dar55 utworzono 13 sierpnia 2009 utworzono 13 sierpnia 2009 Podejrzenia wira komp chodzi normalanie , bez zwiech , bez restartów nie mozna nic zmienic w ustawieniach nie mozna odkryc pliki systemowe , na żadnym koncie łącznie z adminem i systemem jest niby antywir AVG nic nie krzyczy tryb awaryjny działa , te same objawy logi OTL Log do sprawdzenia OTL logfile created on: 13.08.2009 08:51:12 - Run 1OTL by OldTimer - Version 3.0.10.6 Folder = C:\Documents and Settings\grazynac\Pulpit\bezpieka Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: dd.MM.yyyy 951,11 Mb Total Physical Memory | 506,61 Mb Available Physical Memory | 53,27% Memory free 2,24 Gb Paging File | 1,85 Gb Available in Paging File | 82,53% Paging File free Paging file location(s): C:\pagefile.sys 1428 2856 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,11 Gb Total Space | 24,97 Gb Free Space | 67,28% Space Free | Partition Type: NTFS Drive D: | 37,42 Gb Total Space | 35,85 Gb Free Space | 95,80% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FRAMEXKS01 Current User Name: grazynac Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009.06.05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.06.30 21:11:42 | 00,054,776 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe PRC - [2006.09.24 09:43:42 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2003.06.19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2007.02.10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2007.02.10 14:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2007.02.10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2005.07.04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe PRC - [2006.01.18 05:13:58 | 05,210,624 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe PRC - [2008.04.14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006.07.21 05:48:02 | 00,098,304 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe PRC - [2006.07.21 05:50:10 | 00,086,016 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe PRC - [2006.07.21 05:47:00 | 00,081,920 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe PRC - [2006.05.01 04:07:44 | 00,843,776 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2006.04.10 09:19:46 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe PRC - [2009.06.30 21:11:42 | 00,054,776 | ---- | M] () -- C:\Program Files\Findbasic\findbasic.exe PRC - [2004.01.08 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\em_exec.exe PRC - [2009.08.13 08:16:17 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009.07.31 08:45:05 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009.07.31 08:45:12 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe PRC - [2009.07.31 08:45:19 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009.07.31 08:45:16 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009.07.31 08:45:14 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009.07.31 08:45:19 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009.08.13 08:48:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grazynac\Pulpit\bezpieka\OTL.exe PRC - [2009.02.26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe ========== Win32 Services (SafeList) ========== SRV - [2009.06.05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2005.09.23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009.07.31 08:45:14 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running]) SRV - [2009.07.31 08:45:05 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped]) SRV - [2005.09.23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009.06.30 21:11:42 | 00,054,776 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe -- (Findbasic Service [Auto | Running]) SRV - [2008.04.14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009.06.05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) SRV - [2009.07.06 08:41:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [On_Demand | Stopped]) SRV - [2006.09.24 09:43:42 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) SRV - [2003.06.19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) SRV - [2007.02.10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running]) SRV - [2005.10.14 11:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped]) SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2007.02.10 14:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running]) SRV - [2007.02.10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running]) SRV - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - File not found -- -- (WMP54Gv4SVC [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2006.05.02 11:12:06 | 00,229,376 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running]) DRV - [2006.04.27 00:42:40 | 00,093,824 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running]) DRV - [2007.07.17 11:34:03 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running]) DRV - [2009.07.31 08:45:19 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [system | Running]) DRV - [2009.07.31 08:45:19 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [system | Running]) DRV - [2009.05.22 08:57:06 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [boot | Running]) DRV - [2009.05.22 08:57:05 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [system | Running]) DRV - [2009.03.19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) DRV - [2008.04.13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2006.07.21 08:12:16 | 01,095,968 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running]) DRV - [2003.12.17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running]) DRV - [2003.12.17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running]) DRV - [2004.08.13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running]) DRV - [2006.03.02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2005.10.27 15:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running]) DRV - [2006.06.28 10:25:06 | 00,081,920 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2007.11.13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2006.03.17 12:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running]) DRV - [2009.06.05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) DRV - [2003.09.25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\S-1-5-21-1085031214-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\S-1-5-21-1085031214-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.014.001 FF - prefs.js..extensions.enabledItems: SignPlugin@bph.pl:1.3.0.90 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.06.17 09:48:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009.08.07 08:09:00 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.07.06 08:41:44 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.07.30 14:44:33 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.07.06 08:41:58 | 00,000,000 | ---D | M] [2009.06.15 09:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mozilla\Extensions [2009.06.15 09:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.07.02 07:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mozilla\Firefox\Profiles\cjjxxlxx.default\extensions [2009.06.17 11:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mozilla\Firefox\Profiles\cjjxxlxx.default\extensions\SignPlugin@bph.pl [2009.08.07 13:20:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.06.18 07:08:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.08.07 13:20:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C3F23840-B14B-4B61-AAEF-6BCC3621FA63} [2008.12.04 13:25:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2009.06.10 08:57:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2009.07.06 08:42:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.06.18 07:07:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009.06.18 07:07:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007.04.10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009.07.06 08:41:44 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009.06.18 07:08:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009.02.02 19:15:00 | 03,771,296 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2009.06.15 09:49:26 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009.06.15 09:35:24 | 00,001,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml [2009.06.15 09:49:26 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009.08.07 13:20:23 | 00,002,393 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbasic115.xml [2009.06.15 09:49:26 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009.06.15 09:49:26 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009.06.15 09:49:26 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009.06.15 09:49:26 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009.06.15 09:49:26 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-1085031214-527237240-839522115-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKU\S-1-5-21-1085031214-527237240-839522115-1005..\Run: [cdoosoft] C:\WINDOWS\System32\olhrwef.exe File not found O4 - HKU\S-1-5-21-1085031214-527237240-839522115-1005..\Run: [Google Update] C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\grazynac\Menu Start\Programy\Autostart\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\grazynac\Menu Start\Programy\Autostart\Skrót do grazynac.lnk = C:\netlogon\grazynac.cmd () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184665880890 (WUWebControl Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/webcorpo/static/components/SignActivXPEKAO.cab (SignActivX Control) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/grazynac/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.17 10:59:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ] O32 - AutoRun File - [2008.03.17 13:53:21 | 00,000,026 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.15 07:11:24 | 00,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009.06.15 07:11:24 | 00,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\AutoRun\command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\explore\Command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\open\Command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\Shell\AutoRun\command - "" = F:\mt.bat -- File not found O33 - MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\Shell\open\Command - "" = F:\mt.bat -- File not found O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\AutoRun\command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\explore\Command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\open\Command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\AutoRun\command - "" = xih9.cmd O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\explore\Command - "" = xih9.cmd O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\open\Command - "" = xih9.cmd O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2009.08.13 08:47:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Pulpit\bezpieka [2009.08.13 08:45:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Opera [2009.08.13 08:45:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Dane aplikacji\Opera [2009.08.11 14:18:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2009.08.11 12:55:42 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\spis profili.xls [2009.08.11 09:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2009.08.11 07:43:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2009.08.11 07:43:47 | 00,000,000 | ---D | C] -- C:\Program Files\Opera [2009.08.07 13:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge [2009.08.07 13:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\Findbasic [2009.08.07 13:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic [2009.08.07 13:17:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Icons [2009.08.07 13:17:37 | 00,000,000 | ---D | C] -- C:\Program Files\FileSubmit [2009.08.07 08:08:41 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\grazynac\Moje dokumenty\goleniów brzózka.doc [2009.08.06 10:48:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Help [2009.08.03 07:22:56 | 00,000,339 | ---- | C] () -- C:\Documents and Settings\grazynac\Pulpit\Skrót do Mich.lnk [2009.07.31 12:32:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Pulpit\maszyny [2009.07.31 09:03:56 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\grazynac\Pulpit\SPRAWOZDANIE Z PRAKTYK W PRZEDSIĘBIORSTWIE FRAMEX OKNA.doc [2009.07.30 14:34:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2009.07.28 12:08:17 | 00,004,892 | ---- | C] () -- C:\Documents and Settings\grazynac\Moje dokumenty\RATUJ1.DOC [2009.07.28 12:08:16 | 00,004,892 | ---- | C] () -- C:\Documents and Settings\grazynac\Moje dokumenty\RATUJ.DOC [2009.07.27 13:08:45 | 00,107,475 | ---- | C] () -- C:\Documents and Settings\grazynac\Pulpit\instrukcja montażu i regulacji okien.pdf [2009.07.27 11:39:13 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\grazynac\Moje dokumenty\ODPOWIEDŹ NA ZAPYTANIE OFERTOWE - MARTIN.doc [2009.07.14 09:05:33 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.14 09:05:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2009.05.04 07:52:55 | 00,093,184 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll [2009.04.30 13:49:06 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll [2009.04.21 07:42:10 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.03.18 10:33:05 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll [2009.03.18 10:33:05 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2009.01.05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008.12.17 15:00:24 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\C21F1FAFF0.sys [2008.12.17 15:00:23 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008.12.04 13:27:56 | 00,000,042 | ---- | C] () -- C:\WINDOWS\fiscprn.ini [2008.12.04 13:27:35 | 00,000,060 | ---- | C] () -- C:\WINDOWS\mxreader.INI [2008.12.04 13:27:10 | 00,001,002 | ---- | C] () -- C:\WINDOWS\AmHM.ini [2008.12.04 13:26:55 | 00,000,078 | R--- | C] () -- C:\WINDOWS\bti.ini [2008.09.17 10:31:03 | 00,002,741 | ---- | C] () -- C:\WINDOWS\Okna.INI [2008.09.15 16:30:08 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008.04.02 15:53:15 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.09.05 15:44:42 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\BTRDRVR.SYS [2007.07.17 15:08:48 | 00,000,109 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2007.07.17 14:44:37 | 00,000,641 | ---- | C] () -- C:\WINDOWS\SWWATER.INI [2007.07.17 11:42:38 | 00,003,246 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2007.07.17 11:42:13 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2007.07.17 11:39:49 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.07.17 11:34:03 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2007.07.17 11:33:45 | 00,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI [2007.07.17 11:09:00 | 00,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll [2007.07.17 11:08:47 | 00,348,880 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007.07.17 11:05:32 | 00,021,216 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007.07.17 11:05:29 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2007.07.17 11:05:25 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.03.05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006.03.02 14:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini [2006.03.02 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2003.04.08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2009.08.13 08:33:01 | 00,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005UA.job [2009.08.13 08:33:00 | 00,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005Core.job [2009.08.13 08:16:36 | 39,782,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009.08.13 08:16:36 | 00,065,030 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009.08.13 08:13:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.08.13 08:13:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.08.13 08:10:43 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.08.11 12:52:14 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\spis profili.xls [2009.08.11 07:53:46 | 00,000,421 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2009.08.11 07:43:56 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini [2009.08.11 07:43:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009.08.11 07:43:56 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009.08.11 07:43:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2009.08.11 07:38:10 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009.08.10 15:30:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009.08.07 08:08:41 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\grazynac\Moje dokumenty\goleniów brzózka.doc [2009.08.03 07:22:56 | 00,000,339 | ---- | M] () -- C:\Documents and Settings\grazynac\Pulpit\Skrót do Mich.lnk [2009.07.31 12:30:59 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\grazynac\Pulpit\SPRAWOZDANIE Z PRAKTYK W PRZEDSIĘBIORSTWIE FRAMEX OKNA.doc [2009.07.31 08:45:20 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009.07.31 08:45:19 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009.07.31 08:45:19 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009.07.30 08:51:23 | 00,079,470 | ---- | M] () -- C:\WINDOWS\hpfins05.dat [2009.07.29 14:46:15 | 00,003,246 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009.07.28 12:08:17 | 00,004,892 | ---- | M] () -- C:\Documents and Settings\grazynac\Moje dokumenty\RATUJ1.DOC [2009.07.28 12:08:17 | 00,004,892 | ---- | M] () -- C:\Documents and Settings\grazynac\Moje dokumenty\RATUJ.DOC [2009.07.27 13:08:45 | 00,107,475 | ---- | M] () -- C:\Documents and Settings\grazynac\Pulpit\instrukcja montażu i regulacji okien.pdf [2009.07.27 11:39:13 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\grazynac\Moje dokumenty\ODPOWIEDŹ NA ZAPYTANIE OFERTOWE - MARTIN.doc [2009.07.17 13:27:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009.07.14 09:05:33 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2007.07.17 12:51:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji [2009.08.07 13:17:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009.07.03 11:29:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009.06.15 12:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG Security Toolbar [2009.08.07 13:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic [2008.12.04 13:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pervasive Software [2008.12.04 13:27:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Symfonia [2009.08.11 11:28:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\darek\Dane aplikacji [2009.08.11 12:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\darek\Dane aplikacji\OpenOffice.org2 [2009.08.11 07:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\darek\Dane aplikacji\Opera [2007.07.17 12:51:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009.08.13 08:45:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji [2009.07.29 13:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\Ahead [2009.06.08 08:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\AVGTOOLBAR [2008.12.12 14:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mojosoft [2009.08.13 08:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\OpenOffice.org2 [2009.08.13 08:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\Opera [2009.08.07 13:20:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2009.06.15 08:40:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\AVGTOOLBAR [2009.08.11 13:04:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009.05.22 08:57:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji [2007.07.17 12:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OfficeUpdate12 [2009.08.10 15:30:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2006.03.02 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009.08.13 08:33:00 | 00,001,092 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005Core.job [2009.08.13 08:33:01 | 00,001,144 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005UA.job [2009.08.13 08:13:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report > RSIT Log do sprawdzenia Logfile of random's system information tool 1.06 (written by random/random)Run by grazynac at 2009-08-13 08:56:02 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 26 GB (67%) free of 38 GB Total RAM: 951 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:57:02, on 13.08.2009 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Findbasic\findbasic.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\grazynac\Pulpit\bezpieka\RSIT.exe C:\Program Files\trend micro\grazynac.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: Skrót do grazynac.lnk = C:\netlogon\grazynac.cmd O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184665880890 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} (SignActivX Control) - https://www.pekaobiznes24.pl/webcorpo/static/components/SignActivXPEKAO.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{62DD747A-CFED-41D6-A15C-23B6CFE35363}: NameServer = 194.204.152.34,194.204.159.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/grazynac/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 7734 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-06 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-06 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-07-21 98304] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-07-21 86016] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-07-21 81920] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-05-01 843776] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-04-10 729088] "Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-13 2007832] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "cdoosoft"=C:\WINDOWS\system32\olhrwef.exe [] "Google Update"=C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-07-06 133104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe [2009-05-21 1700992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-06 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624] C:\Documents and Settings\grazynac\Menu Start\Programy\Autostart OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe Skrót do grazynac.lnk - C:\netlogon\grazynac.cmd [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-07-21 147456] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe" "C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe" "C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d672a68-139a-11de-8dac-001a70ad349d}] shell\AutoRun\command - F:\xih9.cmd shell\explore\command - F:\xih9.cmd shell\open\command - F:\xih9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}] shell\AutoRun\command - F:\mt.bat shell\open\command - F:\mt.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}] shell\AutoRun\command - F:\xih9.cmd shell\explore\command - F:\xih9.cmd shell\open\command - F:\xih9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}] shell\AutoRun\command - xih9.cmd shell\explore\command - xih9.cmd shell\open\command - xih9.cmd ======List of files/folders created in the last 1 months====== 2009-08-13 08:56:03 ----D---- C:\Program Files\trend micro 2009-08-13 08:56:02 ----D---- C:\rsit 2009-08-13 08:45:22 ----D---- C:\Documents and Settings\grazynac\Dane aplikacji\Opera 2009-08-13 08:10:28 ----A---- C:\WINDOWS\ntbtlog.txt 2009-08-11 14:18:47 ----D---- C:\WINDOWS\BDOSCAN8 2009-08-11 09:13:41 ----D---- C:\Program Files\SkanerOnline 2009-08-11 07:43:47 ----D---- C:\Program Files\Opera 2009-08-07 13:18:00 ----D---- C:\Program Files\RelevantKnowledge 2009-08-07 13:17:43 ----D---- C:\Program Files\Findbasic 2009-08-07 13:17:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic 2009-08-07 13:17:37 ----D---- C:\WINDOWS\Icons 2009-08-07 13:17:37 ----D---- C:\Program Files\FileSubmit 2009-07-30 14:34:44 ----D---- C:\WINDOWS\system32\NtmsData 2009-07-17 13:27:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-17 13:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-17 13:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-07-14 09:05:20 ----D---- C:\Program Files\Common Files\Adobe ======List of files/folders modified in the last 1 months====== 2009-08-13 08:56:10 ----D---- C:\WINDOWS\Prefetch 2009-08-13 08:56:04 ----D---- C:\Temp 2009-08-13 08:56:03 ----RD---- C:\Program Files 2009-08-13 08:49:44 ----D---- C:\Documents and Settings\grazynac\Dane aplikacji\OpenOffice.org2 2009-08-13 08:13:45 ----D---- C:\WINDOWS 2009-08-13 08:10:53 ----D---- C:\Documents and Settings 2009-08-11 14:18:50 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-08-11 14:18:45 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-11 12:59:31 ----SD---- C:\WINDOWS\Tasks 2009-08-11 12:05:33 ----HD---- C:\$AVG8.VAULT$ 2009-08-11 09:13:37 ----D---- C:\WINDOWS\system32 2009-08-11 07:53:46 ----SHD---- C:\WINDOWS\Installer 2009-08-11 07:53:46 ----HD---- C:\Config.Msi 2009-08-11 07:53:46 ----A---- C:\WINDOWS\ODBC.INI 2009-08-11 07:53:00 ----SHD---- C:\RECYCLER 2009-08-11 07:51:27 ----A---- C:\WINDOWS\OEWABLog.txt 2009-08-11 07:45:40 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-11 07:43:56 ----SH---- C:\boot.ini 2009-08-11 07:43:56 ----A---- C:\WINDOWS\win.ini 2009-08-11 07:43:56 ----A---- C:\WINDOWS\system.ini 2009-08-11 07:42:50 ----D---- C:\WINDOWS\pss 2009-08-11 07:41:36 ----D---- C:\Program Files\Mozilla Firefox 2009-08-11 07:38:10 ----A---- C:\WINDOWS\NeroDigital.ini 2009-07-31 08:46:02 ----D---- C:\WINDOWS\system32\drivers 2009-07-31 08:45:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-07-29 14:46:15 ----A---- C:\WINDOWS\wincmd.ini 2009-07-29 13:40:29 ----D---- C:\Documents and Settings\grazynac\Dane aplikacji\Ahead 2009-07-29 13:40:08 ----D---- C:\Program Files\Common Files\LightScribe 2009-07-29 07:52:43 ----D---- C:\WHOkna 2009-07-29 04:14:17 ----HD---- C:\WINDOWS\inf 2009-07-29 04:13:40 ----HD---- C:\WINDOWS\$hf_mig$ 2009-07-27 14:35:46 ----D---- C:\Skany 2009-07-17 13:27:08 ----A---- C:\WINDOWS\imsins.BAK 2009-07-17 13:27:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-07-14 09:05:20 ----D---- C:\Program Files\Common Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784] R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-22 108552] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-07-17 20747] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-27 93824] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS [] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-07-21 1095968] R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729] R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-28 81920] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys [] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752] R2 Findbasic Service;Findbasic Service; C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe [2009-06-30 54776] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-09-24 61440] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2005-07-04 53307] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992] S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-06 152984] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] -----------------EOF----------------- Log do sprawdzenia info.txt logfile of random's system information tool 1.06 2009-08-13 08:57:34======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 44064-->MsiExec.exe /X{0A7DED0A-F3CB-413F-B131-ACC78B8EEE38} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Aktualizacja dla systemu Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArInstall3-->MsiExec.exe /I{1CD89352-D2CE-40AE-84B5-51970C14FA2F} AsusUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9 AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Findbasic 1.0 build 115-->C:\Program Files\Findbasic\uninstall.exe Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9 Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130415-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD} Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D} Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Nero 7 Essentials-->MsiExec.exe /I{8867CEBD-E6C0-4C7A-83B3-9E45669A1045} OpenOffice.org 2.3-->MsiExec.exe /I{554F8595-ABAA-4FC7-B749-CF3260D687B6} Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620} PDFCreator-->C:\Program Files\PDFCreator\unins000.exe PDF-XChange 3.5-->"C:\Program Files\Symfonia\PDF\unins000.exe" Pervasive PSQL v10 Client (32-bit)-->MsiExec.exe /I{0A3238D7-AA32-4E15-B717-F3E3F18B4A8C} Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} RelevantKnowledge-->C:\program files\relevantknowledge\rlvknlg.exe -bootremove -uninst:RelevantKnowledge Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x15 -removeonly SYMFONIA® BasIDE-->C:\base\UNWISE.EXE C:\base\IBASIDE.LOG SYMFONIA® Handel premium - Stacja robocza-->C:\PROGRA~1\Symfonia\UNINST~1\UNWISE.EXE C:\PROGRA~1\Symfonia\UNINST~1\INSTAmHM.log Środki Trwałe-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Lester\ST2000\DeIsL1.isu" -c"C:\Program Files\Lester\ST2000\_ISREG32.DLL" Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======System event log====== Computer Name: FRAMEXKS01 Event Code: 7035 Message: Do usługi Menedżer połączeń usługi Dostęp zdalny został pomyślnie wysłany kod sterowania uruchom. Record Number: 15125 Source Name: Service Control Manager Time Written: 20090508072628.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: FRAMEXKS01 Event Code: 7036 Message: Usługa Telefonia weszła w stan uruchomienia. Record Number: 15124 Source Name: Service Control Manager Time Written: 20090508072628.000000+120 Event Type: informacje User: Computer Name: FRAMEXKS01 Event Code: 7035 Message: Do usługi GTNDIS5 NDIS Protocol Driver został pomyślnie wysłany kod sterowania uruchom. Record Number: 15123 Source Name: Service Control Manager Time Written: 20090508072622.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: FRAMEXKS01 Event Code: 7036 Message: Usługa Usługa bramy warstwy aplikacji weszła w stan uruchomienia. Record Number: 15122 Source Name: Service Control Manager Time Written: 20090508072620.000000+120 Event Type: informacje User: Computer Name: FRAMEXKS01 Event Code: 7035 Message: Do usługi Usługa bramy warstwy aplikacji został pomyślnie wysłany kod sterowania uruchom. Record Number: 15121 Source Name: Service Control Manager Time Written: 20090508072620.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM =====Application event log===== Computer Name: FRAMEXKS01 Event Code: 3408 Message: Recovery is complete. This is an informational message only. No user action is required. Record Number: 10573 Source Name: MSSQL$SQLEXPRESS Time Written: 20090709073454.000000+120 Event Type: informacje User: Computer Name: FRAMEXKS01 Event Code: 17137 Message: Starting up database 'tempdb'. Record Number: 10572 Source Name: MSSQL$SQLEXPRESS Time Written: 20090709073454.000000+120 Event Type: informacje User: Computer Name: FRAMEXKS01 Event Code: 17136 Message: Clearing tempdb database. Record Number: 10571 Source Name: MSSQL$SQLEXPRESS Time Written: 20090709073453.000000+120 Event Type: informacje User: Computer Name: FRAMEXKS01 Event Code: 17199 Message: Dedicated administrator connection support was not started because it is not available on this edition of SQL Server. This is an informational message only. No user action is required. Record Number: 10570 Source Name: MSSQL$SQLEXPRESS Time Written: 20090709073453.000000+120 Event Type: informacje User: Computer Name: FRAMEXKS01 Event Code: 26028 Message: Server named pipe provider is ready to accept connection on [ \\.\pipe\MSSQL$SQLEXPRESS\sql\query ]. Record Number: 10569 Source Name: MSSQL$SQLEXPRESS Time Written: 20090709073453.000000+120 Event Type: informacje User: ======Environment variables====== "CLIPPER"=F125 "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NETNAME"=FR11 "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=C:\Program Files\Pervasive Software\PSQL\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=1601 "TEMP"=C:\Temp "TMP"=C:\Temp "windir"=%SystemRoot% "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip -----------------EOF----------------- DDS Log do sprawdzenia DDS (Ver_09-07-30.01) - NTFSx86 Run by grazynac at 10:11:01,09 on 13.08.2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.951.472 [GMT 2:00] AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Findbasic\findbasic.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\grazynac\Pulpit\bezpieka\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.pl/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: H - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [cdoosoft] c:\windows\system32\olhrwef.exe uRun: [Google Update] "c:\documents and settings\grazynac\ustawienia lokalne\dane aplikacji\google\update\GoogleUpdate.exe" /c mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [Logitech Utility] Logi_MwX.Exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\grazynac\menust~1\programy\autost~1\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe StartupFolder: c:\docume~1\grazynac\menust~1\programy\autost~1\skrtdo~1.lnk - c:\netlogon\grazynac.cmd IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184665880890 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} - hxxps://www.pekaobiznes24.pl/webcorpo/static/components/SignActivXPEKAO.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {62DD747A-CFED-41D6-A15C-23B6CFE35363} = 194.204.152.34,194.204.159.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\grazynac\daneap~1\mozilla\firefox\profiles\cjjxxlxx.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\grazynac\dane aplikacji\mozilla\firefox\profiles\cjjxxlxx.default\extensions\signplugin@bph.pl\plugins\NPSignPlugin.dll FF - plugin: c:\documents and settings\grazynac\ustawienia lokalne\dane aplikacji\google\update\1.2.183.7\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-22 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-22 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-17 27784] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-22 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-22 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-22 297752] R2 Findbasic Service;Findbasic Service;c:\documents and settings\all users\dane aplikacji\findbasic\findbasic115.exe [2009-8-7 54776] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688] =============== Created Last 30 ================ 2009-08-13 08:56 <DIR> --d----- c:\program files\trend micro 2009-08-11 13:07 <DIR> --d----- c:\temp\KAV Updater update files 2009-08-11 13:05 <DIR> --d----- c:\temp\jkos-SYSTEM 2009-08-11 13:04 <DIR> --d----- c:\temp\hsperfdata_SYSTEM 2009-08-11 09:13 <DIR> --d----- c:\program files\SkanerOnline 2009-08-11 07:35 16,384 a------t c:\temp\Perflib_Perfdata_bf0.dat 2009-08-10 09:53 16,384 a------t c:\temp\Perflib_Perfdata_7a4.dat 2009-08-07 14:54 16,384 a------t c:\temp\Perflib_Perfdata_a9c.dat 2009-08-07 13:20 <DIR> --d----- c:\temp\~nsu.tmp 2009-08-07 13:19 <DIR> --d----- c:\temp\FINB9.tmp 2009-08-07 13:18 <DIR> --d----- c:\program files\RelevantKnowledge 2009-08-07 13:17 <DIR> --d----- c:\program files\Findbasic 2009-08-07 13:17 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\Findbasic 2009-08-07 13:17 <DIR> --d----- c:\windows\Icons 2009-08-07 13:17 <DIR> --d----- c:\program files\FileSubmit 2009-07-30 14:34 <DIR> --d----- c:\windows\system32\NtmsData ==================== Find3M ==================== 2009-07-31 08:45 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-07-31 08:45 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-07-30 08:51 79,470 a------- c:\windows\hpfins05.dat 2009-07-06 08:41 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-16 16:40 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 16:40 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll 2009-06-03 21:11 1,294,848 a------- c:\windows\system32\quartz.dll 2009-05-25 07:13 93,184 ---shr-- c:\windows\system32\nmdfgds1.dll 2009-05-25 07:12 92,672 -------- c:\windows\system32\nmdfgds0.dll 2006-06-23 08:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe 2008-12-17 15:00 8 ---shr-- c:\windows\system32\C21F1FAFF0.sys 2008-12-17 15:00 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-04-30 13:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\ustawienia lokalne\historia\history.ie5\mshist012009043020090501\index.dat ============= FINISH: 10:11:13,66 =============== Log do sprawdzenia UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 17.07.2007 11:01:57 System Uptime: 13.08.2009 08:12:49 (2 hours ago) Motherboard: ASUSTeK Computer INC. | | P5B-VM Processor: Procesor Intel Pentium II | LGA 775 | 1604/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 37 GiB total, 24,963 GiB free. D: is FIXED (NTFS) - 37 GiB total, 35,851 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP469: 03.06.2009 17:15:41 - Punkt kontrolny systemu RP470: 04.06.2009 18:15:41 - Punkt kontrolny systemu RP471: 05.06.2009 19:15:40 - Punkt kontrolny systemu RP472: 06.06.2009 20:15:41 - Punkt kontrolny systemu RP473: 07.06.2009 21:15:41 - Punkt kontrolny systemu RP474: 08.06.2009 22:15:40 - Punkt kontrolny systemu RP475: 09.06.2009 22:15:44 - Punkt kontrolny systemu RP476: 10.06.2009 08:56:37 - Installed Java 6 Update 3 RP477: 10.06.2009 08:57:14 - Zainstalowano: OpenOffice.org 2.3 RP478: 11.06.2009 08:34:07 - Avg8 Update RP479: 12.06.2009 08:41:15 - Punkt kontrolny systemu RP480: 13.06.2009 09:15:46 - Punkt kontrolny systemu RP481: 14.06.2009 10:15:46 - Punkt kontrolny systemu RP482: 15.06.2009 08:39:34 - Avg8 Update RP483: 15.06.2009 14:56:52 - Software Distribution Service 3.0 RP484: 16.06.2009 15:12:46 - Punkt kontrolny systemu RP485: 17.06.2009 09:47:11 - Avg8 Update RP486: 17.06.2009 09:48:05 - Avg8 Update RP487: 18.06.2009 12:54:42 - Punkt kontrolny systemu RP488: 19.06.2009 13:11:46 - Punkt kontrolny systemu RP489: 22.06.2009 07:08:26 - Avg8 Update RP490: 23.06.2009 07:09:17 - Punkt kontrolny systemu RP491: 24.06.2009 08:09:33 - Installed Windows Media Player Firefox Plugin RP492: 25.06.2009 08:26:10 - Punkt kontrolny systemu RP493: 26.06.2009 09:09:17 - Punkt kontrolny systemu RP494: 29.06.2009 11:39:59 - Punkt kontrolny systemu RP495: 30.06.2009 12:10:37 - Punkt kontrolny systemu RP496: 01.07.2009 13:11:45 - Punkt kontrolny systemu RP497: 02.07.2009 14:10:40 - Punkt kontrolny systemu RP498: 03.07.2009 11:17:23 - Installed Adobe® Photoshop® Album Starter Edition 3.0 RP499: 03.07.2009 11:28:50 - Zainstalowano: iTunes RP500: 06.07.2009 08:41:35 - Installed Java 6 Update 13 RP501: 07.07.2009 11:36:13 - Punkt kontrolny systemu RP502: 08.07.2009 08:56:12 - Avg8 Update RP503: 08.07.2009 08:56:54 - Avg8 Update RP504: 10.07.2009 14:09:08 - Punkt kontrolny systemu RP505: 11.07.2009 14:55:06 - Punkt kontrolny systemu RP506: 12.07.2009 15:55:08 - Punkt kontrolny systemu RP507: 14.07.2009 07:49:02 - Punkt kontrolny systemu RP508: 16.07.2009 07:27:55 - Avg8 Update RP509: 16.07.2009 14:47:09 - Software Distribution Service 3.0 RP510: 17.07.2009 13:24:49 - Software Distribution Service 3.0 RP511: 21.07.2009 08:11:32 - Punkt kontrolny systemu RP512: 22.07.2009 08:42:21 - Punkt kontrolny systemu RP513: 23.07.2009 09:42:21 - Punkt kontrolny systemu RP514: 24.07.2009 14:32:00 - Punkt kontrolny systemu RP515: 27.07.2009 09:33:20 - Punkt kontrolny systemu RP516: 28.07.2009 11:26:30 - Punkt kontrolny systemu RP517: 29.07.2009 11:54:56 - Punkt kontrolny systemu RP518: 31.07.2009 08:27:49 - Punkt kontrolny systemu RP519: 31.07.2009 08:44:18 - Avg8 Update RP520: 31.07.2009 08:45:23 - Avg8 Update RP521: 01.08.2009 09:29:45 - Punkt kontrolny systemu RP522: 02.08.2009 10:29:44 - Punkt kontrolny systemu RP523: 03.08.2009 11:28:37 - Punkt kontrolny systemu RP524: 04.08.2009 12:09:25 - Punkt kontrolny systemu RP525: 05.08.2009 12:30:13 - Punkt kontrolny systemu RP526: 06.08.2009 13:30:10 - Punkt kontrolny systemu RP527: 07.08.2009 13:17:36 - Installed 44064 RP528: 10.08.2009 10:26:40 - Punkt kontrolny systemu RP529: 11.08.2009 07:43:45 - Zainstalowano: Opera 9.64 RP530: 13.08.2009 08:15:00 - Avg8 Update RP531: 13.08.2009 08:16:41 - Avg8 Update ==== Installed Programs ====================== 44064 Adobe Flash Player ActiveX Adobe® Photoshop® Album Starter Edition 3.0 Aktualizacja dla systemu Windows XP (KB951072-v2) Aktualizacja dla systemu Windows XP (KB951978) Aktualizacja dla systemu Windows XP (KB955839) Aktualizacja dla systemu Windows XP (KB967715) Aktualizacja zabezpieczeń dla programu Windows Media Player (KB911564) Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069) Aktualizacja zabezpieczeń dla programu Windows Media Player 6.4 (KB925398) Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB917734) Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB936782) Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2) Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127) Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB953838) Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390) Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB958215) Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714) Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260) Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027) Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB969897) Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561) Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789) Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2) Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464) Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648) Aktualizacja zabezpieczeń dla systemu Windows XP (KB950759) Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760) Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762) Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974) Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066) Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2) Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698) Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748) Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004) Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954) Aktualizacja zabezpieczeń dla systemu Windows XP (KB953838) Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839) Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211) Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459) Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600) Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069) Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391) Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572) Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802) Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803) Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841) Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095) Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097) Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644) Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687) Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690) Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426) Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225) Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715) Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803) Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371) Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373) Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501) Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537) Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898) Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238) Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633) Aktualizacja zabezpieczeń dla systemu Windows XP (KB973346) Aktualizacja zabezpieczeń dla Windows XP (KB923689) Aktualizacja zabezpieczeń dla Windows XP (KB941569) Apple Mobile Device Support Apple Software Update ArInstall3 AsusUpdate AVG 8.5 Bonjour BufferChm Destinations DeviceFunctionQFolder DeviceManagementQFolder eSupportQFolder Findbasic 1.0 build 115 Foxit Reader Google Chrome High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 HP Deskjet 3900 series HP Imaging Device Functions 5.0 HP Software Update HP Solution Center & Imaging Support Tools 5.0 HPDeskjet3900Series HPProductAssistant Intel® Graphics Media Accelerator Driver Środki Trwałe iTunes Java 6 Update 13 Java 6 Update 3 Java SE Runtime Environment 6 Update 1 LightScribe 1.4.119.1 Linksys Wireless-G PCI Adapter Logitech MouseWare 9.79.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox (3.0.11) MSXML 6 Service Pack 2 (KB954459) Nero 7 Essentials OpenOffice.org 2.3 Opera 9.64 PDF-XChange 3.5 PDFCreator Pervasive PSQL v10 Client (32-bit) Poprawka dla systemu Windows XP (KB952287) QuickTime RelevantKnowledge Skaner on-line mks_vir SolutionCenter SoundMAX Status SYMFONIA® BasIDE SYMFONIA® Handel premium - Stacja robocza Total Commander (Remove or Repair) TrayApp WebFldrs XP WebReg Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Player Firefox Plugin Windows XP Service Pack 3 ==== End Of File ===========================
Gość komentarz 13 sierpnia 2009 komentarz 13 sierpnia 2009 Widać infekcję z pena jak byk. Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - AutoRun File - [2009.06.15 07:11:24 | 00,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009.06.15 07:11:24 | 00,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\AutoRun\command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\explore\Command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\open\Command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\Shell\AutoRun\command - "" = F:\mt.bat -- File not found O33 - MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\Shell\open\Command - "" = F:\mt.bat -- File not found O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\AutoRun\command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\explore\Command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\open\Command - "" = F:\xih9.cmd -- File not found O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\AutoRun\command - "" = xih9.cmd O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\explore\Command - "" = xih9.cmd O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\open\Command - "" = xih9.cmd O4 - HKU\S-1-5-21-1085031214-527237240-839522115-1005..\Run: [cdoosoft] C:\WINDOWS\System32\olhrwef.exe File not found :Files C:\WINDOWS\System32\olhrwef.exe C:\autorun.inf D:\autorun.inf c:\windows\system32\nmdfgds0.dll c:\windows\system32\nmdfgds1.dll c:\windows\system32\nmdfgds2.dll c:\windows\system32\nmdfgds3.dll c:\windows\system32\nmdfgds4.dll c:\program files\RelevantKnowledge :Services AVPsys :Reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "SuperHidden"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Hidden"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "ShowSuperHidden"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" :Commands [emptytemp] [start explorer] [Reboot] Klikasz w Run Fix i zatwierdzasz restart komputera. Po restacie pokazujesz log z czyszczenia. . 1
dar55 komentarz 13 sierpnia 2009 Autor komentarz 13 sierpnia 2009 Log do sprawdzenia All processes killed========== OTL ==========No active process named explorer.exe was found!C:\autorun.inf moved successfully.D:\autorun.inf moved successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.File F:\xih9.cmd not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.File F:\xih9.cmd not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.File F:\xih9.cmd not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f6194a8-3873-11de-8dbd-001a70ad349d}\ not found.File F:\mt.bat not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f6194a8-3873-11de-8dbd-001a70ad349d}\ not found.File F:\mt.bat not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.File F:\xih9.cmd not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.File F:\xih9.cmd not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.File F:\xih9.cmd not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.File xih9.cmd not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.File xih9.cmd not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.File xih9.cmd not found.Registry value HKEY_USERS\S-1-5-21-1085031214-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.========== FILES ==========File\Folder C:\WINDOWS\System32\olhrwef.exe not found.File\Folder C:\autorun.inf not found.File\Folder D:\autorun.inf not found.DllUnregisterServer procedure not found in c:\windows\system32\nmdfgds0.dllc:\windows\system32\nmdfgds0.dll NOT unregistered.c:\windows\system32\nmdfgds0.dll moved successfully.DllUnregisterServer procedure not found in c:\windows\system32\nmdfgds1.dllc:\windows\system32\nmdfgds1.dll NOT unregistered.c:\windows\system32\nmdfgds1.dll moved successfully.File\Folder c:\windows\system32\nmdfgds2.dll not found.File\Folder c:\windows\system32\nmdfgds3.dll not found.File\Folder c:\windows\system32\nmdfgds4.dll not found.c:\program files\RelevantKnowledge moved successfully.========== SERVICES/DRIVERS ==========Service\Driver AVPsys deleted successfully.========== REGISTRY ==========HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ not found.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: All UsersUser: darek->Temp folder emptied: 76888418 bytes->Temporary Internet Files folder emptied: 3181707 bytes->Java cache emptied: 127507 bytes->FireFox cache emptied: 23335109 bytes->Opera cache emptied: 1019495 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: grazynac->Temp folder emptied: 311546208 bytes->Temporary Internet Files folder emptied: 12690346 bytes->Java cache emptied: 13471914 bytes->FireFox cache emptied: 78073613 bytes->Google Chrome cache emptied: 162647754 bytes->Opera cache emptied: 6946760 bytesUser: LocalService->Temp folder emptied: 0 bytesFile delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.->Temporary Internet Files folder emptied: 391371 bytesUser: NetworkService->Temp folder emptied: 98304 bytes->Temporary Internet Files folder emptied: 3103059 bytes->Java cache emptied: 127520 bytesUser: Właściciel->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 4838891 bytes->FireFox cache emptied: 21277402 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 2148726 bytes%systemroot%\System32 .tmp files removed: 2596 bytesWindows Temp folder emptied: 530 bytesFile delete failed. C:\Temp\de72429b-e6f3-41b5-9df8-62a40d35c662.tmp scheduled to be deleted on reboot.Session Manager Temp folder emptied: 80280805 bytesFile delete failed. C:\Temp\de72429b-e6f3-41b5-9df8-62a40d35c662.tmp scheduled to be deleted on reboot.Session Manager Tmp folder emptied: 0 bytesRecycleBin emptied: 2007 bytesTotal Files Cleaned = 765,10 mbOTL by OldTimer - Version 3.0.10.6 log created on 08132009_144930Files\Folders moved on Reboot...C:\Temp\de72429b-e6f3-41b5-9df8-62a40d35c662.tmp moved successfully.Registry entries deleted on Reboot...
MarekM25 komentarz 13 sierpnia 2009 komentarz 13 sierpnia 2009 wszystko powinno teraz dobrze wyglądać. Już możesz odkryć pliki systemowe??
dar55 komentarz 13 sierpnia 2009 Autor komentarz 13 sierpnia 2009 odkrywa pliki systemowe i nawet się zamyka poprzez Zamknij system ( bo tego nie dodałem że nie można )
Gość komentarz 13 sierpnia 2009 komentarz 13 sierpnia 2009 Na koniec odpal OTL i wywołaj go z opcji CleanUp. To na tyle. .
dar55 komentarz 18 sierpnia 2009 Autor komentarz 18 sierpnia 2009 cuś nie tego dalej , scan online kasper Log do sprawdzenia Tuesday, August 18, 2009Operating system: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, August 18, 2009 08:43:17 Records in database: 2652889 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ Scan statistics Objects scanned 87950 Threats found 4 Infected objects found 4 Suspicious objects found 6 Scan duration 01:25:35 File name Threat Threats count C:\Documents and Settings\grazynac\Moje dokumenty\klon.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1 C:\Documents and Settings\Właściciel\Moje dokumenty\klon.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1 C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP527\A0033211.msi Suspicious: Trojan-Downloader.JS.gen 2 C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP527\A0033213.msi Suspicious: Trojan-Downloader.JS.gen 2 C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP535\A0035659.dll Infected: Trojan-GameThief.Win32.Magania.bdgn 1 C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP535\A0035660.dll Infected: Trojan-GameThief.Win32.Magania.bdsk 1 C:\WINDOWS\Installer\182950.msi Suspicious: Trojan-Downloader.JS.gen 2 Selected area has been scanned.
Gość komentarz 18 sierpnia 2009 komentarz 18 sierpnia 2009 W takim razie trzeba zapuścić ComboFixa. Pobierz ---> ComboFixa, lecz go nie uruchamiaj. Wklej do Notatnika: File::C:\Documents and Settings\grazynac\Moje dokumenty\klon.exe C:\Documents and Settings\Właściciel\Moje dokumenty\klon.exe C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP527\A0033211.msi C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP527\A0033213.msi C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP535\A0035659.dllC:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP535\A0035660.dll C:\WINDOWS\Installer\182950.msi >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. .
MarekM25 komentarz 19 sierpnia 2009 komentarz 19 sierpnia 2009 Ale po co tu combofix?? Myślę, że avenger może sobie poradzić Pobierz Avenger. W polu Input script here wklej taki tekst: Files to delete:C:\Documents and Settings\grazynac\Moje dokumenty\klon.exe C:\Documents and Settings\Właściciel\Moje dokumenty\klon.exe C:\WINDOWS\Installer\182950.msi Kliknij Execute. Komputer uruchomi się ponownie. Potem Pokaż plik C:\avenger.txt A to załatwi System Volume Information: Wyłącz i włącz przywracanie systemu (Mój komputer->PPM->właściwości->Przywracanie systemu-> Zaznaczasz Wyłącz przywracanie systemu na wszystkich dyskach a później znowu zaznaczasz).
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.