witam
nie moge wejsc na dysk d po formacie c, jedynie przez total commander to sie udaje #-o . nizej logi z DSS i hijack:
Deckard’s System Scanner v20071014.68
Run by Daria on 2008-02-04 16:41:42
Computer is in Normal Mode.
– System Restore --------------------------------------------------------------
Successfully created a Deckard’s System Scanner Restore Point.
– Last 5 Restore Point(s) –
16: 2008-02-04 15:42:15 UTC - RP16 - Deckard’s System Scanner Restore Point
15: 2008-02-04 02:54:14 UTC - RP15 - Zainstalowano: Microsoft Office XP Professional z programem FrontPage
14: 2008-02-04 02:51:40 UTC - RP14 - Zainstalowano: QuickTime
13: 2008-02-04 02:18:05 UTC - RP13 - Installed AVG 7.5
12: 2008-02-04 02:08:14 UTC - RP12 - Software Distribution Service 3.0
– First Restore Point –
1: 2008-02-04 01:28:43 UTC - RP1 - Punkt kontrolny systemu
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).
– HijackThis (run as Daria.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:06, on 2008-02-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\acer\epm\epm-dm.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Daria\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ROTWQ46I\dss[2].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Daria.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM…\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM…\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
–
End of file - 8651 bytes
– File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*
– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys
R3 int15.sys - c:\program files\acer\erecovery\int15.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys
R4 DritekPortIO (Dritek General Port I/O) - c:\program files\launch manager\dportio.sys
– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe
– Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
– Scheduled Tasks -------------------------------------------------------------
2008-02-04 03:51:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-04 03:24:00 526 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Daria.job
– Files created between 2008-01-04 and 2008-02-04 -----------------------------
2008-02-04 16:44:27 0 d-------- C:\Program Files\Trend Micro
2008-02-04 16:33:26 0 dr-h----- C:$VAULT$.AVG
2008-02-04 03:54:24 0 d-------- C:\WINDOWS\ShellNew
2008-02-04 03:51:52 0 d-------- C:\Program Files\QuickTime
2008-02-04 03:50:59 0 d-------- C:\Program Files\Apple Software Update
2008-02-04 03:43:16 0 d-------- C:\Program Files\SymNetDrv
2008-02-04 03:41:08 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-02-04 03:41:02 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-04 03:40:58 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-02-04 03:32:41 0 d-------- C:\Program Files\Gadu-Gadu
2008-02-04 03:16:47 0 d-------- C:\Program Files\SubEdit-Player
2008-02-04 03:07:36 0 d-------- C:\WINDOWS\system32\pl-pl
2008-02-04 03:07:16 545 --a------ C:\WINDOWS\UC.PIF
2008-02-04 03:07:16 545 --a------ C:\WINDOWS\RAR.PIF
2008-02-04 03:07:16 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-02-04 03:07:16 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-02-04 03:07:16 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-02-04 03:07:16 545 --a------ C:\WINDOWS\LHA.PIF
2008-02-04 03:07:16 545 --a------ C:\WINDOWS\ARJ.PIF
2008-02-04 03:07:16 0 d-------- C:\totalcmd
2008-02-04 03:04:30 0 d-------- C:\WINDOWS\RegisteredPackages
2008-02-04 03:01:49 0 d-------- C:\Program Files\Winamp
2008-02-04 02:59:57 0 d-------- C:\Program Files\Norton AntiVirus
2008-02-04 02:59:28 0 d-------- C:\WINDOWS\network diagnostic
2008-02-04 02:59:17 0 d–h----- C:\WINDOWS$hf_mig$
2008-02-04 02:59:01 0 d-------- C:\Program Files\Symantec
2008-02-04 02:59:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-04 02:54:40 0 d-------- C:\Program Files\IrfanView
2008-02-04 02:47:03 0 d-------- C:\Program Files\Google
2008-02-04 02:37:12 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-04 02:35:01 245760 --a------ C:\WINDOWS\system32\Check.exe
2008-02-04 02:34:58 0 d-------- C:\Program Files\acer
2008-02-04 02:34:41 0 d-------- C:\Program Files\Launch Manager
2008-02-04 02:34:39 147456 --a------ C:\WINDOWS\UNINST32.EXE
2008-02-04 02:32:18 221258 --a------ C:\WINDOWS\system32\Epm-Po.dll
2008-02-04 02:32:18 78208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys
2008-02-04 02:32:18 4096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys
2008-02-04 02:32:18 0 d-------- C:\Acer
2008-02-04 01:25:28 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
– Find3M Report ---------------------------------------------------------------
2008-02-04 16:44:32 40296 --a------ C:\Documents and Settings\Daria\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-02-04 03:37:54 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Gadu-Gadu
2008-02-04 03:18:26 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\AVG7
2008-02-04 03:01:50 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Winamp
2008-02-04 02:59:14 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Symantec
2008-02-04 02:48:08 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Macromedia
2008-02-04 02:47:08 0 d-------- C:\Documents and Settings\Daria\Dane aplikacji\Google
2008-02-04 02:33:38 1024 -r-h----- C:\WINDOWS\system32\NTIBUN4.dll
2008-02-04 02:33:08 1024 -r-h----- C:\WINDOWS\system32\NTIMPEG2.dll
2008-02-04 02:33:08 1024 -r-h----- C:\WINDOWS\system32\NTIMP3.dll
2008-02-04 02:33:08 1024 -r-h----- C:\WINDOWS\system32\NTIFCD3.dll
2008-02-04 02:33:08 1024 -r-h----- C:\WINDOWS\system32\NTICDMK7.dll
2008-02-04 02:15:46 4094 --a------ C:\WINDOWS\CLEANUP.CMD
2008-02-04 02:15:32 228 --a------ C:\WINDOWS\HOTFIX.BAT
– Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LaunchApp”=“Alaunch” []
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-01-07 16:17]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-01-07 16:16]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-04 20:00]
“MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-04 20:00]
“PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 20:00]
“PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 20:00]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-03-22 13:57]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-03-22 13:53]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-07-15 01:07]
“SoundMan”=“SOUNDMAN.EXE” [2004-12-01 15:54 C:\WINDOWS\soundman.exe]
“EPM-DM”=“c:\acer\epm\epm-dm.exe” [2005-04-21 10:13]
“ePowerManagement”=“C:\Acer\ePM\ePM.exe” [2005-03-15 10:03]
“AGRSMMSG”=“AGRSMMSG.exe” [2005-04-15 11:45 C:\WINDOWS\AGRSMMSG.exe]
“LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” [2005-04-28 10:51]
“eRecoveryService”=“C:\Windows\System32\Check.exe” [2004-11-24 17:34]
“Google Desktop Search”=“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” [2008-02-04 02:55]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 17:32]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-01-15 23:54]
“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-02-04 03:18]
“Symantec NetDriver Monitor”=“C:\PROGRA~1\SYMNET~1\SNDMon.exe” [2008-02-04 03:43]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-01-10 15:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 20:00]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-02-04 02:48]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:55]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5adfe13f-d2c7-11dc-ae84-806d6172696f}]
AutoRun\command- h.cmd
explore\Command- h.cmd
open\Command- h.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{653ba658-d336-11dc-ae8a-0012f0d9814d}]
AutoRun\command- ntdelect.com
explore\Command- utdetect.com
open\Command- utdetect.com
– End of Deckard’s System Scanner: finished at 2008-02-04 16:46:27 ------------
Deckard’s System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
– System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Polish
CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 503.42 MiB / 222.58 MiB
Pagefile Memory (total/avail): 1229.02 MiB / 778.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.41 MiB
C: is Fixed (FAT32) - 26.87 GiB total, 20.31 GiB free.
D: is Fixed (FAT32) - 27.04 GiB total, 1.92 GiB free.
E: is CDROM (No Media)
\.\PHYSICALDRIVE0 - TOSHIBA MK6025GAS - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 2000.25 MiB
\PARTITION1 (bootable) - Unknown - 26.88 GiB - C:
\PARTITION2 - Rozszerzona z rozszerzonym przerwaniem 13 - 27.06 GiB - D:
– Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
– Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Daria\Dane aplikacji
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-CD914CD462
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Daria
LOGONSERVER=\ACER-CD914CD462
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Daria\USTAWI~1\Temp
TMP=C:\DOCUME~1\Daria\USTAWI~1\Temp
USERDOMAIN=ACER-CD914CD462
USERNAME=Daria
USERPROFILE=C:\Documents and Settings\Daria
windir=C:\WINDOWS
– User Profiles ---------------------------------------------------------------
Daria (admin)
– Add/Remove Programs ---------------------------------------------------------
–>
–>
–> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
–> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer ePowerManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe” -l0x15
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Aktualizacja dla systemu Windows XP (KB904942) --> “C:\WINDOWS$NtUninstallKB904942$\spuninst\spuninst.exe”
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s “c:\program files\google\googletoolbar2.dll”
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
K-Lite Codec Pack 3.7.0 Standard --> “C:\Program Files\K-Lite Codec Pack\unins000.exe”
Launch Manager --> C:\WINDOWS\UnInst32.exe LManager.UNI
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> “C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE” /U
Microsoft Office XP Professional z programem FrontPage --> MsiExec.exe /I{90280415-6000-11D3-8CFE-0050048383C9}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{69CC0647-7F98-4358-AAB6-4F65C0705400} /l1033 BUN4
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5242A858-AD61-4130-92D4-BDF5087CE562} /l1033 CDM7
Poprawka dla systemu Windows XP (KB914440) --> “C:\WINDOWS$NtUninstallKB914440$\spuninst\spuninst.exe”
Poprawka systemu Windows XP - KB885855 --> C:\WINDOWS$NtUninstallKB885855$\spuninst\spuninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe” -uninstall
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Realtek AC’97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe” REMOVE
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SubEdit-Player --> “C:\Program Files\SubEdit-Player\unins000.exe”
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall
Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe
Winamp --> “C:\Program Files\Winamp\UninstWA.exe”
– Application Event Log -------------------------------------------------------
Event Record #/Type54 / Warning
Event Submitted/Written: 02/04/2008 03:57:50 AM
Event ID/Source: 5603 / WinMgmt
Event Description:
Dostawca, OffProv10, został zarejestrowany w obszarze nazw WMI, Root\MSAPPS10, ale nie określił właściwości HostingModel. Ten dostawca będzie działał za pomocą konta LocalSystem. To konto jest uprzywilejowane i dostawca może spowodować naruszenie zabezpieczeń, jeśli niepoprawnie spersonifikuje żądania użytkownika. Upewnij się, że dostawca został sprawdzony pod względem bezpieczeństwa i zaktualizuj właściwość HostingModel rejestracji dostawcy z kontem o możliwie najmniejszych uprawnieniach dla wymaganej funkcjonalności.
Event Record #/Type53 / Warning
Event Submitted/Written: 02/04/2008 03:57:50 AM
Event ID/Source: 5603 / WinMgmt
Event Description:
Dostawca, OffProv10, został zarejestrowany w obszarze nazw WMI, Root\MSAPPS10, ale nie określił właściwości HostingModel. Ten dostawca będzie działał za pomocą konta LocalSystem. To konto jest uprzywilejowane i dostawca może spowodować naruszenie zabezpieczeń, jeśli niepoprawnie spersonifikuje żądania użytkownika. Upewnij się, że dostawca został sprawdzony pod względem bezpieczeństwa i zaktualizuj właściwość HostingModel rejestracji dostawcy z kontem o możliwie najmniejszych uprawnieniach dla wymaganej funkcjonalności.
– Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
– System Event Log ------------------------------------------------------------
Event Record #/Type169 / Error
Event Submitted/Written: 02/04/2008 04:06:34 AM
Event ID/Source: 7 / Cdrom
Event Description:
W urządzeniu \Device\CdRom0 wystąpił zły blok.
Event Record #/Type168 / Error
Event Submitted/Written: 02/04/2008 04:05:14 AM
Event ID/Source: 7 / Cdrom
Event Description:
W urządzeniu \Device\CdRom0 wystąpił zły blok.
Event Record #/Type167 / Error
Event Submitted/Written: 02/04/2008 04:03:58 AM
Event ID/Source: 7 / Cdrom
Event Description:
W urządzeniu \Device\CdRom0 wystąpił zły blok.
Event Record #/Type164 / Error
Event Submitted/Written: 02/04/2008 04:01:34 AM
Event ID/Source: 7 / Cdrom
Event Description:
W urządzeniu \Device\CdRom0 wystąpił zły blok.
Event Record #/Type160 / Error
Event Submitted/Written: 02/04/2008 03:53:56 AM / 02/04/2008 03:53:57 AM
Event ID/Source: 7 / Cdrom
Event Description:
W urządzeniu \Device\CdRom0 wystąpił zły blok.
– End of Deckard’s System Scanner: finished at 2008-02-04 16:46:27 ------------