Nie moge wejsc na dysk d po formacie c - log hijack

Dla specjalistów Bezpieczeństwo
#1

witam

nie moge wejsc na dysk d po formacie c, jedynie przez total commander to sie udaje #-o . nizej logi z DSS i hijack:

Deckard’s System Scanner v20071014.68

Run by Daria on 2008-02-04 16:41:42

Computer is in Normal Mode.

– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –

16: 2008-02-04 15:42:15 UTC - RP16 - Deckard’s System Scanner Restore Point

15: 2008-02-04 02:54:14 UTC - RP15 - Zainstalowano: Microsoft Office XP Professional z programem FrontPage

14: 2008-02-04 02:51:40 UTC - RP14 - Zainstalowano: QuickTime

13: 2008-02-04 02:18:05 UTC - RP13 - Installed AVG 7.5

12: 2008-02-04 02:08:14 UTC - RP12 - Software Distribution Service 3.0

– First Restore Point –

1: 2008-02-04 01:28:43 UTC - RP1 - Punkt kontrolny systemu

Backed up registry hives.

Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).

Total Physical Memory: 504 MiB (512 MiB recommended).

– HijackThis (run as Daria.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:45:06, on 2008-02-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\acer\epm\epm-dm.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Winamp\winamp.exe

C:\totalcmd\TOTALCMD.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Daria\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ROTWQ46I\dss[2].exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Daria.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM…\Run: [LaunchApp] Alaunch

O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32

O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM…\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM…\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

End of file - 8651 bytes

– File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys

R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys

R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys

R3 int15.sys - c:\program files\acer\erecovery\int15.sys

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys

R4 DritekPortIO (Dritek General Port I/O) - c:\program files\launch manager\dportio.sys

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe

– Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

– Scheduled Tasks -------------------------------------------------------------

2008-02-04 03:51:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2008-02-04 03:24:00 526 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Daria.job

– Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-04 16:44:27 0 d-------- C:\Program Files\Trend Micro

2008-02-04 16:33:26 0 dr-h----- C:$VAULT$.AVG

2008-02-04 03:54:24 0 d-------- C:\WINDOWS\ShellNew

2008-02-04 03:51:52 0 d-------- C:\Program Files\QuickTime

2008-02-04 03:50:59 0 d-------- C:\Program Files\Apple Software Update

2008-02-04 03:43:16 0 d-------- C:\Program Files\SymNetDrv

2008-02-04 03:41:08 164352 --a------ C:\WINDOWS\system32\unrar.dll

2008-02-04 03:41:02 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-02-04 03:40:58 0 d-------- C:\Program Files\K-Lite Codec Pack

2008-02-04 03:32:41 0 d-------- C:\Program Files\Gadu-Gadu

2008-02-04 03:16:47 0 d-------- C:\Program Files\SubEdit-Player

2008-02-04 03:07:36 0 d-------- C:\WINDOWS\system32\pl-pl

2008-02-04 03:07:16 545 --a------ C:\WINDOWS\UC.PIF

2008-02-04 03:07:16 545 --a------ C:\WINDOWS\RAR.PIF

2008-02-04 03:07:16 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-02-04 03:07:16 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-02-04 03:07:16 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-02-04 03:07:16 545 --a------ C:\WINDOWS\LHA.PIF

2008-02-04 03:07:16 545 --a------ C:\WINDOWS\ARJ.PIF

2008-02-04 03:07:16 0 d-------- C:\totalcmd

2008-02-04 03:04:30 0 d-------- C:\WINDOWS\RegisteredPackages

2008-02-04 03:01:49 0 d-------- C:\Program Files\Winamp

2008-02-04 02:59:57 0 d-------- C:\Program Files\Norton AntiVirus

2008-02-04 02:59:28 0 d-------- C:\WINDOWS\network diagnostic

2008-02-04 02:59:17 0 d–h----- C:\WINDOWS$hf_mig$

2008-02-04 02:59:01 0 d-------- C:\Program Files\Symantec

2008-02-04 02:59:01 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-02-04 02:54:40 0 d-------- C:\Program Files\IrfanView

2008-02-04 02:47:03 0 d-------- C:\Program Files\Google

2008-02-04 02:37:12 0 d-------- C:\WINDOWS\Downloaded Installations

2008-02-04 02:35:01 245760 --a------ C:\WINDOWS\system32\Check.exe

2008-02-04 02:34:58 0 d-------- C:\Program Files\acer

2008-02-04 02:34:41 0 d-------- C:\Program Files\Launch Manager

2008-02-04 02:34:39 147456 --a------ C:\WINDOWS\UNINST32.EXE

2008-02-04 02:32:18 221258 --a------ C:\WINDOWS\system32\Epm-Po.dll

2008-02-04 02:32:18 78208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys

2008-02-04 02:32:18 4096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys

2008-02-04 02:32:18 0 d-------- C:\Acer

2008-02-04 01:25:28 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

– Find3M Report ---------------------------------------------------------------

2008-02-04 16:44:32 40296 --a------ C:\Documents and Settings\Daria\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-02-04 03:37:54 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Gadu-Gadu

2008-02-04 03:18:26 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\AVG7

2008-02-04 03:01:50 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Winamp

2008-02-04 02:59:14 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Symantec

2008-02-04 02:48:08 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Macromedia

2008-02-04 02:47:08 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Google

2008-02-04 02:33:38 1024 -r-h----- C:\WINDOWS\system32\NTIBUN4.dll

2008-02-04 02:33:08 1024 -r-h----- C:\WINDOWS\system32\NTIMPEG2.dll

2008-02-04 02:33:08 1024 -r-h----- C:\WINDOWS\system32\NTIMP3.dll

2008-02-04 02:33:08 1024 -r-h----- C:\WINDOWS\system32\NTIFCD3.dll

2008-02-04 02:33:08 1024 -r-h----- C:\WINDOWS\system32\NTICDMK7.dll

2008-02-04 02:15:46 4094 --a------ C:\WINDOWS\CLEANUP.CMD

2008-02-04 02:15:32 228 --a------ C:\WINDOWS\HOTFIX.BAT

– Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“LaunchApp”=“Alaunch” []

“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-01-07 16:17]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-01-07 16:16]

“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-04 20:00]

“MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-04 20:00]

“PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 20:00]

“PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 20:00]

“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-03-22 13:57]

“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-03-22 13:53]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-07-15 01:07]

“SoundMan”=“SOUNDMAN.EXE” [2004-12-01 15:54 C:\WINDOWS\soundman.exe]

“EPM-DM”=“c:\acer\epm\epm-dm.exe” [2005-04-21 10:13]

“ePowerManagement”=“C:\Acer\ePM\ePM.exe” [2005-03-15 10:03]

“AGRSMMSG”=“AGRSMMSG.exe” [2005-04-15 11:45 C:\WINDOWS\AGRSMMSG.exe]

“LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” [2005-04-28 10:51]

“eRecoveryService”=“C:\Windows\System32\Check.exe” [2004-11-24 17:34]

“Google Desktop Search”=“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” [2008-02-04 02:55]

“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 17:32]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-01-15 23:54]

“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-02-04 03:18]

“Symantec NetDriver Monitor”=“C:\PROGRA~1\SYMNET~1\SNDMon.exe” [2008-02-04 03:43]

“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-01-10 15:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 20:00]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-02-04 02:48]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:55]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5adfe13f-d2c7-11dc-ae84-806d6172696f}]

AutoRun\command- h.cmd

explore\Command- h.cmd

open\Command- h.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{653ba658-d336-11dc-ae8a-0012f0d9814d}]

AutoRun\command- ntdelect.com

explore\Command- utdetect.com

open\Command- utdetect.com

– End of Deckard’s System Scanner: finished at 2008-02-04 16:46:27 ------------

Deckard’s System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

– System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Polish

CPU 0: Intel® Pentium® M processor 1.73GHz

Percentage of Memory in Use: 55%

Physical Memory (total/avail): 503.42 MiB / 222.58 MiB

Pagefile Memory (total/avail): 1229.02 MiB / 778.34 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1919.41 MiB

C: is Fixed (FAT32) - 26.87 GiB total, 20.31 GiB free.

D: is Fixed (FAT32) - 27.04 GiB total, 1.92 GiB free.

E: is CDROM (No Media)

\.\PHYSICALDRIVE0 - TOSHIBA MK6025GAS - 55.89 GiB - 3 partitions

\PARTITION0 - Unknown - 2000.25 MiB

\PARTITION1 (bootable) - Unknown - 26.88 GiB - C:

\PARTITION2 - Rozszerzona z rozszerzonym przerwaniem 13 - 27.06 GiB - D:

– Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Daria\Dane aplikacji

CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=ACER-CD914CD462

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Daria

LOGONSERVER=\ACER-CD914CD462

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0d08

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Daria\USTAWI~1\Temp

TMP=C:\DOCUME~1\Daria\USTAWI~1\Temp

USERDOMAIN=ACER-CD914CD462

USERNAME=Daria

USERPROFILE=C:\Documents and Settings\Daria

windir=C:\WINDOWS

– User Profiles ---------------------------------------------------------------

Daria (admin)

– Add/Remove Programs ---------------------------------------------------------

–>

–>

–> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"

–> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}

Acer ePowerManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe” -l0x15

Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}

Aktualizacja dla systemu Windows XP (KB904942) --> “C:\WINDOWS$NtUninstallKB904942$\spuninst\spuninst.exe”

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}

Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe

Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Toolbar for Internet Explorer --> regsvr32 /u /s “c:\program files\google\googletoolbar2.dll”

Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592

Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}

IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe

K-Lite Codec Pack 3.7.0 Standard --> “C:\Program Files\K-Lite Codec Pack\unins000.exe”

Launch Manager --> C:\WINDOWS\UnInst32.exe LManager.UNI

LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE

LiveUpdate 3.0 (Symantec Corporation) --> “C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE” /U

Microsoft Office XP Professional z programem FrontPage --> MsiExec.exe /I{90280415-6000-11D3-8CFE-0050048383C9}

Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}

Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X

Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}

Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}

NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{69CC0647-7F98-4358-AAB6-4F65C0705400} /l1033 BUN4

NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5242A858-AD61-4130-92D4-BDF5087CE562} /l1033 CDM7

Poprawka dla systemu Windows XP (KB914440) --> “C:\WINDOWS$NtUninstallKB914440$\spuninst\spuninst.exe”

Poprawka systemu Windows XP - KB885855 --> C:\WINDOWS$NtUninstallKB885855$\spuninst\spuninst.exe

PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe” -uninstall

QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}

Realtek AC’97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe” REMOVE

SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

SubEdit-Player --> “C:\Program Files\SubEdit-Player\unins000.exe”

Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}

Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}

SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}

Synaptics Pointing Device Driver --> rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall

Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe

Winamp --> “C:\Program Files\Winamp\UninstWA.exe”

– Application Event Log -------------------------------------------------------

Event Record #/Type54 / Warning

Event Submitted/Written: 02/04/2008 03:57:50 AM

Event ID/Source: 5603 / WinMgmt

Event Description:

Dostawca, OffProv10, został zarejestrowany w obszarze nazw WMI, Root\MSAPPS10, ale nie określił właściwości HostingModel. Ten dostawca będzie działał za pomocą konta LocalSystem. To konto jest uprzywilejowane i dostawca może spowodować naruszenie zabezpieczeń, jeśli niepoprawnie spersonifikuje żądania użytkownika. Upewnij się, że dostawca został sprawdzony pod względem bezpieczeństwa i zaktualizuj właściwość HostingModel rejestracji dostawcy z kontem o możliwie najmniejszych uprawnieniach dla wymaganej funkcjonalności.

Event Record #/Type53 / Warning

Event Submitted/Written: 02/04/2008 03:57:50 AM

Event ID/Source: 5603 / WinMgmt

Event Description:

Dostawca, OffProv10, został zarejestrowany w obszarze nazw WMI, Root\MSAPPS10, ale nie określił właściwości HostingModel. Ten dostawca będzie działał za pomocą konta LocalSystem. To konto jest uprzywilejowane i dostawca może spowodować naruszenie zabezpieczeń, jeśli niepoprawnie spersonifikuje żądania użytkownika. Upewnij się, że dostawca został sprawdzony pod względem bezpieczeństwa i zaktualizuj właściwość HostingModel rejestracji dostawcy z kontem o możliwie najmniejszych uprawnieniach dla wymaganej funkcjonalności.

– Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

– System Event Log ------------------------------------------------------------

Event Record #/Type169 / Error

Event Submitted/Written: 02/04/2008 04:06:34 AM

Event ID/Source: 7 / Cdrom

Event Description:

W urządzeniu \Device\CdRom0 wystąpił zły blok.

Event Record #/Type168 / Error

Event Submitted/Written: 02/04/2008 04:05:14 AM

Event ID/Source: 7 / Cdrom

Event Description:

W urządzeniu \Device\CdRom0 wystąpił zły blok.

Event Record #/Type167 / Error

Event Submitted/Written: 02/04/2008 04:03:58 AM

Event ID/Source: 7 / Cdrom

Event Description:

W urządzeniu \Device\CdRom0 wystąpił zły blok.

Event Record #/Type164 / Error

Event Submitted/Written: 02/04/2008 04:01:34 AM

Event ID/Source: 7 / Cdrom

Event Description:

W urządzeniu \Device\CdRom0 wystąpił zły blok.

Event Record #/Type160 / Error

Event Submitted/Written: 02/04/2008 03:53:56 AM / 02/04/2008 03:53:57 AM

Event ID/Source: 7 / Cdrom

Event Description:

W urządzeniu \Device\CdRom0 wystąpił zły blok.

– End of Deckard’s System Scanner: finished at 2008-02-04 16:46:27 ------------

#2

Należy wyłączyć proste udostępnianie plików, a następnie przejąć folder na własność:

Mój komputer>>Narzędzia>>Opcje folderów>>Widok>>Ustawienia zaawansowane>>wyczyścić pole wyboru Użyj prostego udostępniania plików (zalecane)>>OK.

1.Kliknij PPM na folder, który chcesz przejąć na własność >> Właściwości.

2.Kliknij kartę Zabezpieczenia, a następnie kliknij przycisk OK w oknie komunikatu Zabezpieczenia (jeśli się pojawi).

3.Kliknij przycisk Zaawansowane, a następnie kliknij kartę Właściciel.

4.Na liście Nazwa kliknij własną nazwę użytkownika, nazwę Administrator, jeśli zalogowano się jako Administrator, lub kliknij grupę Administratorzy.

Jeśli chcesz przejąć na własność zawartość folderu, kliknij, aby zaznaczyć pole wyboru Zamień właściciela dla podkontenerów i obiektów.

5.Kliknij przycisk OK.

Jeżeli masz XP Home zrób to w trybie awaryjnym

:slight_smile:

Masz świeży system i tyle badziewia w uruchamianiu?

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Optymalizacja Autostartu http://www.bezpieczenstwosystemow.pl/index.php?topic=116.0

Popracuj nad tym

:slight_smile:

#3

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350