x-kom hosting

logi

dar55
utworzono
utworzono

Podejrzenia wira

komp chodzi normalanie , bez zwiech , bez restartów

nie mozna nic zmienic w ustawieniach

nie mozna odkryc pliki systemowe , na żadnym koncie łącznie z adminem i systemem

jest niby antywir AVG nic nie krzyczy

tryb awaryjny działa , te same objawy

logi OTL

Log do sprawdzenia
OTL logfile created on: 13.08.2009 08:51:12 - Run 1

OTL by OldTimer - Version 3.0.10.6 Folder = C:\Documents and Settings\grazynac\Pulpit\bezpieka

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: dd.MM.yyyy

951,11 Mb Total Physical Memory | 506,61 Mb Available Physical Memory | 53,27% Memory free

2,24 Gb Paging File | 1,85 Gb Available in Paging File | 82,53% Paging File free

Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,11 Gb Total Space | 24,97 Gb Free Space | 67,28% Space Free | Partition Type: NTFS

Drive D: | 37,42 Gb Total Space | 35,85 Gb Free Space | 95,80% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: FRAMEXKS01

Current User Name: grazynac

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.06.05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009.06.30 21:11:42 | 00,054,776 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe

PRC - [2006.09.24 09:43:42 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2003.06.19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2007.02.10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

PRC - [2007.02.10 14:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2007.02.10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe

PRC - [2005.07.04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

PRC - [2006.01.18 05:13:58 | 05,210,624 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

PRC - [2008.04.14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2006.07.21 05:48:02 | 00,098,304 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe

PRC - [2006.07.21 05:50:10 | 00,086,016 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe

PRC - [2006.07.21 05:47:00 | 00,081,920 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe

PRC - [2006.05.01 04:07:44 | 00,843,776 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2006.04.10 09:19:46 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

PRC - [2009.06.30 21:11:42 | 00,054,776 | ---- | M] () -- C:\Program Files\Findbasic\findbasic.exe

PRC - [2004.01.08 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\em_exec.exe

PRC - [2009.08.13 08:16:17 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2009.07.31 08:45:05 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009.07.31 08:45:12 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe

PRC - [2009.07.31 08:45:19 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009.07.31 08:45:16 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009.07.31 08:45:14 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009.07.31 08:45:19 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009.08.13 08:48:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grazynac\Pulpit\bezpieka\OTL.exe

PRC - [2009.02.26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.06.05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2005.09.23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009.07.31 08:45:14 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])

SRV - [2009.07.31 08:45:05 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])

SRV - [2005.09.23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009.06.30 21:11:42 | 00,054,776 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe -- (Findbasic Service [Auto | Running])

SRV - [2008.04.14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2009.06.05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])

SRV - [2009.07.06 08:41:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [On_Demand | Stopped])

SRV - [2006.09.24 09:43:42 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - [2003.06.19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

SRV - [2007.02.10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])

SRV - [2005.10.14 11:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])

SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2007.02.10 14:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])

SRV - [2007.02.10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])

SRV - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

SRV - File not found -- -- (WMP54Gv4SVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006.05.02 11:12:06 | 00,229,376 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

DRV - [2006.04.27 00:42:40 | 00,093,824 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])

DRV - [2007.07.17 11:34:03 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])

DRV - [2009.07.31 08:45:19 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

DRV - [2009.07.31 08:45:19 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

DRV - [2009.05.22 08:57:06 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [boot | Running])

DRV - [2009.05.22 08:57:05 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [system | Running])

DRV - [2009.03.19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

DRV - [2008.04.13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2006.07.21 08:12:16 | 01,095,968 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])

DRV - [2003.12.17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])

DRV - [2003.12.17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])

DRV - [2004.08.13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])

DRV - [2006.03.02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2005.10.27 15:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running])

DRV - [2006.06.28 10:25:06 | 00,081,920 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - [2007.11.13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2006.03.17 12:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])

DRV - [2009.06.05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

DRV - [2003.09.25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\S-1-5-21-1085031214-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-527237240-839522115-1005\S-1-5-21-1085031214-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.014.001

FF - prefs.js..extensions.enabledItems: SignPlugin@bph.pl:1.3.0.90

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.06.17 09:48:30 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009.08.07 08:09:00 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.07.06 08:41:44 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.07.30 14:44:33 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.07.06 08:41:58 | 00,000,000 | ---D | M]

[2009.06.15 09:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mozilla\Extensions

[2009.06.15 09:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009.07.02 07:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mozilla\Firefox\Profiles\cjjxxlxx.default\extensions

[2009.06.17 11:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mozilla\Firefox\Profiles\cjjxxlxx.default\extensions\SignPlugin@bph.pl

[2009.08.07 13:20:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009.06.18 07:08:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009.08.07 13:20:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C3F23840-B14B-4B61-AAEF-6BCC3621FA63}

[2008.12.04 13:25:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

[2009.06.10 08:57:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2009.07.06 08:42:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009.06.18 07:07:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009.06.18 07:07:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007.04.10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2009.07.06 08:41:44 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009.06.18 07:08:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009.07.03 11:28:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009.02.02 19:15:00 | 03,771,296 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

[2009.06.15 09:49:26 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009.06.15 09:35:24 | 00,001,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009.06.15 09:49:26 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009.08.07 13:20:23 | 00,002,393 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbasic115.xml

[2009.06.15 09:49:26 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009.06.15 09:49:26 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009.06.15 09:49:26 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009.06.15 09:49:26 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009.06.15 09:49:26 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-21-1085031214-527237240-839522115-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKU\S-1-5-21-1085031214-527237240-839522115-1005..\Run: [cdoosoft] C:\WINDOWS\System32\olhrwef.exe File not found

O4 - HKU\S-1-5-21-1085031214-527237240-839522115-1005..\Run: [Google Update] C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\grazynac\Menu Start\Programy\Autostart\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\grazynac\Menu Start\Programy\Autostart\Skrót do grazynac.lnk = C:\netlogon\grazynac.cmd ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1085031214-527237240-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184665880890 (WUWebControl Class)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/webcorpo/static/components/SignActivXPEKAO.cab (SignActivX Control)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/grazynac/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg

O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.07.17 10:59:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]

O32 - AutoRun File - [2008.03.17 13:53:21 | 00,000,026 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.06.15 07:11:24 | 00,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009.06.15 07:11:24 | 00,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\AutoRun\command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\explore\Command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\open\Command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\Shell\AutoRun\command - "" = F:\mt.bat -- File not found

O33 - MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\Shell\open\Command - "" = F:\mt.bat -- File not found

O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\AutoRun\command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\explore\Command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\open\Command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\AutoRun\command - "" = xih9.cmd

O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\explore\Command - "" = xih9.cmd

O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\open\Command - "" = xih9.cmd

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2009.08.13 08:47:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Pulpit\bezpieka

[2009.08.13 08:45:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Opera

[2009.08.13 08:45:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Dane aplikacji\Opera

[2009.08.11 14:18:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8

[2009.08.11 12:55:42 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\spis profili.xls

[2009.08.11 09:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline

[2009.08.11 07:43:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2009.08.11 07:43:47 | 00,000,000 | ---D | C] -- C:\Program Files\Opera

[2009.08.07 13:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge

[2009.08.07 13:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\Findbasic

[2009.08.07 13:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic

[2009.08.07 13:17:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Icons

[2009.08.07 13:17:37 | 00,000,000 | ---D | C] -- C:\Program Files\FileSubmit

[2009.08.07 08:08:41 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\grazynac\Moje dokumenty\goleniów brzózka.doc

[2009.08.06 10:48:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Help

[2009.08.03 07:22:56 | 00,000,339 | ---- | C] () -- C:\Documents and Settings\grazynac\Pulpit\Skrót do Mich.lnk

[2009.07.31 12:32:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grazynac\Pulpit\maszyny

[2009.07.31 09:03:56 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\grazynac\Pulpit\SPRAWOZDANIE Z PRAKTYK W PRZEDSIĘBIORSTWIE FRAMEX OKNA.doc

[2009.07.30 14:34:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2009.07.28 12:08:17 | 00,004,892 | ---- | C] () -- C:\Documents and Settings\grazynac\Moje dokumenty\RATUJ1.DOC

[2009.07.28 12:08:16 | 00,004,892 | ---- | C] () -- C:\Documents and Settings\grazynac\Moje dokumenty\RATUJ.DOC

[2009.07.27 13:08:45 | 00,107,475 | ---- | C] () -- C:\Documents and Settings\grazynac\Pulpit\instrukcja montażu i regulacji okien.pdf

[2009.07.27 11:39:13 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\grazynac\Moje dokumenty\ODPOWIEDŹ NA ZAPYTANIE OFERTOWE - MARTIN.doc

[2009.07.14 09:05:33 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.07.14 09:05:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2009.05.04 07:52:55 | 00,093,184 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll

[2009.04.30 13:49:06 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll

[2009.04.21 07:42:10 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009.03.18 10:33:05 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll

[2009.03.18 10:33:05 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2009.01.05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008.12.17 15:00:24 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\C21F1FAFF0.sys

[2008.12.17 15:00:23 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2008.12.04 13:27:56 | 00,000,042 | ---- | C] () -- C:\WINDOWS\fiscprn.ini

[2008.12.04 13:27:35 | 00,000,060 | ---- | C] () -- C:\WINDOWS\mxreader.INI

[2008.12.04 13:27:10 | 00,001,002 | ---- | C] () -- C:\WINDOWS\AmHM.ini

[2008.12.04 13:26:55 | 00,000,078 | R--- | C] () -- C:\WINDOWS\bti.ini

[2008.09.17 10:31:03 | 00,002,741 | ---- | C] () -- C:\WINDOWS\Okna.INI

[2008.09.15 16:30:08 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008.04.02 15:53:15 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007.09.05 15:44:42 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\BTRDRVR.SYS

[2007.07.17 15:08:48 | 00,000,109 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini

[2007.07.17 14:44:37 | 00,000,641 | ---- | C] () -- C:\WINDOWS\SWWATER.INI

[2007.07.17 11:42:38 | 00,003,246 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2007.07.17 11:42:13 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2007.07.17 11:39:49 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007.07.17 11:34:03 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2007.07.17 11:33:45 | 00,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2007.07.17 11:09:00 | 00,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll

[2007.07.17 11:08:47 | 00,348,880 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2007.07.17 11:05:32 | 00,021,216 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2007.07.17 11:05:29 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2007.07.17 11:05:25 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007.03.05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2006.03.02 14:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini

[2006.03.02 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2003.04.08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2009.08.13 08:33:01 | 00,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005UA.job

[2009.08.13 08:33:00 | 00,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005Core.job

[2009.08.13 08:16:36 | 39,782,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009.08.13 08:16:36 | 00,065,030 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009.08.13 08:13:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009.08.13 08:13:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009.08.13 08:10:43 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009.08.11 12:52:14 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\spis profili.xls

[2009.08.11 07:53:46 | 00,000,421 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2009.08.11 07:43:56 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini

[2009.08.11 07:43:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009.08.11 07:43:56 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009.08.11 07:43:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2009.08.11 07:38:10 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009.08.10 15:30:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009.08.07 08:08:41 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\grazynac\Moje dokumenty\goleniów brzózka.doc

[2009.08.03 07:22:56 | 00,000,339 | ---- | M] () -- C:\Documents and Settings\grazynac\Pulpit\Skrót do Mich.lnk

[2009.07.31 12:30:59 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\grazynac\Pulpit\SPRAWOZDANIE Z PRAKTYK W PRZEDSIĘBIORSTWIE FRAMEX OKNA.doc

[2009.07.31 08:45:20 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009.07.31 08:45:19 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009.07.31 08:45:19 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009.07.30 08:51:23 | 00,079,470 | ---- | M] () -- C:\WINDOWS\hpfins05.dat

[2009.07.29 14:46:15 | 00,003,246 | ---- | M] () -- C:\WINDOWS\wincmd.ini

[2009.07.28 12:08:17 | 00,004,892 | ---- | M] () -- C:\Documents and Settings\grazynac\Moje dokumenty\RATUJ1.DOC

[2009.07.28 12:08:17 | 00,004,892 | ---- | M] () -- C:\Documents and Settings\grazynac\Moje dokumenty\RATUJ.DOC

[2009.07.27 13:08:45 | 00,107,475 | ---- | M] () -- C:\Documents and Settings\grazynac\Pulpit\instrukcja montażu i regulacji okien.pdf

[2009.07.27 11:39:13 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\grazynac\Moje dokumenty\ODPOWIEDŹ NA ZAPYTANIE OFERTOWE - MARTIN.doc

[2009.07.17 13:27:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009.07.14 09:05:33 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2007.07.17 12:51:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji

[2009.08.07 13:17:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2009.07.03 11:29:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009.06.15 12:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG Security Toolbar

[2009.08.07 13:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic

[2008.12.04 13:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pervasive Software

[2008.12.04 13:27:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Symfonia

[2009.08.11 11:28:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\darek\Dane aplikacji

[2009.08.11 12:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\darek\Dane aplikacji\OpenOffice.org2

[2009.08.11 07:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\darek\Dane aplikacji\Opera

[2007.07.17 12:51:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2009.08.13 08:45:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji

[2009.07.29 13:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\Ahead

[2009.06.08 08:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\AVGTOOLBAR

[2008.12.12 14:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\mojosoft

[2009.08.13 08:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\OpenOffice.org2

[2009.08.13 08:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grazynac\Dane aplikacji\Opera

[2009.08.07 13:20:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2009.06.15 08:40:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\AVGTOOLBAR

[2009.08.11 13:04:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2009.05.22 08:57:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji

[2007.07.17 12:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OfficeUpdate12

[2009.08.10 15:30:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2006.03.02 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009.08.13 08:33:00 | 00,001,092 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005Core.job

[2009.08.13 08:33:01 | 00,001,144 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005UA.job

[2009.08.13 08:13:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

RSIT

Log do sprawdzenia
Logfile of random's system information tool 1.06 (written by random/random)

Run by grazynac at 2009-08-13 08:56:02

Microsoft Windows XP Home Edition Dodatek Service Pack 3

System drive C: has 26 GB (67%) free of 38 GB

Total RAM: 951 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:57:02, on 13.08.2009

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Findbasic\findbasic.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Opera\opera.exe

C:\Documents and Settings\grazynac\Pulpit\bezpieka\RSIT.exe

C:\Program Files\trend micro\grazynac.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: Skrót do grazynac.lnk = C:\netlogon\grazynac.cmd

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184665880890

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} (SignActivX Control) - https://www.pekaobiznes24.pl/webcorpo/static/components/SignActivXPEKAO.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{62DD747A-CFED-41D6-A15C-23B6CFE35363}: NameServer = 194.204.152.34,194.204.159.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/grazynac/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 7734 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-527237240-839522115-1005UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-06 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-07-21 98304]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-07-21 86016]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-07-21 81920]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-05-01 843776]

"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-04-10 729088]

"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-13 2007832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe []

"Google Update"=C:\Documents and Settings\grazynac\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-07-06 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]

C:\program files\relevantknowledge\rlvknlg.exe [2009-05-21 1700992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-06 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

C:\Documents and Settings\grazynac\Menu Start\Programy\Autostart

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

Skrót do grazynac.lnk - C:\netlogon\grazynac.cmd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2006-07-21 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"

"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"

"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d672a68-139a-11de-8dac-001a70ad349d}]

shell\AutoRun\command - F:\xih9.cmd

shell\explore\command - F:\xih9.cmd

shell\open\command - F:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}]

shell\AutoRun\command - F:\mt.bat

shell\open\command - F:\mt.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}]

shell\AutoRun\command - F:\xih9.cmd

shell\explore\command - F:\xih9.cmd

shell\open\command - F:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}]

shell\AutoRun\command - xih9.cmd

shell\explore\command - xih9.cmd

shell\open\command - xih9.cmd

======List of files/folders created in the last 1 months======

2009-08-13 08:56:03 ----D---- C:\Program Files\trend micro

2009-08-13 08:56:02 ----D---- C:\rsit

2009-08-13 08:45:22 ----D---- C:\Documents and Settings\grazynac\Dane aplikacji\Opera

2009-08-13 08:10:28 ----A---- C:\WINDOWS\ntbtlog.txt

2009-08-11 14:18:47 ----D---- C:\WINDOWS\BDOSCAN8

2009-08-11 09:13:41 ----D---- C:\Program Files\SkanerOnline

2009-08-11 07:43:47 ----D---- C:\Program Files\Opera

2009-08-07 13:18:00 ----D---- C:\Program Files\RelevantKnowledge

2009-08-07 13:17:43 ----D---- C:\Program Files\Findbasic

2009-08-07 13:17:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Findbasic

2009-08-07 13:17:37 ----D---- C:\WINDOWS\Icons

2009-08-07 13:17:37 ----D---- C:\Program Files\FileSubmit

2009-07-30 14:34:44 ----D---- C:\WINDOWS\system32\NtmsData

2009-07-17 13:27:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$

2009-07-17 13:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-07-17 13:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

2009-07-14 09:05:20 ----D---- C:\Program Files\Common Files\Adobe

======List of files/folders modified in the last 1 months======

2009-08-13 08:56:10 ----D---- C:\WINDOWS\Prefetch

2009-08-13 08:56:04 ----D---- C:\Temp

2009-08-13 08:56:03 ----RD---- C:\Program Files

2009-08-13 08:49:44 ----D---- C:\Documents and Settings\grazynac\Dane aplikacji\OpenOffice.org2

2009-08-13 08:13:45 ----D---- C:\WINDOWS

2009-08-13 08:10:53 ----D---- C:\Documents and Settings

2009-08-11 14:18:50 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-08-11 14:18:45 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-11 12:59:31 ----SD---- C:\WINDOWS\Tasks

2009-08-11 12:05:33 ----HD---- C:\$AVG8.VAULT$

2009-08-11 09:13:37 ----D---- C:\WINDOWS\system32

2009-08-11 07:53:46 ----SHD---- C:\WINDOWS\Installer

2009-08-11 07:53:46 ----HD---- C:\Config.Msi

2009-08-11 07:53:46 ----A---- C:\WINDOWS\ODBC.INI

2009-08-11 07:53:00 ----SHD---- C:\RECYCLER

2009-08-11 07:51:27 ----A---- C:\WINDOWS\OEWABLog.txt

2009-08-11 07:45:40 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-11 07:43:56 ----SH---- C:\boot.ini

2009-08-11 07:43:56 ----A---- C:\WINDOWS\win.ini

2009-08-11 07:43:56 ----A---- C:\WINDOWS\system.ini

2009-08-11 07:42:50 ----D---- C:\WINDOWS\pss

2009-08-11 07:41:36 ----D---- C:\Program Files\Mozilla Firefox

2009-08-11 07:38:10 ----A---- C:\WINDOWS\NeroDigital.ini

2009-07-31 08:46:02 ----D---- C:\WINDOWS\system32\drivers

2009-07-31 08:45:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-07-29 14:46:15 ----A---- C:\WINDOWS\wincmd.ini

2009-07-29 13:40:29 ----D---- C:\Documents and Settings\grazynac\Dane aplikacji\Ahead

2009-07-29 13:40:08 ----D---- C:\Program Files\Common Files\LightScribe

2009-07-29 07:52:43 ----D---- C:\WHOkna

2009-07-29 04:14:17 ----HD---- C:\WINDOWS\inf

2009-07-29 04:13:40 ----HD---- C:\WINDOWS\$hf_mig$

2009-07-27 14:35:46 ----D---- C:\Skany

2009-07-17 13:27:08 ----A---- C:\WINDOWS\imsins.BAK

2009-07-17 13:27:07 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-07-14 09:05:20 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-22 108552]

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-07-17 20747]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376]

R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-27 93824]

R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []

R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-07-21 1095968]

R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]

R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-28 81920]

R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]

R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []

S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]

S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]

R2 Findbasic Service;Findbasic Service; C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe [2009-06-30 54776]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-09-24 61440]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]

R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2005-07-04 53307]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]

S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-06 152984]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------

Log do sprawdzenia
info.txt logfile of random's system information tool 1.06 2009-08-13 08:57:34

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

44064-->MsiExec.exe /X{0A7DED0A-F3CB-413F-B131-ACC78B8EEE38}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}

Aktualizacja dla systemu Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla systemu Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ArInstall3-->MsiExec.exe /I{1CD89352-D2CE-40AE-84B5-51970C14FA2F}

AsusUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9

AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Findbasic 1.0 build 115-->C:\Program Files\Findbasic\uninstall.exe

Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat

HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9

Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130415-6000-11D3-8CFE-0150048383C9}

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}

Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}

Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}

Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

Nero 7 Essentials-->MsiExec.exe /I{8867CEBD-E6C0-4C7A-83B3-9E45669A1045}

OpenOffice.org 2.3-->MsiExec.exe /I{554F8595-ABAA-4FC7-B749-CF3260D687B6}

Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}

PDFCreator-->C:\Program Files\PDFCreator\unins000.exe

PDF-XChange 3.5-->"C:\Program Files\Symfonia\PDF\unins000.exe"

Pervasive PSQL v10 Client (32-bit)-->MsiExec.exe /I{0A3238D7-AA32-4E15-B717-F3E3F18B4A8C}

Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

RelevantKnowledge-->C:\program files\relevantknowledge\rlvknlg.exe -bootremove -uninst:RelevantKnowledge

Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x15 -removeonly

SYMFONIA® BasIDE-->C:\base\UNWISE.EXE C:\base\IBASIDE.LOG

SYMFONIA® Handel premium - Stacja robocza-->C:\PROGRA~1\Symfonia\UNINST~1\UNWISE.EXE C:\PROGRA~1\Symfonia\UNINST~1\INSTAmHM.log

Środki Trwałe-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Lester\ST2000\DeIsL1.isu" -c"C:\Program Files\Lester\ST2000\_ISREG32.DLL"

Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======System event log======

Computer Name: FRAMEXKS01

Event Code: 7035

Message: Do usługi Menedżer połączeń usługi Dostęp zdalny został pomyślnie wysłany kod sterowania uruchom.

Record Number: 15125

Source Name: Service Control Manager

Time Written: 20090508072628.000000+120

Event Type: informacje

User: ZARZĄDZANIE NT\SYSTEM

Computer Name: FRAMEXKS01

Event Code: 7036

Message: Usługa Telefonia weszła w stan uruchomienia.

Record Number: 15124

Source Name: Service Control Manager

Time Written: 20090508072628.000000+120

Event Type: informacje

User:

Computer Name: FRAMEXKS01

Event Code: 7035

Message: Do usługi GTNDIS5 NDIS Protocol Driver został pomyślnie wysłany kod sterowania uruchom.

Record Number: 15123

Source Name: Service Control Manager

Time Written: 20090508072622.000000+120

Event Type: informacje

User: ZARZĄDZANIE NT\SYSTEM

Computer Name: FRAMEXKS01

Event Code: 7036

Message: Usługa Usługa bramy warstwy aplikacji weszła w stan uruchomienia.

Record Number: 15122

Source Name: Service Control Manager

Time Written: 20090508072620.000000+120

Event Type: informacje

User:

Computer Name: FRAMEXKS01

Event Code: 7035

Message: Do usługi Usługa bramy warstwy aplikacji został pomyślnie wysłany kod sterowania uruchom.

Record Number: 15121

Source Name: Service Control Manager

Time Written: 20090508072620.000000+120

Event Type: informacje

User: ZARZĄDZANIE NT\SYSTEM

=====Application event log=====

Computer Name: FRAMEXKS01

Event Code: 3408

Message: Recovery is complete. This is an informational message only. No user action is required.

Record Number: 10573

Source Name: MSSQL$SQLEXPRESS

Time Written: 20090709073454.000000+120

Event Type: informacje

User:

Computer Name: FRAMEXKS01

Event Code: 17137

Message: Starting up database 'tempdb'.

Record Number: 10572

Source Name: MSSQL$SQLEXPRESS

Time Written: 20090709073454.000000+120

Event Type: informacje

User:

Computer Name: FRAMEXKS01

Event Code: 17136

Message: Clearing tempdb database.

Record Number: 10571

Source Name: MSSQL$SQLEXPRESS

Time Written: 20090709073453.000000+120

Event Type: informacje

User:

Computer Name: FRAMEXKS01

Event Code: 17199

Message: Dedicated administrator connection support was not started because it is not available on this edition of SQL Server. This is an informational message only. No user action is required.

Record Number: 10570

Source Name: MSSQL$SQLEXPRESS

Time Written: 20090709073453.000000+120

Event Type: informacje

User:

Computer Name: FRAMEXKS01

Event Code: 26028

Message: Server named pipe provider is ready to accept connection on [ \\.\pipe\MSSQL$SQLEXPRESS\sql\query ].

Record Number: 10569

Source Name: MSSQL$SQLEXPRESS

Time Written: 20090709073453.000000+120

Event Type: informacje

User:

======Environment variables======

"CLIPPER"=F125

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NETNAME"=FR11

"NUMBER_OF_PROCESSORS"=1

"OS"=Windows_NT

"Path"=C:\Program Files\Pervasive Software\PSQL\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=1601

"TEMP"=C:\Temp

"TMP"=C:\Temp

"windir"=%SystemRoot%

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

DDS

Log do sprawdzenia

DDS (Ver_09-07-30.01) - NTFSx86

Run by grazynac at 10:11:01,09 on 13.08.2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.951.472 [GMT 2:00]

AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Documents and Settings\All Users\Dane aplikacji\Findbasic\findbasic115.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Findbasic\findbasic.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Opera\opera.exe

C:\Documents and Settings\grazynac\Pulpit\bezpieka\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pl/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: H - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [cdoosoft] c:\windows\system32\olhrwef.exe

uRun: [Google Update] "c:\documents and settings\grazynac\ustawienia lokalne\dane aplikacji\google\update\GoogleUpdate.exe" /c

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\grazynac\menust~1\programy\autost~1\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe

StartupFolder: c:\docume~1\grazynac\menust~1\programy\autost~1\skrtdo~1.lnk - c:\netlogon\grazynac.cmd

IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184665880890

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} - hxxps://www.pekaobiznes24.pl/webcorpo/static/components/SignActivXPEKAO.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {62DD747A-CFED-41D6-A15C-23B6CFE35363} = 194.204.152.34,194.204.159.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\grazynac\daneap~1\mozilla\firefox\profiles\cjjxxlxx.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: browser.startup.homepage -

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\grazynac\dane aplikacji\mozilla\firefox\profiles\cjjxxlxx.default\extensions\signplugin@bph.pl\plugins\NPSignPlugin.dll

FF - plugin: c:\documents and settings\grazynac\ustawienia lokalne\dane aplikacji\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-22 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-22 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-17 27784]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-22 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-22 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-22 297752]

R2 Findbasic Service;Findbasic Service;c:\documents and settings\all users\dane aplikacji\findbasic\findbasic115.exe [2009-8-7 54776]

S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688]

=============== Created Last 30 ================

2009-08-13 08:56 <DIR> --d----- c:\program files\trend micro

2009-08-11 13:07 <DIR> --d----- c:\temp\KAV Updater update files

2009-08-11 13:05 <DIR> --d----- c:\temp\jkos-SYSTEM

2009-08-11 13:04 <DIR> --d----- c:\temp\hsperfdata_SYSTEM

2009-08-11 09:13 <DIR> --d----- c:\program files\SkanerOnline

2009-08-11 07:35 16,384 a------t c:\temp\Perflib_Perfdata_bf0.dat

2009-08-10 09:53 16,384 a------t c:\temp\Perflib_Perfdata_7a4.dat

2009-08-07 14:54 16,384 a------t c:\temp\Perflib_Perfdata_a9c.dat

2009-08-07 13:20 <DIR> --d----- c:\temp\~nsu.tmp

2009-08-07 13:19 <DIR> --d----- c:\temp\FINB9.tmp

2009-08-07 13:18 <DIR> --d----- c:\program files\RelevantKnowledge

2009-08-07 13:17 <DIR> --d----- c:\program files\Findbasic

2009-08-07 13:17 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\Findbasic

2009-08-07 13:17 <DIR> --d----- c:\windows\Icons

2009-08-07 13:17 <DIR> --d----- c:\program files\FileSubmit

2009-07-30 14:34 <DIR> --d----- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-07-31 08:45 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-07-31 08:45 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-07-30 08:51 79,470 a------- c:\windows\hpfins05.dat

2009-07-06 08:41 410,984 a------- c:\windows\system32\deploytk.dll

2009-06-16 16:40 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 16:40 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll

2009-06-03 21:11 1,294,848 a------- c:\windows\system32\quartz.dll

2009-05-25 07:13 93,184 ---shr-- c:\windows\system32\nmdfgds1.dll

2009-05-25 07:12 92,672 -------- c:\windows\system32\nmdfgds0.dll

2006-06-23 08:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

2008-12-17 15:00 8 ---shr-- c:\windows\system32\C21F1FAFF0.sys

2008-12-17 15:00 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

2009-04-30 13:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\ustawienia lokalne\historia\history.ie5\mshist012009043020090501\index.dat

============= FINISH: 10:11:13,66 ===============

Log do sprawdzenia

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 17.07.2007 11:01:57

System Uptime: 13.08.2009 08:12:49 (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5B-VM

Processor: Procesor Intel Pentium II | LGA 775 | 1604/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 24,963 GiB free.

D: is FIXED (NTFS) - 37 GiB total, 35,851 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP469: 03.06.2009 17:15:41 - Punkt kontrolny systemu

RP470: 04.06.2009 18:15:41 - Punkt kontrolny systemu

RP471: 05.06.2009 19:15:40 - Punkt kontrolny systemu

RP472: 06.06.2009 20:15:41 - Punkt kontrolny systemu

RP473: 07.06.2009 21:15:41 - Punkt kontrolny systemu

RP474: 08.06.2009 22:15:40 - Punkt kontrolny systemu

RP475: 09.06.2009 22:15:44 - Punkt kontrolny systemu

RP476: 10.06.2009 08:56:37 - Installed Java 6 Update 3

RP477: 10.06.2009 08:57:14 - Zainstalowano: OpenOffice.org 2.3

RP478: 11.06.2009 08:34:07 - Avg8 Update

RP479: 12.06.2009 08:41:15 - Punkt kontrolny systemu

RP480: 13.06.2009 09:15:46 - Punkt kontrolny systemu

RP481: 14.06.2009 10:15:46 - Punkt kontrolny systemu

RP482: 15.06.2009 08:39:34 - Avg8 Update

RP483: 15.06.2009 14:56:52 - Software Distribution Service 3.0

RP484: 16.06.2009 15:12:46 - Punkt kontrolny systemu

RP485: 17.06.2009 09:47:11 - Avg8 Update

RP486: 17.06.2009 09:48:05 - Avg8 Update

RP487: 18.06.2009 12:54:42 - Punkt kontrolny systemu

RP488: 19.06.2009 13:11:46 - Punkt kontrolny systemu

RP489: 22.06.2009 07:08:26 - Avg8 Update

RP490: 23.06.2009 07:09:17 - Punkt kontrolny systemu

RP491: 24.06.2009 08:09:33 - Installed Windows Media Player Firefox Plugin

RP492: 25.06.2009 08:26:10 - Punkt kontrolny systemu

RP493: 26.06.2009 09:09:17 - Punkt kontrolny systemu

RP494: 29.06.2009 11:39:59 - Punkt kontrolny systemu

RP495: 30.06.2009 12:10:37 - Punkt kontrolny systemu

RP496: 01.07.2009 13:11:45 - Punkt kontrolny systemu

RP497: 02.07.2009 14:10:40 - Punkt kontrolny systemu

RP498: 03.07.2009 11:17:23 - Installed Adobe® Photoshop® Album Starter Edition 3.0

RP499: 03.07.2009 11:28:50 - Zainstalowano: iTunes

RP500: 06.07.2009 08:41:35 - Installed Java 6 Update 13

RP501: 07.07.2009 11:36:13 - Punkt kontrolny systemu

RP502: 08.07.2009 08:56:12 - Avg8 Update

RP503: 08.07.2009 08:56:54 - Avg8 Update

RP504: 10.07.2009 14:09:08 - Punkt kontrolny systemu

RP505: 11.07.2009 14:55:06 - Punkt kontrolny systemu

RP506: 12.07.2009 15:55:08 - Punkt kontrolny systemu

RP507: 14.07.2009 07:49:02 - Punkt kontrolny systemu

RP508: 16.07.2009 07:27:55 - Avg8 Update

RP509: 16.07.2009 14:47:09 - Software Distribution Service 3.0

RP510: 17.07.2009 13:24:49 - Software Distribution Service 3.0

RP511: 21.07.2009 08:11:32 - Punkt kontrolny systemu

RP512: 22.07.2009 08:42:21 - Punkt kontrolny systemu

RP513: 23.07.2009 09:42:21 - Punkt kontrolny systemu

RP514: 24.07.2009 14:32:00 - Punkt kontrolny systemu

RP515: 27.07.2009 09:33:20 - Punkt kontrolny systemu

RP516: 28.07.2009 11:26:30 - Punkt kontrolny systemu

RP517: 29.07.2009 11:54:56 - Punkt kontrolny systemu

RP518: 31.07.2009 08:27:49 - Punkt kontrolny systemu

RP519: 31.07.2009 08:44:18 - Avg8 Update

RP520: 31.07.2009 08:45:23 - Avg8 Update

RP521: 01.08.2009 09:29:45 - Punkt kontrolny systemu

RP522: 02.08.2009 10:29:44 - Punkt kontrolny systemu

RP523: 03.08.2009 11:28:37 - Punkt kontrolny systemu

RP524: 04.08.2009 12:09:25 - Punkt kontrolny systemu

RP525: 05.08.2009 12:30:13 - Punkt kontrolny systemu

RP526: 06.08.2009 13:30:10 - Punkt kontrolny systemu

RP527: 07.08.2009 13:17:36 - Installed 44064

RP528: 10.08.2009 10:26:40 - Punkt kontrolny systemu

RP529: 11.08.2009 07:43:45 - Zainstalowano: Opera 9.64

RP530: 13.08.2009 08:15:00 - Avg8 Update

RP531: 13.08.2009 08:16:41 - Avg8 Update

==== Installed Programs ======================

44064

Adobe Flash Player ActiveX

Adobe® Photoshop® Album Starter Edition 3.0

Aktualizacja dla systemu Windows XP (KB951072-v2)

Aktualizacja dla systemu Windows XP (KB951978)

Aktualizacja dla systemu Windows XP (KB955839)

Aktualizacja dla systemu Windows XP (KB967715)

Aktualizacja zabezpieczeń dla programu Windows Media Player (KB911564)

Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)

Aktualizacja zabezpieczeń dla programu Windows Media Player 6.4 (KB925398)

Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB917734)

Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB936782)

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127)

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB953838)

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390)

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB958215)

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260)

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027)

Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB969897)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB950759)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB953838)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB973346)

Aktualizacja zabezpieczeń dla Windows XP (KB923689)

Aktualizacja zabezpieczeń dla Windows XP (KB941569)

Apple Mobile Device Support

Apple Software Update

ArInstall3

AsusUpdate

AVG 8.5

Bonjour

BufferChm

Destinations

DeviceFunctionQFolder

DeviceManagementQFolder

eSupportQFolder

Findbasic 1.0 build 115

Foxit Reader

Google Chrome

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

HP Deskjet 3900 series

HP Imaging Device Functions 5.0

HP Software Update

HP Solution Center & Imaging Support Tools 5.0

HPDeskjet3900Series

HPProductAssistant

Intel® Graphics Media Accelerator Driver

Środki Trwałe

iTunes

Java 6 Update 13

Java 6 Update 3

Java SE Runtime Environment 6 Update 1

LightScribe 1.4.119.1

Linksys Wireless-G PCI Adapter

Logitech MouseWare 9.79.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.0.11)

MSXML 6 Service Pack 2 (KB954459)

Nero 7 Essentials

OpenOffice.org 2.3

Opera 9.64

PDF-XChange 3.5

PDFCreator

Pervasive PSQL v10 Client (32-bit)

Poprawka dla systemu Windows XP (KB952287)

QuickTime

RelevantKnowledge

Skaner on-line mks_vir

SolutionCenter

SoundMAX

Status

SYMFONIA® BasIDE

SYMFONIA® Handel premium - Stacja robocza

Total Commander (Remove or Repair)

TrayApp

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Media Format Runtime

Windows Media Player Firefox Plugin

Windows XP Service Pack 3

==== End Of File ===========================

Gość
komentarz
komentarz

Widać infekcję z pena jak byk. ;]

Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt:

:OTL

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - AutoRun File - [2009.06.15 07:11:24 | 00,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009.06.15 07:11:24 | 00,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\AutoRun\command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\explore\Command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\Shell\open\Command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\Shell\AutoRun\command - "" = F:\mt.bat -- File not found

O33 - MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\Shell\open\Command - "" = F:\mt.bat -- File not found

O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\AutoRun\command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\explore\Command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\Shell\open\Command - "" = F:\xih9.cmd -- File not found

O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\AutoRun\command - "" = xih9.cmd

O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\explore\Command - "" = xih9.cmd

O33 - MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\Shell\open\Command - "" = xih9.cmd

O4 - HKU\S-1-5-21-1085031214-527237240-839522115-1005..\Run: [cdoosoft] C:\WINDOWS\System32\olhrwef.exe File not found

:Files

C:\WINDOWS\System32\olhrwef.exe

C:\autorun.inf

D:\autorun.inf

c:\windows\system32\nmdfgds0.dll

c:\windows\system32\nmdfgds1.dll

c:\windows\system32\nmdfgds2.dll

c:\windows\system32\nmdfgds3.dll

c:\windows\system32\nmdfgds4.dll

c:\program files\RelevantKnowledge

:Services

AVPsys

:Reg

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"SuperHidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"Hidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"ShowSuperHidden"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]

"CheckedValue"=dword:00000001

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]

@=""

:Commands

[emptytemp]

[start explorer]

[Reboot]

Klikasz w Run Fix i zatwierdzasz restart komputera.

Po restacie pokazujesz log z czyszczenia.

.

  • Dobra wypowiedź 1
dar55
komentarz
komentarz
Log do sprawdzenia
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
C:\autorun.inf moved successfully.
D:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.
File F:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.
File F:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d672a68-139a-11de-8dac-001a70ad349d}\ not found.
File F:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f6194a8-3873-11de-8dbd-001a70ad349d}\ not found.
File F:\mt.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f6194a8-3873-11de-8dbd-001a70ad349d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f6194a8-3873-11de-8dbd-001a70ad349d}\ not found.
File F:\mt.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.
File F:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.
File F:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0863918-7d9c-11dd-8d22-001a70ad349d}\ not found.
File F:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.
File xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.
File xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf9a2528-8fbb-11dd-8d37-001a70ad349d}\ not found.
File xih9.cmd not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\olhrwef.exe not found.
File\Folder C:\autorun.inf not found.
File\Folder D:\autorun.inf not found.
DllUnregisterServer procedure not found in c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds0.dll NOT unregistered.
c:\windows\system32\nmdfgds0.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\nmdfgds1.dll
c:\windows\system32\nmdfgds1.dll NOT unregistered.
c:\windows\system32\nmdfgds1.dll moved successfully.
File\Folder c:\windows\system32\nmdfgds2.dll not found.
File\Folder c:\windows\system32\nmdfgds3.dll not found.
File\Folder c:\windows\system32\nmdfgds4.dll not found.
c:\program files\RelevantKnowledge moved successfully.
========== SERVICES/DRIVERS ==========

Service\Driver AVPsys deleted successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: darek
->Temp folder emptied: 76888418 bytes
->Temporary Internet Files folder emptied: 3181707 bytes
->Java cache emptied: 127507 bytes
->FireFox cache emptied: 23335109 bytes
->Opera cache emptied: 1019495 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: grazynac
->Temp folder emptied: 311546208 bytes
->Temporary Internet Files folder emptied: 12690346 bytes
->Java cache emptied: 13471914 bytes
->FireFox cache emptied: 78073613 bytes
->Google Chrome cache emptied: 162647754 bytes
->Opera cache emptied: 6946760 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 391371 bytes

User: NetworkService
->Temp folder emptied: 98304 bytes
->Temporary Internet Files folder emptied: 3103059 bytes
->Java cache emptied: 127520 bytes

User: Właściciel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4838891 bytes
->FireFox cache emptied: 21277402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148726 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
Windows Temp folder emptied: 530 bytes
File delete failed. C:\Temp\de72429b-e6f3-41b5-9df8-62a40d35c662.tmp scheduled to be deleted on reboot.
Session Manager Temp folder emptied: 80280805 bytes
File delete failed. C:\Temp\de72429b-e6f3-41b5-9df8-62a40d35c662.tmp scheduled to be deleted on reboot.
Session Manager Tmp folder emptied: 0 bytes
RecycleBin emptied: 2007 bytes

Total Files Cleaned = 765,10 mb


OTL by OldTimer - Version 3.0.10.6 log created on 08132009_144930

Files\Folders moved on Reboot...
C:\Temp\de72429b-e6f3-41b5-9df8-62a40d35c662.tmp moved successfully.

Registry entries deleted on Reboot...
MarekM25
komentarz
komentarz

wszystko powinno teraz dobrze wyglądać. Już możesz odkryć pliki systemowe??

dar55
komentarz
komentarz

odkrywa pliki systemowe i nawet się zamyka poprzez Zamknij system ;) ( bo tego nie dodałem że nie można )

Gość
komentarz
komentarz

Na koniec odpal OTL i wywołaj go z opcji CleanUp.

To na tyle.

.

dar55
komentarz
komentarz

cuś nie tego dalej , scan online kasper

Log do sprawdzenia
Tuesday, August 18, 2009

Operating system: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, August 18, 2009 08:43:17

Records in database: 2652889

Scan settings

scan using the following database extended

Scan archives yes

Scan e-mail databases yes

Scan area My Computer

A:\

C:\

D:\

E:\

Scan statistics

Objects scanned 87950

Threats found 4

Infected objects found 4

Suspicious objects found 6

Scan duration 01:25:35

File name Threat Threats count

C:\Documents and Settings\grazynac\Moje dokumenty\klon.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1

C:\Documents and Settings\Właściciel\Moje dokumenty\klon.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1

C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP527\A0033211.msi Suspicious: Trojan-Downloader.JS.gen 2

C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP527\A0033213.msi Suspicious: Trojan-Downloader.JS.gen 2

C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP535\A0035659.dll Infected: Trojan-GameThief.Win32.Magania.bdgn 1

C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP535\A0035660.dll Infected: Trojan-GameThief.Win32.Magania.bdsk 1

C:\WINDOWS\Installer\182950.msi Suspicious: Trojan-Downloader.JS.gen 2

Selected area has been scanned.

Gość
komentarz
komentarz

W takim razie trzeba zapuścić ComboFixa.

Pobierz ---> ComboFixa, lecz go nie uruchamiaj.

Wklej do Notatnika:

File::C:\Documents and Settings\grazynac\Moje dokumenty\klon.exe C:\Documents and Settings\Właściciel\Moje dokumenty\klon.exe C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP527\A0033211.msi C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP527\A0033213.msi C:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP535\A0035659.dllC:\System Volume Information\_restore{F7EFC951-5BC4-4AE8-A1AE-B35DD79E1553}\RP535\A0035660.dll C:\WINDOWS\Installer\182950.msi

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

--> CFScript-8a-4.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

.

MarekM25
komentarz
komentarz

Ale po co tu combofix??

Myślę, że avenger może sobie poradzić;)

Pobierz Avenger. W polu Input script here wklej taki tekst:

Files to delete:C:\Documents and Settings\grazynac\Moje dokumenty\klon.exe C:\Documents and Settings\Właściciel\Moje dokumenty\klon.exe C:\WINDOWS\Installer\182950.msi

Kliknij Execute. Komputer uruchomi się ponownie. Potem Pokaż plik C:\avenger.txt

A to załatwi System Volume Information:

Wyłącz i włącz przywracanie systemu (Mój komputer->PPM->właściwości->Przywracanie systemu-> Zaznaczasz Wyłącz przywracanie systemu na wszystkich dyskach a później znowu zaznaczasz).

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.