x-kom hosting

Logi - ComboFix etap 50 zwiecha, nie działają cyfry na klawiaturze poza "5"

raz3
utworzono
utworzono (edytowane)

Witam, chyba złapałem rootkita. Combofix się nie uruchamiał, ale ściągnąłem nową wersję, wyrzuciłem wszystko z rejestru z nim związanego i teraz odcina połączenie internetowe i staje na etapie 50, dodatkowo nie działają cyfry na klawiaturze i cała numeryczna, poza cyfrą 5.

OTL.txt:

Log do sprawdzenia

OTL logfile created on: 2009-09-14 19:32:44 - Run 1

OTL by OldTimer - Version 3.0.11.0 Folder = H:\Documents and Settings\z3\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,48 Mb Total Physical Memory | 290,53 Mb Available Physical Memory | 37,85% Memory free

1,83 Gb Paging File | 1,49 Gb Available in Paging File | 81,42% Paging File free

Paging file location(s): H:\pagefile.sys 2 1024 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files

Drive C: | 8,56 Gb Total Space | 1,98 Gb Free Space | 23,12% Space Free | Partition Type: NTFS

Drive D: | 74,52 Gb Total Space | 2,60 Gb Free Space | 3,48% Space Free | Partition Type: NTFS

Drive E: | 29,30 Gb Total Space | 3,35 Gb Free Space | 11,43% Space Free | Partition Type: NTFS

Drive F: | 17,02 Gb Total Space | 9,59 Gb Free Space | 56,37% Space Free | Partition Type: FAT32

Drive G: | 9,74 Gb Total Space | 0,15 Gb Free Space | 1,56% Space Free | Partition Type: FAT32

Drive H: | 7,38 Gb Total Space | 1,47 Gb Free Space | 19,92% Space Free | Partition Type: NTFS

Drive I: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: Z3

Current User Name: z3

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\Explorer.EXE

PRC - [2006-04-20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009-05-21 00:29:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2004-08-04 00:44:28 | 00,032,256 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\snmp.exe

PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wdfmgr.exe

PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\apps\gg\gg.exe

PRC - [2009-09-10 23:25:58 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\apps\firefox\firefox.exe

PRC - [2009-03-29 11:09:50 | 01,220,608 | ---- | M] (Don HO don.h@free.fr) -- C:\apps\notepad++\notepad++.exe

PRC - [2001-10-26 18:29:48 | 00,115,200 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\calc.exe

PRC - [2009-09-14 19:32:23 | 00,513,536 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\z3\Moje dokumenty\Pobieranie\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2003-02-20 21:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - File not found -- -- (Bonjour Service [Disabled | Stopped])

SRV - [2006-04-20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])

SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2009-03-12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- H:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])

SRV - [2009-05-21 00:29:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2009-07-20 20:02:05 | 01,029,456 | ---- | M] (Lavasoft) -- H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Disabled | Stopped])

SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [Disabled | Stopped])

SRV - File not found -- -- (netflowanalyzer [Disabled | Stopped])

SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [Disabled | Stopped])

SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])

SRV - [2004-08-04 00:44:28 | 00,032,256 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])

SRV - [2008-10-02 18:25:42 | 00,191,024 | ---- | M] (VMware, Inc.) -- D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [Disabled | Stopped])

SRV - File not found -- -- (UGTEWQ [Disabled | Stopped])

SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

SRV - [2008-10-28 23:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- D:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [Disabled | Stopped])

SRV - [2008-10-28 23:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\vmnetdhcp.exe -- (VMnetDHCP [Disabled | Stopped])

SRV - [2008-10-28 23:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\vmnat.exe -- (VMware NAT Service [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004-08-04 00:35:04 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- H:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2007-11-05 09:55:04 | 00,017,952 | ---- | M] () -- H:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray [system | Running])

DRV - [2006-06-23 17:00:26 | 00,031,488 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])

DRV - [2005-08-31 11:34:52 | 00,020,480 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])

DRV - [2006-01-19 14:31:34 | 00,010,068 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])

DRV - [2006-07-16 17:06:16 | 00,023,040 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])

DRV - [2005-07-30 08:21:32 | 00,011,988 | ---- | M] () -- H:\WINDOWS\System32\DRIVERS\vbtenum.sys -- (BTHidEnum [On_Demand | Running])

DRV - [2005-05-01 06:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [boot | Running])

DRV - [2006-04-14 10:14:12 | 00,014,312 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])

DRV - [2005-05-17 04:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- H:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])

DRV - [2006-04-20 08:33:40 | 00,303,740 | ---- | M] (Cisco Systems, Inc.) -- H:\WINDOWS\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])

DRV - [2005-06-29 19:50:30 | 00,110,080 | ---- | M] (Deterministic Networks, Inc.) -- H:\WINDOWS\System32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])

DRV - [2009-01-15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- H:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

DRV - [2008-10-28 23:08:52 | 00,032,304 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\drivers\hcmon.sys -- (hcmon [Auto | Running])

DRV - [2009-05-20 19:53:04 | 00,064,160 | ---- | M] (Lavasoft AB) -- H:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [boot | Running])

DRV - [2001-08-17 22:53:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\DRIVERS\loop.sys -- (msloop [On_Demand | Running])

DRV - [2004-08-03 22:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])

DRV - [2007-11-06 22:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- H:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

DRV - [2002-09-16 18:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- H:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [system | Running])

DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- H:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- H:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2001-08-17 22:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])

DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- H:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])

DRV - [2006-09-18 15:58:48 | 00,061,600 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped])

DRV - [2006-09-18 15:58:52 | 00,009,360 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped])

DRV - [2006-09-18 15:58:54 | 00,097,184 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped])

DRV - [2006-09-18 15:58:58 | 00,088,688 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped])

DRV - [2006-09-18 15:59:00 | 00,018,704 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped])

DRV - [2006-09-18 15:59:02 | 00,086,560 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped])

DRV - [2006-09-18 15:59:08 | 00,090,800 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped])

DRV - [2003-02-04 23:11:41 | 00,011,376 | R--- | M] () -- H:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2009-09-07 01:42:58 | 00,721,904 | ---- | M] () -- H:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2006-07-24 16:05:00 | 00,005,632 | ---- | M] () -- H:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

DRV - [2009-03-05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- H:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

DRV - [2005-10-21 03:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])

DRV - [2001-12-19 11:45:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\apps\VirtualCD\VCdRom.sys -- (vcdrom [system | Running])

DRV - [2004-10-19 14:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])

DRV - [2006-02-28 17:57:22 | 00,084,836 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])

DRV - [2005-07-29 17:21:48 | 00,011,736 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\drivers\VHIDMini.sys -- (VHidMinidrv [On_Demand | Stopped])

DRV - [2002-07-24 04:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- H:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [boot | Running])

DRV - [2004-06-18 13:47:22 | 00,152,192 | ---- | M] (VIA Technologies, Inc.) -- H:\WINDOWS\System32\drivers\viaudios.sys -- (VIAudio [On_Demand | Running])

DRV - [2008-10-28 23:08:58 | 00,054,960 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\Drivers\vmci.sys -- (vmci [Auto | Running])

DRV - [2008-10-28 23:08:56 | 00,023,216 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])

DRV - [2008-10-28 17:03:28 | 00,016,560 | R--- | M] (VMware, Inc.) -- H:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Running])

DRV - [2008-10-28 17:03:28 | 00,031,280 | R--- | M] (VMware, Inc.) -- H:\WINDOWS\System32\DRIVERS\vmnetbridge.sys -- (VMnetBridge [Auto | Running])

DRV - [2008-10-28 23:08:58 | 00,026,288 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])

DRV - [2008-10-28 23:08:42 | 00,014,896 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\Drivers\VMparport.sys -- (VMparport [Auto | Running])

DRV - [2008-10-28 23:08:54 | 00,857,392 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\Drivers\vmx86.sys -- (vmx86 [Auto | Running])

DRV - [2005-01-26 06:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- H:\WINDOWS\System32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])

DRV - [2008-10-02 18:24:48 | 00,022,448 | ---- | M] (VMware, Inc.) -- D:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\SYSTEM32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\SYSTEM32\blank.htm

IE - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1844237615-562591055-682003330-1003\S-1-5-21-1844237615-562591055-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.84

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.2

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1

FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-21 00:29:50 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\apps\firefox\components [2009-09-10 23:26:03 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\apps\firefox\plugins [2009-09-10 23:26:03 | 00,000,000 | ---D | M]

[2008-07-14 01:44:53 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Extensions

[2008-07-14 01:44:53 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-09-13 11:39:14 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions

[2009-06-14 01:44:02 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2008-07-14 01:47:29 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2008-11-17 02:16:49 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2009-06-03 22:22:14 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2009-08-13 13:18:40 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009-04-05 17:03:25 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\dave2x@download

[2009-08-14 11:25:11 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\firebug@software.joehewitt.com

[2008-12-15 17:21:44 | 00,000,878 | ---- | M] () -- H:\Documents and Settings\z3\Dane aplikacji\Mozilla\FireFox\Profiles\i5ibg8im.default\searchplugins\conduit.xml

O1 HOSTS File: (686 bytes) - H:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKU\S-1-5-21-1844237615-562591055-682003330-1003..\Run: [Gadu-Gadu] C:\apps\gg\gg.exe (Gadu-Gadu S.A.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.199.225.14

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - H:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - H:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-07-14 01:19:07 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - H:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (lsdelete) - H:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009-09-13 23:47:32 | 00,229,888 | ---- | C] () -- H:\WINDOWS\PEV.exe

[2009-09-13 23:47:32 | 00,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe

[2009-09-13 23:47:32 | 00,161,792 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe

[2009-09-13 23:47:32 | 00,136,704 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe

[2009-09-13 23:47:32 | 00,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe

[2009-09-13 23:47:32 | 00,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe

[2009-09-13 23:47:32 | 00,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe

[2009-09-13 23:47:32 | 00,031,232 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe

[2009-09-13 23:47:13 | 00,000,000 | ---D | C] -- H:\WINDOWS\ERDNT

[2009-09-13 23:47:12 | 00,395,776 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\CF10037.exe

[2009-09-13 23:47:12 | 00,000,000 | --SD | C] -- H:\ble

[2009-09-13 23:47:08 | 00,000,000 | ---D | C] -- H:\Qoobox

[2009-09-13 23:39:50 | 00,000,000 | ---D | C] -- H:\WINDOWS\Internet Logs

[2009-09-13 22:58:08 | 00,395,776 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\CF25845.exe

[2009-09-13 22:51:42 | 00,000,610 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\UnHookExec.inf

[2009-09-13 16:29:03 | 00,013,234 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\01e4e99e12.jpeg

[2009-09-13 14:51:05 | 00,395,776 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\CF23236.exe

[2009-09-13 14:46:37 | 00,000,000 | -H-D | C] -- H:\Program Files\Uninstall Information

[2009-09-13 14:45:48 | 00,009,830 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\exefix.reg

[2009-09-12 00:10:16 | 00,126,207 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\agusia.jpg

[2009-09-10 22:58:24 | 00,000,000 | ---D | C] -- H:\WINDOWS\System32\0

[2009-09-10 22:58:08 | 02,155,096 | ---- | C] (Exam Solutions) -- H:\WINDOWS\System32\QDMEAXRT.ocx

[2009-09-10 22:58:08 | 00,622,592 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KUserService.dll

[2009-09-10 22:58:08 | 00,462,848 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KDataService.dll

[2009-09-10 22:58:08 | 00,209,608 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\TabCtl32.ocx

[2009-09-10 22:58:08 | 00,193,784 | ---- | C] (Mabry Software, Inc.) -- H:\WINDOWS\System32\HttpX.dll

[2009-09-10 22:58:08 | 00,172,032 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KBusinessService.dll

[2009-09-10 22:58:08 | 00,144,640 | ---- | C] (Mabry Software, Inc.) -- H:\WINDOWS\System32\HttpX.ocx

[2009-09-10 22:58:08 | 00,057,344 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KWebFarm.dll

[2009-09-10 22:58:08 | 00,045,056 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KCommon.dll

[2009-09-10 22:58:08 | 00,032,768 | ---- | C] (Self Test Software) -- H:\WINDOWS\System32\webCryption.dll

[2009-09-10 22:58:08 | 00,024,576 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKUserInterface.dll

[2009-09-10 22:58:08 | 00,024,576 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKDataInterface.dll

[2009-09-10 22:58:08 | 00,020,480 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKLiveInterface.dll

[2009-09-10 22:58:08 | 00,020,480 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKCryptionInterface.dll

[2009-09-10 22:58:08 | 00,020,480 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKBusinessInterface.dll

[2009-09-10 22:58:07 | 01,229,408 | ---- | C] (Pallas, Inc., A Dev Group of Exam Solutions, Inc.) -- H:\WINDOWS\System32\ESPICaseStudyLibrary.ocx

[2009-09-10 22:58:07 | 00,933,888 | ---- | C] (Macromedia, Inc.) -- H:\WINDOWS\System32\Flash.ocx

[2009-09-10 22:58:07 | 00,466,944 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\capicom.dll

[2009-09-10 22:58:07 | 00,099,576 | ---- | C] (Mabry Software, Inc.) -- H:\WINDOWS\System32\MabryObj.dll

[2009-09-10 22:58:07 | 00,036,864 | ---- | C] (Self Test Software) -- H:\WINDOWS\System32\MouseWheelTrap.ocx

[2009-09-10 22:58:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\msxml3a.dll

[2009-09-10 22:58:07 | 00,000,037 | ---- | C] () -- H:\WINDOWS\System32\nett12.dll

[2009-09-10 22:58:06 | 00,368,912 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\vbar332.dll

[2009-09-10 11:28:50 | 00,000,000 | ---- | C] () -- H:\WINDOWS\System32\YUJOY

[2009-09-10 11:27:06 | 00,007,680 | ---- | C] (Lavasoft AB) -- H:\WINDOWS\System32\drivers\RKL2A.tmp.sys

[2009-09-10 01:05:17 | 00,000,000 | ---D | C] -- H:\Documents and Settings\z3\Dane aplikacji\Malwarebytes

[2009-09-10 01:05:15 | 00,000,566 | ---- | C] () -- H:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-09-10 01:05:13 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-09-10 01:05:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys

[2009-09-10 00:07:03 | 00,021,596 | ---- | C] () -- H:\WINDOWS\System32\AAWService_2009_09_10_00_07_03.dmp

[2009-09-09 23:59:03 | 00,000,000 | ---D | C] -- H:\Program Files\Visual CertExam Suite

[2009-09-07 08:21:47 | 00,000,000 | ---D | C] -- H:\Program Files\DAEMON Tools Toolbar

[2009-08-31 23:18:44 | 00,000,000 | ---D | C] -- H:\Program Files\Transcender

[2009-08-31 15:41:27 | 00,000,000 | -HSD | C] -- H:\RECYCLER

[2009-08-27 00:07:10 | 00,034,835 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\Zespół Angelmana.docx

[2009-08-23 22:03:58 | 00,000,657 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\Netspace Challenge.lnk

[2009-08-22 23:13:24 | 00,053,760 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\Nowy Rysunek programu Microsoft Office Visio.vsd

[2009-08-20 20:00:46 | 00,064,585 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\1250790491_by_EndlessDark.jpg

[2009-08-18 14:13:14 | 00,000,000 | ---D | C] -- H:\Documents and Settings\z3\Moje dokumenty\Pobieranie

[2009-08-11 19:18:22 | 00,000,163 | ---- | C] () -- H:\WINDOWS\disney.ini

[2009-04-05 22:21:36 | 00,029,752 | ---- | C] () -- H:\WINDOWS\System32\InstHelper.dll

[2009-04-05 22:20:35 | 00,197,680 | ---- | C] () -- H:\WINDOWS\System32\vpnapi.dll

[2009-04-05 22:20:33 | 00,193,584 | ---- | C] () -- H:\WINDOWS\System32\CSGina.dll

[2009-03-31 03:55:10 | 00,055,856 | R--- | C] () -- H:\WINDOWS\System32\vnetinst.dll

[2009-02-24 01:27:49 | 00,000,023 | ---- | C] () -- H:\WINDOWS\BlendSettings.ini

[2009-02-21 13:42:35 | 00,021,840 | ---- | C] () -- H:\WINDOWS\System32\SIntfNT.dll

[2009-02-21 13:42:35 | 00,017,212 | ---- | C] () -- H:\WINDOWS\System32\SIntf32.dll

[2009-02-21 13:42:34 | 00,012,067 | ---- | C] () -- H:\WINDOWS\System32\SIntf16.dll

[2009-01-16 12:35:57 | 00,116,224 | ---- | C] () -- H:\WINDOWS\System32\pdfcmnnt.dll

[2009-01-12 22:37:14 | 00,000,600 | ---- | C] () -- H:\WINDOWS\Rtcw.INI

[2008-12-23 03:11:20 | 00,001,016 | ---- | C] () -- H:\WINDOWS\mgreg.ini

[2008-12-23 03:10:57 | 00,000,030 | ---- | C] () -- H:\WINDOWS\mgwin.ini

[2008-12-12 01:36:23 | 00,000,165 | ---- | C] () -- H:\WINDOWS\ODBC.INI

[2008-11-14 19:44:01 | 00,003,249 | ---- | C] () -- H:\WINDOWS\VPlayer.INI

[2008-10-29 15:12:11 | 00,000,000 | ---- | C] () -- H:\WINDOWS\mngui.INI

[2008-08-08 22:42:52 | 00,399,872 | ---- | C] () -- H:\WINDOWS\c4dstand.dll

[2008-08-08 22:42:48 | 00,003,300 | ---- | C] () -- H:\WINDOWS\splash.ini

[2008-07-16 00:25:59 | 00,005,632 | ---- | C] () -- H:\WINDOWS\System32\drivers\StarOpen.sys

[2008-07-15 19:56:24 | 00,721,904 | ---- | C] () -- H:\WINDOWS\System32\drivers\sptd.sys

[2008-07-15 00:45:02 | 00,081,920 | ---- | C] () -- H:\WINDOWS\System32\ieencode.dll

[2008-07-15 00:30:59 | 00,010,752 | ---- | C] () -- H:\WINDOWS\System32\ff_vfw.dll

[2008-07-15 00:30:59 | 00,000,547 | ---- | C] () -- H:\WINDOWS\System32\ff_vfw.dll.manifest

[2008-07-14 01:36:10 | 00,000,011 | ---- | C] () -- H:\WINDOWS\System32\atiicdxx.ini

[2008-07-14 01:31:17 | 00,036,864 | ---- | C] () -- H:\WINDOWS\System32\UnAudioNT.dll

[2007-11-06 22:19:28 | 00,053,299 | ---- | C] () -- H:\WINDOWS\System32\pthreadVC.dll

[2006-04-14 10:14:12 | 00,014,312 | ---- | C] () -- H:\WINDOWS\System32\drivers\BTNetFilter.sys

[2005-07-30 08:21:32 | 00,011,988 | ---- | C] () -- H:\WINDOWS\System32\drivers\vbtenum.sys

[2002-03-25 21:02:14 | 00,011,376 | R--- | C] () -- H:\WINDOWS\System32\drivers\secdrv.sys

[2001-07-21 23:16:20 | 00,000,634 | ---- | C] () -- H:\WINDOWS\win.ini

[2001-07-21 23:15:52 | 00,000,227 | ---- | C] () -- H:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009-09-14 19:14:00 | 00,001,120 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-562591055-682003330-1003UA.job

[2009-09-14 17:13:03 | 00,000,006 | -H-- | M] () -- H:\WINDOWS\tasks\SA.DAT

[2009-09-14 17:13:01 | 00,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat

[2009-09-14 02:12:36 | 00,229,888 | ---- | M] () -- H:\WINDOWS\PEV.exe

[2009-09-14 00:31:04 | 08,576,810 | -H-- | M] () -- H:\Documents and Settings\z3\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-09-13 23:47:06 | 00,395,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\CF10037.exe

[2009-09-13 22:57:31 | 00,395,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\CF25845.exe

[2009-09-13 22:51:43 | 00,000,610 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\UnHookExec.inf

[2009-09-13 16:29:04 | 00,013,234 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\01e4e99e12.jpeg

[2009-09-13 14:50:58 | 00,395,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\CF23236.exe

[2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\WindowsShell.Manifest

[2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\wuaucpl.cpl.manifest

[2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\sapi.cpl.manifest

[2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\nwc.cpl.manifest

[2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\ncpa.cpl.manifest

[2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\cdplayer.exe.manifest

[2009-09-13 14:45:49 | 00,009,830 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\exefix.reg

[2009-09-13 14:21:09 | 00,000,686 | ---- | M] () -- H:\WINDOWS\System32\drivers\etc\HOSTS

[2009-09-13 11:58:35 | 00,000,600 | ---- | M] () -- H:\Documents and Settings\z3\Ustawienia lokalne\Dane aplikacji\PUTTY.RND

[2009-09-13 11:21:06 | 00,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl

[2009-09-13 00:14:00 | 00,001,068 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-562591055-682003330-1003Core.job

[2009-09-12 17:59:17 | 00,003,249 | ---- | M] () -- H:\WINDOWS\VPlayer.INI

[2009-09-12 17:59:17 | 00,000,085 | ---- | M] () -- H:\WINDOWS\VplayerINI.vpl

[2009-09-12 06:25:38 | 00,459,078 | ---- | M] () -- H:\WINDOWS\System32\perfh015.dat

[2009-09-12 06:25:38 | 00,401,332 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat

[2009-09-12 06:25:38 | 00,078,374 | ---- | M] () -- H:\WINDOWS\System32\perfc015.dat

[2009-09-12 06:25:38 | 00,061,238 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat

[2009-09-12 06:25:37 | 01,011,254 | ---- | M] () -- H:\WINDOWS\System32\PerfStringBackup.INI

[2009-09-12 00:10:17 | 00,126,207 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\agusia.jpg

[2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys

[2009-09-10 11:28:50 | 00,000,000 | ---- | M] () -- H:\WINDOWS\System32\YUJOY

[2009-09-10 11:27:06 | 00,007,680 | ---- | M] (Lavasoft AB) -- H:\WINDOWS\System32\drivers\RKL2A.tmp.sys

[2009-09-10 01:05:15 | 00,000,566 | ---- | M] () -- H:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-09-10 00:07:04 | 00,021,596 | ---- | M] () -- H:\WINDOWS\System32\AAWService_2009_09_10_00_07_03.dmp

[2009-09-10 00:00:18 | 00,000,227 | ---- | M] () -- H:\WINDOWS\system.ini

[2009-09-09 19:54:34 | 00,000,472 | ---- | M] () -- H:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009-09-07 01:42:58 | 00,721,904 | ---- | M] () -- H:\WINDOWS\System32\drivers\sptd.sys

[2009-08-27 00:41:14 | 00,034,835 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\Zespół Angelmana.docx

[2009-08-24 11:30:02 | 00,028,053 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\cv.docx

[2009-08-23 22:03:58 | 00,000,657 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\Netspace Challenge.lnk

[2009-08-22 23:37:24 | 00,053,760 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\Nowy Rysunek programu Microsoft Office Visio.vsd

[2009-08-20 20:00:47 | 00,064,585 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\1250790491_by_EndlessDark.jpg

========== LOP Check ==========

[2008-07-14 02:08:28 | 00,000,000 | RH-D | M] -- H:\Documents and Settings\Administrator\Dane aplikacji

[2009-08-11 19:19:04 | 00,000,000 | RH-D | M] -- H:\Documents and Settings\All Users\Dane aplikacji

[2009-03-29 14:19:27 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009-05-20 19:44:14 | 00,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2009-02-18 16:47:15 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\2DBoy

[2008-11-06 13:38:28 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\Bluetooth

[2008-07-17 15:04:02 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\Boson

[2008-12-04 03:42:24 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\Boson Software

[2008-12-18 20:26:51 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2009-07-28 22:51:15 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\FLEXnet

[2008-10-29 15:03:51 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\Teleca

[2009-01-28 21:04:52 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2008-07-14 02:08:28 | 00,000,000 | RH-D | M] -- H:\Documents and Settings\Default User\Dane aplikacji

[2009-03-31 03:55:55 | 00,000,000 | ---D | M] -- H:\Documents and Settings\LocalService\Dane aplikacji

[2008-07-14 01:22:15 | 00,000,000 | ---D | M] -- H:\Documents and Settings\NetworkService\Dane aplikacji

[2009-09-10 01:05:17 | 00,000,000 | RH-D | M] -- H:\Documents and Settings\z3\Dane aplikacji

[2008-07-15 06:23:26 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\atitray

[2009-06-12 17:09:31 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\DAEMON Tools

[2009-09-07 11:17:07 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\DAEMON Tools Lite

[2009-06-12 17:09:31 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\DAEMON Tools Pro

[2008-09-17 01:24:00 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\FlashFXP

[2008-07-22 19:10:03 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\Gadu-Gadu

[2009-03-10 19:13:20 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\id Software

[2008-07-14 09:20:29 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\IrfanView

[2008-07-15 00:43:58 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\Notepad++

[2009-02-13 13:45:55 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\Nowe Gadu-Gadu

[2009-09-14 19:25:01 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\uTorrent

[2009-09-09 19:54:34 | 00,000,472 | ---- | M] () -- H:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2001-07-21 23:17:50 | 00,000,065 | RH-- | M] () -- H:\WINDOWS\Tasks\desktop.ini

[2009-09-13 00:14:00 | 00,001,068 | ---- | M] () -- H:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-562591055-682003330-1003Core.job

[2009-09-14 19:14:00 | 00,001,120 | ---- | M] () -- H:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-562591055-682003330-1003UA.job

[2009-09-14 17:13:03 | 00,000,006 | -H-- | M] () -- H:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> H:\Documents and Settings\All Users\Dane aplikacji\TEMP:1AAB2E68

< End of report >

Extras.txt:

Log do sprawdzenia

OTL Extras logfile created on: 2009-09-14 19:32:44 - Run 1

OTL by OldTimer - Version 3.0.11.0 Folder = H:\Documents and Settings\z3\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,48 Mb Total Physical Memory | 290,53 Mb Available Physical Memory | 37,85% Memory free

1,83 Gb Paging File | 1,49 Gb Available in Paging File | 81,42% Paging File free

Paging file location(s): H:\pagefile.sys 2 1024 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files

Drive C: | 8,56 Gb Total Space | 1,98 Gb Free Space | 23,12% Space Free | Partition Type: NTFS

Drive D: | 74,52 Gb Total Space | 2,60 Gb Free Space | 3,48% Space Free | Partition Type: NTFS

Drive E: | 29,30 Gb Total Space | 3,35 Gb Free Space | 11,43% Space Free | Partition Type: NTFS

Drive F: | 17,02 Gb Total Space | 9,59 Gb Free Space | 56,37% Space Free | Partition Type: FAT32

Drive G: | 9,74 Gb Total Space | 0,15 Gb Free Space | 1,56% Space Free | Partition Type: FAT32

Drive H: | 7,38 Gb Total Space | 1,47 Gb Free Space | 19,92% Space Free | Partition Type: NTFS

Drive I: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: Z3

Current User Name: z3

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- H:\WINDOWS\hh.exe (Microsoft Corporation)

.html [@ = htmlfile] -- H:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\apps\firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"8461:TCP" = 8461:TCP:*:Enabled:GoD High Port

"8462:TCP" = 8462:TCP:*:Enabled:GoD Low Port

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\AS\rapimgr.exe" = C:\AS\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\AS\wcescomm.exe" = C:\AS\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\AS\WCESMgr.exe" = C:\AS\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"H:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = H:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\apps\wamp server\bin\apache\apache2.2.8\bin\httpd.exe" = C:\apps\wamp server\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\apps\packet tracer 5.0\bin\PacketTracer5.exe" = C:\apps\packet tracer 5.0\bin\PacketTracer5.exe:*:Enabled:PacketTracer5 -- ()

"C:\apps\gg\gg.exe" = C:\apps\gg\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)

"C:\apps\utorrent\uTorrent.exe" = C:\apps\utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\apps\firefox\firefox.exe" = C:\apps\firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe" = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe:*:Enabled:VPN Client -- (Cisco Systems, Inc.)

"C:\Program Files\GNS\Dynamips\dynamips-wxp.exe" = C:\Program Files\GNS\Dynamips\dynamips-wxp.exe:*:Enabled:dynamips-wxp -- ()

"H:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe" = H:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe:*:Enabled:InstallShield ® Setup Engine -- (InstallShield Software Corporation)

"H:\Program Files\Skype\Phone\Skype.exe" = H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\AS\rapimgr.exe" = C:\AS\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\AS\wcescomm.exe" = C:\AS\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\AS\WCESMgr.exe" = C:\AS\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{068B65E6-8960-4FAD-B143-126D86F228EE}" = Cisco SDM

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{12F69331-DCBB-46D5-B475-6BFD0F9048B3}" = Boson Exam Environment

"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1

"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3BC1AB78-2D98-4906-84B5-4230B5420DCC}" = Offline Course Player

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client

"{61ADCC33-E631-4B53-8C64-0CBF0D683DD6}" = Ciscopedia v3.0

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7AE80E7B-3681-45A7-8F82-507590D92978}" = Microsoft Content Management Server Bootstrap

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0054-0415-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9DA4493A-480C-4554-A02C-4B542D33A1D9}" = ManageEngine NetFlow Analyzer 7.5

"{A014D982-EAE5-4654-9D1B-4782C5868E9A}" = Microsoft Content Management Server SP1a

"{A05BE20E-6510-44BC-95ED-6E6D730407D3}" = Vplayer

"{A1938413-B21A-4D75-B76B-CF5E83F67E1D}" = MeasureUp Practice Tests

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3

"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0

"{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}" = Instant Demo

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B7C076CA-126E-497C-8724-B589F54031AF}" = HDD Regenerator

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{CEB981CC-8624-4385-9D5A-1382952196BE}" = MeasureUp Practice Tests

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D82AF0E4-87DA-4BE0-BB1D-5E5263A40D73}" = MeasureUp Practice Tests

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E0649555-ACA7-4E2D-9490-0AEB158693EF}" = Visual CertExam Suite 1.9

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup

"AC3Filter" = AC3Filter (remove only)

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3

"ATI Display Driver" = ATI Display Driver (Omega 3.8.442)

"CCleaner" = CCleaner (remove only)

"Cisco TFTP Server v1.1" = Cisco TFTP Server v1.1

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ffdshow_is1" = ffdshow [rev 918] [2007-02-12]

"FLV Player" = FLV Player 2.0 (build 25)

"Gadu-Gadu" = Gadu-Gadu 7.7

"GNS3" = GNS3 0.6

"HijackThis" = HijackThis 2.0.2

"hp deskjet 3320 series" = hp deskjet 3320 series (Remove only)

"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0

"InstallShield_{A1938413-B21A-4D75-B76B-CF5E83F67E1D}" = MeasureUp Practice Tests

"InstallShield_{CEB981CC-8624-4385-9D5A-1382952196BE}" = MeasureUp Practice Tests

"InstallShield_{D82AF0E4-87DA-4BE0-BB1D-5E5263A40D73}" = MeasureUp Practice Tests

"IrfanView" = IrfanView (remove only)

"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)

"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft Content Management Server SP1a" = Microsoft Content Management Server SP1a

"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)

"MultiRes (remove only)" = MultiRes (remove only)

"Netspace Challenge" = Netspace Challenge 1.5

"Notepad++" = Notepad++

"Packet Tracer 5.2_is1" = Packet Tracer 5.2

"RealPlayer 6.0" = RealPlayer

"save2pc Light_is1" = save2pc Light 3.41

"save2pc Pro_is1" = save2pc Pro 3.41

"Transcender Test Engine" = Transcender Test Engine

"Transcender: Exam Cert-70-271 " = Transcender: Exam Cert-70-271

"Transcender: Exam Cert-70-272 " = Transcender: Exam Cert-70-272

"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program

"VISPRO" = Microsoft Office Visio Professional 2007

"Visual CertExam Suite_is1" = Visual CertExam Suite 1.9

"VLC media player" = VideoLAN VLC media player 0.8.6i

"WampServer 2_is1" = WampServer 2.0

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4

"WinPcapInst" = WinPcap 4.0.2

"WinRAR archiver" = Archiwizator WinRAR

"WinUAE" = WinUAE 1.5.3

"Wireshark" = Wireshark 1.0.5

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2009-09-13 07:52:09 | Computer Name = Z3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-09-13 08:26:47 | Computer Name = Z3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-09-13 12:37:08 | Computer Name = Z3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-09-13 15:37:08 | Computer Name = Z3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-09-13 17:39:51 | Computer Name = Z3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-09-13 17:46:44 | Computer Name = Z3 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł

powodujący błąd shgina.dll, wersja 6.0.2900.2180, adres błędu 0x00007b0c.

Error - 2009-09-13 18:32:46 | Computer Name = Z3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-09-14 02:18:53 | Computer Name = Z3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-09-14 07:26:12 | Computer Name = Z3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-09-14 11:13:20 | Computer Name = Z3 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

[ OSession Events ]

Error - 2009-04-14 18:04:45 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 314

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-05-04 15:33:08 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 303

seconds with 240 seconds of active time. This session ended with a crash.

Error - 2009-05-07 05:38:30 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 1340 seconds with 420 seconds of active time. This session ended with a

crash.

Error - 2009-05-07 05:38:41 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-05-07 05:44:16 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 333 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-05-07 05:44:53 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-05-07 05:49:28 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 272 seconds with 240 seconds of active time. This session ended with a crash.

Error - 2009-05-07 06:04:01 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 870 seconds with 300 seconds of active time. This session ended with a crash.

Error - 2009-05-07 09:18:31 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 1670 seconds with 480 seconds of active time. This session ended with a

crash.

Error - 2009-05-07 09:47:44 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 1749 seconds with 780 seconds of active time. This session ended with a

crash.

[ System Events ]

Error - 2009-09-13 08:02:07 | Computer Name = Z3 | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2009-09-13 08:05:14 | Computer Name = Z3 | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2009-09-13 08:06:37 | Computer Name = Z3 | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

z usługą PEVSystemStart.

Error - 2009-09-13 08:51:51 | Computer Name = Z3 | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

z usługą PEVSystemStart.

Error - 2009-09-13 16:58:53 | Computer Name = Z3 | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

z usługą PEVSystemStart.

Error - 2009-09-13 17:03:58 | Computer Name = Z3 | Source = Service Control Manager | ID = 7031

Description = Usługa Lavasoft Ad-Aware Service niespodziewanie zakończyła pracę.

Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca

czynność korekcyjna: Uruchom usługę ponownie.

Error - 2009-09-13 17:03:58 | Computer Name = Z3 | Source = Service Control Manager | ID = 7034

Description = Usługa Cisco Systems, Inc. VPN Service niespodziewanie zakończyła

pracę. Wystąpiło to razy: 1.

Error - 2009-09-13 17:10:42 | Computer Name = Z3 | Source = Service Control Manager | ID = 7031

Description = Usługa Lavasoft Ad-Aware Service niespodziewanie zakończyła pracę.

Wystąpiło to razy: 2. W przeciągu 5000 milisekund zostanie podjęta następująca

czynność korekcyjna: Uruchom usługę ponownie.

Error - 2009-09-13 17:12:52 | Computer Name = Z3 | Source = Service Control Manager | ID = 7034

Description = Usługa Usługa SNMP niespodziewanie zakończyła pracę. Wystąpiło to

razy: 1.

Error - 2009-09-13 17:48:09 | Computer Name = Z3 | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

z usługą PEVSystemStart.

< End of report >

Gmer:

Log do sprawdzenia

GMER 1.0.15.15077 [her.com] - http://www.gmer.net

Rootkit quick scan 2009-09-14 19:29:41

Windows 5.1.2600 Dodatek Service Pack 2

---- System - GMER 1.0.15 ----

SSDT spko.sys ZwEnumerateKey [0xF742CCA4]

SSDT spko.sys ZwEnumerateValueKey [0xF742D032]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82FDA1F8

Device \FileSystem\Fastfat \Fat 82DFE1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS Attach.txt:

Log do sprawdzenia

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2008-07-14 01:21:24

System Uptime: 2009-09-14 17:12:19 (2 hours ago)

Motherboard: MSI | | MS-6380E

Processor: AMD Athlon XP 2000+ | Socket-A | 1666/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 9 GiB total, 1,98 GiB free.

D: is FIXED (NTFS) - 75 GiB total, 2,597 GiB free.

E: is FIXED (NTFS) - 29 GiB total, 3,348 GiB free.

F: is FIXED (FAT32) - 17 GiB total, 9,594 GiB free.

G: is FIXED (FAT32) - 10 GiB total, 0,152 GiB free.

H: is FIXED (NTFS) - 7 GiB total, 1,484 GiB free.

I: is CDROM (CDFS)

J: is CDROM ()

K: is CDROM ()

L: is CDROM ()

M: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&38

Manufacturer: Realtek

Name: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&38

Service: rtl8139

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0002

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0002

Service: CVirtA

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Microsoft Kernel DLS Synthesizer

Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC

Manufacturer: Microsoft

Name: Microsoft Kernel DLS Synthesizer

PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC

Service: DMusic

==== System Restore Points ===================

RP501: 2009-09-11 13:58:13 - Punkt kontrolny systemu

RP502: 2009-09-12 15:23:19 - Punkt kontrolny systemu

RP503: 2009-09-13 21:52:02 - Punkt kontrolny systemu

==== Installed Programs ======================

AC3Filter (remove only)

Acrobat.com

Ad-Aware

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader 9.1.3

Adobe Setup

Adobe Shockwave Player 11

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Apple Mobile Device Support

Apple Software Update

Archiwizator WinRAR

ATI Display Driver (Omega 3.8.442)

µTorrent

BlueSoleil

Boson Exam Environment

CCleaner (remove only)

Cisco SDM

Cisco TFTP Server v1.1

Ciscopedia v3.0

ffdshow [rev 918] [2007-02-12]

FLV Player 2.0 (build 25)

Gadu-Gadu 7.7

GNS3 0.6

Google Chrome

HDD Regenerator

Heroes of Might and Magic V

HijackThis 2.0.2

Hotfix for Windows XP (KB954550-v5)

hp deskjet 3320 series (Remove only)

Instant Demo

IrfanView (remove only)

iTunes

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_19

Java 6 Update 13

Magic ISO Maker v5.5 (build 0265)

Magic ISO Maker v5.5 (build 0276)

Malwarebytes' Anti-Malware

ManageEngine NetFlow Analyzer 7.5

MeasureUp Practice Tests

Microsoft .NET Compact Framework 3.5

Microsoft .NET Framework 1.1

Microsoft ActiveSync 4.0

Microsoft Content Management Server Bootstrap

Microsoft Content Management Server SP1a

Microsoft Game Studios Common Redistributables Pack 1

Microsoft Office Access MUI (Polish) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Polish) 2007

Microsoft Office Groove MUI (Polish) 2007

Microsoft Office InfoPath MUI (Polish) 2007

Microsoft Office OneNote MUI (Polish) 2007

Microsoft Office Outlook MUI (Polish) 2007

Microsoft Office PowerPoint MUI (Polish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Polish) 2007

Microsoft Office Proofing (Polish) 2007

Microsoft Office Publisher MUI (Polish) 2007

Microsoft Office Shared MUI (Polish) 2007

Microsoft Office Visio MUI (Polish) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (Polish) 2007

Microsoft Software Update for Web Folders (Polish) 12

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft XML Parser

Mozilla Firefox (3.0.6)

MSXML 6.0 Parser (KB933579)

MultiRes (remove only)

Netspace Challenge 1.5

Notepad++

Offline Course Player

Packet Tracer 5.2

PartitionMagic

PDF Settings

PDFCreator

PL-2303 USB-to-Serial

PowerQuest PartitionMagic 8.0

QuickTime

RealPlayer

save2pc Light 3.41

save2pc Pro 3.41

Skype™ 4.0

Sony Ericsson PC Suite

Spybot - Search & Destroy

Transcender Test Engine

Transcender: Exam Cert-70-271

Transcender: Exam Cert-70-272

VIA Audio Driver Setup Program

VideoLAN VLC media player 0.8.6i

Visual CertExam Suite 1.9

VMware Workstation

Vplayer

VPN Client

WampServer 2.0

WebFldrs XP

Winamp

Windows Media Format Runtime

WinHTTrack Website Copier 3.43-4

WinPcap 4.0.2

WinUAE 1.5.3

Wireshark 1.0.5

XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2009-09-13 23:22:05, informacje: Windows File Protection [64002] - Podjęto próbę zamiany chronionego pliku systemowego h:\windows\slrundll.exe. Dla zachowania stabilności systemu została przywrócona wersja oryginalna pliku. Wersja złego pliku: 3.80.1.0.

2009-09-13 14:43:51, informacje: Windows File Protection [64002] - Podjęto próbę zamiany chronionego pliku systemowego h:\windows\slrundll.exe. Dla zachowania stabilności systemu została przywrócona wersja oryginalna pliku. Wersja złego pliku: 3.80.1.0.

==== End Of File ===========================

DDS.txt:

Log do sprawdzenia

DDS (Ver_09-07-30.01) - NTFSx86

Run by z3 at 19:46:13,17 on 2009-09-14

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.767.313 [GMT 2:00]

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

H:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

H:\WINDOWS\System32\snmp.exe

C:\apps\gg\gg.exe

H:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\apps\firefox\firefox.exe

H:\Documents and Settings\z3\Moje dokumenty\Pobieranie\dds.pif

============== Pseudo HJT Report ===============

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Gadu-Gadu] "c:\apps\gg\gg.exe" /tray

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

Notify: AtiExtEvent - Ati2evxx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - h:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - h:\docume~1\z3\daneap~1\mozilla\firefox\profiles\i5ibg8im.default\

FF - plugin: c:\apps\firefox\plugins\NPOlp32.dll

FF - plugin: c:\apps\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\apps\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\apps\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\apps\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\apps\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\apps\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\apps\quicktime\plugins\npqtplugin7.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - plugin: h:\documents and settings\z3\ustawienia lokalne\dane aplikacji\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\apps\firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\apps\firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\apps\firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\apps\firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\apps\firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\apps\firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\apps\firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\apps\firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\apps\firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\apps\firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\apps\firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\apps\firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\apps\firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\apps\firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\apps\firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\apps\firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\apps\firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\apps\firefox\greprefs\all.js - pref("geo.enabled", true);

c:\apps\firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\apps\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\apps\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\apps\firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\apps\firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\apps\firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\apps\firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\apps\firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\apps\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\apps\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\apps\firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;h:\windows\system32\drivers\Lbd.sys [2009-5-20 64160]

R1 atitray;atitray;h:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2008-7-14 17952]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\apps\virtualcd\VCdRom.sys [2001-12-19 8576]

R2 vmci;VMware vmci;h:\windows\system32\drivers\vmci.sys [2008-10-28 54960]

S3 NPF;NetGroup Packet Filter Driver;h:\windows\system32\drivers\npf.sys [2007-11-6 34064]

S3 vsdatant;vsdatant;h:\windows\system32\vsdatant.sys [2009-4-5 280344]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]

S4 netflowanalyzer;ManageEngine NetFlow Analyzer 7;c:\advent~1\me\netflow\bin\wrapper.exe -s c:\advent~1\me\netflow\bin\\..\server\default\conf\wrapper.conf --> c:\advent~1\me\netflow\bin\wrapper.exe -s c:\advent~1\me\netflow\bin\\..\server\default\conf\wrapper.conf [?]

S4 UGTEWQ;UGTEWQ;h:\docume~1\z3\ustawi~1\temp\ugtewq.exe --> h:\docume~1\z3\ustawi~1\temp\UGTEWQ.exe [?]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-09-13 23:47 229,888 ac------ h:\windows\PEV.exe

2009-09-13 23:47 395,776 ac------ h:\windows\system32\CF10037.exe

2009-09-13 23:47 <DIR> -cds---- H:\ble

2009-09-13 23:39 <DIR> -cd----- h:\windows\Internet Logs

2009-09-13 22:58 395,776 ac------ h:\windows\system32\CF25845.exe

2009-09-13 14:51 395,776 ac------ h:\windows\system32\CF23236.exe

2009-09-10 11:28 0 ac------ h:\windows\system32\YUJOY

2009-09-10 11:27 7,680 ac------ h:\windows\system32\drivers\RKL2A.tmp.sys

2009-09-10 01:05 <DIR> -cd----- h:\docume~1\z3\daneap~1\Malwarebytes

2009-09-10 01:05 38,224 ac------ h:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 01:05 19,160 ac------ h:\windows\system32\drivers\mbam.sys

2009-09-10 00:07 21,596 ac------ h:\windows\system32\AAWService_2009_09_10_00_07_03.dmp

2009-09-09 23:59 <DIR> -cd----- h:\program files\Visual CertExam Suite

2009-09-07 08:21 <DIR> -cd----- h:\program files\DAEMON Tools Toolbar

2009-08-31 23:18 <DIR> -cd----- h:\program files\Transcender

==================== Find3M ====================

2009-09-12 06:25 459,078 a------- h:\windows\system32\perfh015.dat

2009-09-12 06:25 78,374 a------- h:\windows\system32\perfc015.dat

2009-09-07 01:42 721,904 a------- h:\windows\system32\drivers\sptd.sys

2009-06-22 16:55 55,892 ac--h--- h:\windows\system32\mlfcache.dat

2009-03-10 19:12 22,328 ac------ h:\docume~1\z3\daneap~1\PnkBstrK.sys

============= FINISH: 19:46:42,75 ===============

Widzę te błędy, lecz nie mam pewności jak stworzyć skrypt, więc piszę do was, koledzy.

MarekM25
komentarz
komentarz

Jak widzisz to powiedz, gdzie;) Zobacz czy combofix zadziała w awaryjnym.

raz3
komentarz
komentarz

Combofix w żadnym trybie nie działa. Wszędzie zawiesza się na etapie 50.

MarekM25
komentarz
komentarz

Pobierz najnowszą wersję i spróbuj zmienić nazwę. W jakiej lokalizacji jest wykrywany rootkit??

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.