Win32:Agent-KDC[Trj] jak sie pozbyc?

wania99 · 12 Luty 2008 20:03

Witam!

Mam problem mój antyvirus Avast! wykrył wirusa Win32:Agent-KDC[Trj] (trojana) i nie wiem jak go sie pozbyc, przy karzdym włączaniu komputera stosuje kwarantanne ale czy to w czymś pomorze?

Gutek · 13 Luty 2008 00:22

Pisząc w dziale bezpieczeństwo umieść zawsz log z Combo jak nie możesz to z Deckard’s System Scanner. Prosząc o pomoc w tym dziale sugerujesz, że możesz miec zainfekowany system. Na forum używamy polskich znaczków (ę, ą, ś, ż, ź, ć, ń, ł, ó).

wania99 · 13 Luty 2008 21:13

Co mam robić dalej po uruchomieniu Deckard`s System Scanner ? wyswietlilo mi sie to:

Deckard’s System Scanner v20071014.68

Run by User on 2008-02-13 17:34:21

Computer is in Normal Mode.

– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –

64: 2008-02-13 16:34:26 UTC - RP64 - Deckard’s System Scanner Restore Point

63: 2008-02-10 08:24:06 UTC - RP63 - Punkt kontrolny systemu

62: 2008-02-07 21:17:39 UTC - RP62 - Punkt kontrolny systemu

61: 2008-02-05 09:02:19 UTC - RP61 - Punkt kontrolny systemu

60: 2008-02-03 22:37:07 UTC - RP60 - Punkt kontrolny systemu

– First Restore Point –

1: 2007-12-07 08:52:48 UTC - RP1 - Punkt kontrolny systemu

Backed up registry hives.

Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).

Total Physical Memory: 511 MiB (512 MiB recommended).

– HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-02-13 17:35:23

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\WINDOWS\soundman.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\USB Disk Win98 Driver\Res.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\vVX1000.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\cftmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\DOCUME~1\User\USTAWI~1\Temp\winlogon.exe

C:\Program Files\Ovislink\Common\TurboG-UI.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

D:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\actcontroller.exe,

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll

O4 - HKLM…\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”

O4 - HKLM…\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM…\Run: [LifeCam] “C:\Program Files\Microsoft LifeCam\LifeExp.exe”

O4 - HKLM…\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\cftmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Firewall auto setup] C:\DOCUME~1\User\USTAWI~1\Temp\winlogon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = ?

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh … wflash.cab

O17 - HKLM\SYSTEM\CCS\Services\Tcpip…{F7DDF58A-4453-4986-9AD4-B8926062AC8F}: NameServer = 10.0.4.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O24 - Desktop Component 0: - http://www.badboys.pl/tomek_glowne__.jpg

–

End of file - 7705 bytes

– File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys

S3 s3chipid - c:\docume~1\user\ustawi~1\temp\s3chipid.sys (file missing)

S3 SNP325 (USB PC Camera (SNPSTD325)) - c:\windows\system32\drivers\snp325.sys (file missing)

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

– Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Kontroler przerwań systemowych

Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05

Manufacturer:

Name: Kontroler przerwań systemowych

PNP Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05

Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81091043&REV_10\3&2411E6FE&0&60

Manufacturer: Realtek

Name: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81091043&REV_10\3&2411E6FE&0&60

Service: rtl8139

– Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-10 21:35:47 41117 --a------ C:\WINDOWS\system32\cftmon.exe

2008-01-30 20:44:54 306688 --a------ C:\WINDOWS\IsUninst.exe

2008-01-23 19:05:35 0 d-------- C:\Program Files\MSECache

2008-01-21 18:20:49 62 --a------ C:\WINDOWS\demokso.sys

2008-01-21 18:20:39 210032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-01-21 18:20:38 0 d-------- C:\Program Files\Common Files\Borland Shared

2008-01-21 17:54:39 0 d-------- C:\SWOS

2008-01-20 16:53:41 0 d-------- C:\Program Files\Grupa IMAGE

2008-01-13 18:09:45 0 d-------- C:\Program Files\Microsoft LifeCam

2008-01-13 18:09:21 0 d-------- C:\WINDOWS\system32\drivers\umdf

– Find3M Report ---------------------------------------------------------------

2008-02-13 17:28:36 0 d-------- C:\Documents and Settings\User\Dane aplikacji\skypePM

2008-02-12 22:06:00 0 d-------- C:\Documents and Settings\User\Dane aplikacji\Skype

2008-02-10 22:35:53 0 d-------- C:\Program Files\eMule

2008-02-09 21:31:19 0 d-------- C:\Program Files\NeroMediaPlayer

2008-02-09 21:30:49 0 d-------- C:\Program Files\KaraFun

2008-02-06 20:01:55 0 d-------- C:\Documents and Settings\User\Dane aplikacji\BearShare

2008-02-01 19:21:07 0 d-------- C:\Program Files\Winamp

2008-01-23 20:04:45 0 d-------- C:\Program Files\Nero Wave Editor

2008-01-21 18:20:38 0 d-------- C:\Program Files\Common Files

2008-01-13 19:37:44 0 d–h----- C:\Program Files\InstallShield Installation Information

2008-01-11 17:44:00 0 d-------- C:\Documents and Settings\User\Dane aplikacji\Macromedia

2008-01-11 17:43:34 0 d-------- C:\Program Files\WMV9_VCM

2008-01-06 15:25:15 0 d-------- C:\Program Files\Skype

2008-01-06 15:25:13 0 d-------- C:\Program Files\Common Files\Skype

2008-01-03 14:49:31 0 d-------- C:\Program Files\Google

2008-01-02 18:37:12 0 d-------- C:\Documents and Settings\User\Dane aplikacji\Google

2008-01-02 17:57:24 0 d-------- C:\Documents and Settings\User\Dane aplikacji\Sun

2008-01-02 17:54:50 0 d-------- C:\Program Files\Java

2008-01-02 17:53:33 0 d-------- C:\Program Files\Common Files\Java

2007-12-30 13:16:03 0 d-------- C:\Documents and Settings\User\Dane aplikacji\Help

2007-12-28 22:12:41 0 d-------- C:\Program Files\Agent Hugo RoboRumble

2007-12-24 23:05:42 724992 --a------ C:\WINDOWS\iun6002.exe

2007-12-22 22:55:23 0 d-------- C:\Program Files\JoWood

2007-12-22 20:12:41 0 d-------- C:\Documents and Settings\User\Dane aplikacji\DAEMON Tools

2007-12-22 19:22:21 0 d-------- C:\Program Files\MarBit

2007-12-22 19:08:21 0 d-------- C:\Documents and Settings\User\Dane aplikacji\Kazaa Lite

2007-12-22 18:01:42 0 d-------- C:\Program Files\BearShare Applications

2007-12-21 22:39:45 0 d-------- C:\Program Files\Nero

2007-12-16 21:31:33 0 d-------- C:\Program Files\Common Files\NSV

2007-12-16 18:50:25 0 d-------- C:\Program Files\USB Disk Win98 Driver

2007-12-16 18:49:49 0 d-------- C:\Program Files\Common Files\InstallShield

2007-12-10 10:44:55 355486 --a------ C:\WINDOWS\system32\perfh015.dat

2007-12-10 10:44:55 49492 --a------ C:\WINDOWS\system32\perfc015.dat

2007-12-07 19:56:54 4096 --a------ C:\WINDOWS\d3dx.dat

2007-12-07 11:09:02 806 --a------ C:\WINDOWS\unins000.dat

2007-12-07 10:36:32 62 --ahs---- C:\Documents and Settings\User\Dane aplikacji\desktop.ini

2007-12-07 09:48:12 0 -rahs---- C:\MSDOS.SYS

2007-12-07 09:48:12 0 -rahs---- C:\IO.SYS

2007-12-07 09:48:12 0 --a------ C:\CONFIG.SYS

2007-12-07 09:48:12 0 --a------ C:\AUTOEXEC.BAT

2007-12-07 09:45:38 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat

– Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2007-12-02 15:13 394680 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll []

[-HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“RaidTool”=“C:\Program Files\VIA\RAID\raid_tool.exe” [2005-08-12 16:38]

“SoundMan”=“SOUNDMAN.EXE” [2005-09-22 16:42 C:\WINDOWS\soundman.exe]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00]

“USB Storage Toolbox”=“C:\Program Files\USB Disk Win98 Driver\Res.EXE” [2005-09-14 20:44]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-12-20 16:16]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]

“FixCamera”=“C:\WINDOWS\FixCamera.exe” [2007-02-12 14:50]

“LifeCam”=“C:\Program Files\Microsoft LifeCam\LifeExp.exe” [2007-05-17 22:45]

“VX1000”=“C:\WINDOWS\vVX1000.exe” [2007-04-10 22:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\cftmon.exe” [2008-02-10 21:35]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:55]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-01-04 19:23]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-12-07 15:08]

“Firewall auto setup”=“C:\DOCUME~1\User\USTAWI~1\Temp\winlogon.exe” []

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

AirLive Turbo-G Wireless Utility.lnk - C:\Program Files\Ovislink\Common\TurboG-UI.exe [2007-12-10 10:44:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“Userinit”=“C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\actcontroller.exe,”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5d87ab76-a4a8-11dc-9c16-0018f324b0e5}]

AutoRun\command- J:\wupdmgr.exe

– End of Deckard’s System Scanner: finished at 2008-02-13 17:36:06 -------

oraz

Deckard’s System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

– System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Polish

CPU 0: Intel® Pentium® D CPU 2.66GHz

CPU 1: Intel® Pentium® D CPU 2.66GHz

Percentage of Memory in Use: 78%

Physical Memory (total/avail): 510.42 MiB / 110.1 MiB

Pagefile Memory (total/avail): 1245.29 MiB / 851.58 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1925.65 MiB

C: is Fixed (NTFS) - 39.06 GiB total, 18.6 GiB free.

D: is Fixed (NTFS) - 109.98 GiB total, 92.36 GiB free.

E: is Removable (No Media)

F: is Removable (No Media)

G: is Removable (No Media)

H: is Removable (No Media)

I: is CDROM (No Media)

\.\PHYSICALDRIVE0 - WDC WD1600AAJS-00PSA0 - 149.05 GiB - 2 partitions

\PARTITION0 (bootable) - Instalowalny system plików - 39.06 GiB - C:

\PARTITION1 - Rozszerzona z rozszerzonym przerwaniem 13 - 109.98 GiB - D:

\.\PHYSICALDRIVE1 - Sony USB HS-CF Card USB Device

\.\PHYSICALDRIVE3 - Sony USB HS-MS Card USB Device

\.\PHYSICALDRIVE4 - Sony USB HS-SD Card USB Device

\.\PHYSICALDRIVE2 - Sony USB HS-SM Card USB Device

– Security Center -------------------------------------------------------------

AUOptions is disabled.

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\User\Dane aplikacji

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=USER-AB9F9827B3

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\User

LOGONSERVER=\USER-AB9F9827B3

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0407

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\User\USTAWI~1\Temp

TMP=C:\DOCUME~1\User\USTAWI~1\Temp

USERDOMAIN=USER-AB9F9827B3

USERNAME=User

USERPROFILE=C:\Documents and Settings\User

windir=C:\WINDOWS

– User Profiles ---------------------------------------------------------------

User (admin)

– Add/Remove Programs ---------------------------------------------------------

–> C:\Program Files\nero\uninstall\UNNERO.exe /UNINSTALL

–> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

–> C:\WINDOWS\UNNMP.exe /UNINSTALL

–> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Agent Hugo RoboRumble --> C:\Program Files\Agent Hugo RoboRumble\Setup.exe -uninst

AirLive Turbo-G Wireless --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe” -l0x9 -removeonly

Aktualizacja dla systemu Windows XP (KB911164) -->

ALLPlayer V2.X --> C:\Program Files\MarBit\ALLPlayer\UnGins.exe “C:\Program Files\MarBit\ALLPlayer\install.log”

ALLPlayer V3.X --> “C:\Program Files\MarBit\ALLPlayer\unins000.exe”

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe”

avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

BearShare --> C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG

BearShare MediaBar --> C:\Program Files\BearShare Applications\BearShare MediaBar\Uninstall.exe

Ekspert CD --> C:\WINDOWS\unins000.exe

eMule --> “C:\Program Files\eMule\Uninstall.exe”

Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s “c:\program files\google\googletoolbar2.dll”

Gothic --> C:\Program Files\InstallShield Installation Information{1B5A737F-ADEC-46DF-9539-B49D0828A175}\setup.exe -runfromtemp -l0x0015 -removeonly

II Wojna Światowa --> C:\Program Files\InstallShield Installation Information{E133F504-B4A6-4828-A664-1620708A91CC}\setup.exe -runfromtemp -l0x0015 -removeonly

Świątynia Pierwotnego Zła --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2DEA9136-9B32-4760-9D96-265A3FB95398}\SETUP.EXE” -l0x15 -removeonly

Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

KaraFun 1.16a --> “C:\Program Files\KaraFun\unins000.exe”

Kurka Wodna 3 --> D:\PROGRA~1\KURKAW~1\UNWISE.EXE D:\PROGRA~1\KURKAW~1\INSTALL.LOG

Lara Croft Tomb Raider: The Angel of Darkness --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FFCCD9EE-60D4-45BC-B5E6-1F122735B85B}\setup.exe” -l0x15

Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}

Microsoft LifeCam --> MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}

Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}

Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840415-6000-11D3-8CFE-0150048383C9}

Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850415-6000-11D3-8CFE-0150048383C9}

Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall

Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""

Pakiet zgodności dla systemu Office 2007 --> MsiExec.exe /X{90120000-0020-0415-0000-0000000FF1CE}

Realtek AC’97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe” -l0x15 -removeonly

Rollercoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6B714273-F9B5-4C11-A920-F06FC5B4DA80}\setup.exe” -l0x15

Sąsiedzi z Piekła Rodem 1 i 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6AAF923E-077E-4543-BA1C-42A75BB03677}\SETUP.EXE” -l0x15

Sacrifice --> C:\Program Files\InstallShield Installation Information{F687A630-15A1-4276-BC0A-193DE0BA9226}\setup.exe -runfromtemp -l0x0015 -removeonly

Ski Resort Tycoon II --> D:\PROGRA~1\SKIRES~1\UNWISE.EXE D:\PROGRA~1\SKIRES~1\INSTALL.LOG

Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Testy B 2006 --> “C:\Program Files\Grupa IMAGE\Testy B 2006\unins000.exe”

USB Disk Win98 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe”

VIA Platforma Menedżera urządzeń --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

Winamp --> “C:\Program Files\Winamp\UninstWA.exe”

Winamp Toolbar for Internet Explorer --> “C:\Program Files\Winamp Toolbar\uninstall.exe”

Windows Media Format 11 runtime --> “C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”

– Application Event Log -------------------------------------------------------

Event Record #/Type1259 / Error

Event Submitted/Written: 02/10/2008 08:56:23 AM

Event ID/Source: 1002 / Application Hang

Event Description:

Aplikacja zawieszająca winamp.exe, wersja 5.5.1.1763, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Event Record #/Type1050 / Error

Event Submitted/Written: 02/01/2008 06:27:20 PM

Event ID/Source: 1000 / Application Error

Event Description:

Aplikacja powodująca błąd bearshare.exe, wersja 6.1.0.37263, moduł powodujący błąd bearshare.exe, wersja 6.1.0.37263, adres błędu 0x004a3970.

Przetwarzanie zdarzenia określonego nośnika dla [bearshare.exe!ws!]

Event Record #/Type981 / Error

Event Submitted/Written: 01/30/2008 01:18:52 AM

Event ID/Source: 1002 / Application Hang

Event Description:

Aplikacja zawieszająca acmsetup.exe, wersja 1.20.0.2402, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Event Record #/Type980 / Error

Event Submitted/Written: 01/30/2008 01:15:36 AM

Event ID/Source: 1002 / Application Hang

Event Description:

Aplikacja zawieszająca acmsetup.exe, wersja 1.20.0.2402, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Event Record #/Type979 / Error

Event Submitted/Written: 01/30/2008 00:53:46 AM

Event ID/Source: 1000 / Application Error

Event Description:

Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd mshtml.dll, wersja 6.0.2900.2853, adres błędu 0x000adc42.

Przetwarzanie zdarzenia określonego nośnika dla [iexplore.exe!ws!]

– Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

– System Event Log ------------------------------------------------------------

Event Record #/Type6337 / Error

Event Submitted/Written: 02/13/2008 05:28:22 PM / 02/13/2008 05:28:51 PM