024] S3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-02-14 31128] S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-02-14 257432] . Zawartość folderu 'Zaplanowane zadania' 2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{18533090-4690-4C1F-89D8-9065AAF3EF5C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.bearshare.com/ uInternet Connection Wizard,ShellNext = iexplore FF - ProfilePath - c:\documents and settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKCU-Run-ALLUpdate - c:\program files\ALLPlayer\ALLUpdate.exe HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe HKLM-Run-VVSN - c:\program files\VVSN\VVSN.exe Notify-WgaLogon - (no file) AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\uninstall_plugin.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-15 19:21 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(1404) c:\windows\system32\WININET.dll . Czas ukończenia: 2010-02-15 19:25:21 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-15 18:25 Przed: 7 801 167 872 bajtów wolnych Po: 7 929 995 264 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 648EB70CC5DF49D45950DE3E8CB127F4 [/log]
Gość komentarz 15 lutego 2010 komentarz 15 lutego 2010 Czysto. Odpal OTL i wciśnij CleanUp. Pełny scan MBAMem: http://www.forumpc.pl/index.php?showtopic=107753&st=0&p=752434&fromsearch=1&#entry752434
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.