raz3 utworzono 14 września 2009 utworzono 14 września 2009 (edytowane) Witam, chyba złapałem rootkita. Combofix się nie uruchamiał, ale ściągnąłem nową wersję, wyrzuciłem wszystko z rejestru z nim związanego i teraz odcina połączenie internetowe i staje na etapie 50, dodatkowo nie działają cyfry na klawiaturze i cała numeryczna, poza cyfrą 5. OTL.txt: Log do sprawdzenia OTL logfile created on: 2009-09-14 19:32:44 - Run 1 OTL by OldTimer - Version 3.0.11.0 Folder = H:\Documents and Settings\z3\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,48 Mb Total Physical Memory | 290,53 Mb Available Physical Memory | 37,85% Memory free 1,83 Gb Paging File | 1,49 Gb Available in Paging File | 81,42% Paging File free Paging file location(s): H:\pagefile.sys 2 1024 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files Drive C: | 8,56 Gb Total Space | 1,98 Gb Free Space | 23,12% Space Free | Partition Type: NTFS Drive D: | 74,52 Gb Total Space | 2,60 Gb Free Space | 3,48% Space Free | Partition Type: NTFS Drive E: | 29,30 Gb Total Space | 3,35 Gb Free Space | 11,43% Space Free | Partition Type: NTFS Drive F: | 17,02 Gb Total Space | 9,59 Gb Free Space | 56,37% Space Free | Partition Type: FAT32 Drive G: | 9,74 Gb Total Space | 0,15 Gb Free Space | 1,56% Space Free | Partition Type: FAT32 Drive H: | 7,38 Gb Total Space | 1,47 Gb Free Space | 19,92% Space Free | Partition Type: NTFS Drive I: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: Z3 Current User Name: z3 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\Explorer.EXE PRC - [2006-04-20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009-05-21 00:29:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2004-08-04 00:44:28 | 00,032,256 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\snmp.exe PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wdfmgr.exe PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\apps\gg\gg.exe PRC - [2009-09-10 23:25:58 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\apps\firefox\firefox.exe PRC - [2009-03-29 11:09:50 | 01,220,608 | ---- | M] (Don HO don.h@free.fr) -- C:\apps\notepad++\notepad++.exe PRC - [2001-10-26 18:29:48 | 00,115,200 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\calc.exe PRC - [2009-09-14 19:32:23 | 00,513,536 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\z3\Moje dokumenty\Pobieranie\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2003-02-20 21:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - File not found -- -- (Bonjour Service [Disabled | Stopped]) SRV - [2006-04-20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-03-12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- H:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped]) SRV - [2009-05-21 00:29:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2009-07-20 20:02:05 | 01,029,456 | ---- | M] (Lavasoft) -- H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Disabled | Stopped]) SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [Disabled | Stopped]) SRV - File not found -- -- (netflowanalyzer [Disabled | Stopped]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [Disabled | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped]) SRV - [2004-08-04 00:44:28 | 00,032,256 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running]) SRV - [2008-10-02 18:25:42 | 00,191,024 | ---- | M] (VMware, Inc.) -- D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [Disabled | Stopped]) SRV - File not found -- -- (UGTEWQ [Disabled | Stopped]) SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2008-10-28 23:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- D:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [Disabled | Stopped]) SRV - [2008-10-28 23:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\vmnetdhcp.exe -- (VMnetDHCP [Disabled | Stopped]) SRV - [2008-10-28 23:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\vmnat.exe -- (VMware NAT Service [Disabled | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2004-08-04 00:35:04 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- H:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2007-11-05 09:55:04 | 00,017,952 | ---- | M] () -- H:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray [system | Running]) DRV - [2006-06-23 17:00:26 | 00,031,488 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running]) DRV - [2005-08-31 11:34:52 | 00,020,480 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running]) DRV - [2006-01-19 14:31:34 | 00,010,068 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running]) DRV - [2006-07-16 17:06:16 | 00,023,040 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped]) DRV - [2005-07-30 08:21:32 | 00,011,988 | ---- | M] () -- H:\WINDOWS\System32\DRIVERS\vbtenum.sys -- (BTHidEnum [On_Demand | Running]) DRV - [2005-05-01 06:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [boot | Running]) DRV - [2006-04-14 10:14:12 | 00,014,312 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped]) DRV - [2005-05-17 04:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- H:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped]) DRV - [2006-04-20 08:33:40 | 00,303,740 | ---- | M] (Cisco Systems, Inc.) -- H:\WINDOWS\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running]) DRV - [2005-06-29 19:50:30 | 00,110,080 | ---- | M] (Deterministic Networks, Inc.) -- H:\WINDOWS\System32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running]) DRV - [2009-01-15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- H:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) DRV - [2008-10-28 23:08:52 | 00,032,304 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\drivers\hcmon.sys -- (hcmon [Auto | Running]) DRV - [2009-05-20 19:53:04 | 00,064,160 | ---- | M] (Lavasoft AB) -- H:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [boot | Running]) DRV - [2001-08-17 22:53:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\DRIVERS\loop.sys -- (msloop [On_Demand | Running]) DRV - [2004-08-03 22:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped]) DRV - [2007-11-06 22:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- H:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped]) DRV - [2002-09-16 18:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- H:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [system | Running]) DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- H:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- H:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2001-08-17 22:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running]) DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- H:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running]) DRV - [2006-09-18 15:58:48 | 00,061,600 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped]) DRV - [2006-09-18 15:58:52 | 00,009,360 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped]) DRV - [2006-09-18 15:58:54 | 00,097,184 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped]) DRV - [2006-09-18 15:58:58 | 00,088,688 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped]) DRV - [2006-09-18 15:59:00 | 00,018,704 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped]) DRV - [2006-09-18 15:59:02 | 00,086,560 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped]) DRV - [2006-09-18 15:59:08 | 00,090,800 | R--- | M] (MCCI) -- H:\WINDOWS\System32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped]) DRV - [2003-02-04 23:11:41 | 00,011,376 | R--- | M] () -- H:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2009-09-07 01:42:58 | 00,721,904 | ---- | M] () -- H:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2006-07-24 16:05:00 | 00,005,632 | ---- | M] () -- H:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running]) DRV - [2009-03-05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- H:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) DRV - [2005-10-21 03:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped]) DRV - [2001-12-19 11:45:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\apps\VirtualCD\VCdRom.sys -- (vcdrom [system | Running]) DRV - [2004-10-19 14:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running]) DRV - [2006-02-28 17:57:22 | 00,084,836 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running]) DRV - [2005-07-29 17:21:48 | 00,011,736 | ---- | M] (IVT Corporation) -- H:\WINDOWS\System32\drivers\VHIDMini.sys -- (VHidMinidrv [On_Demand | Stopped]) DRV - [2002-07-24 04:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- H:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [boot | Running]) DRV - [2004-06-18 13:47:22 | 00,152,192 | ---- | M] (VIA Technologies, Inc.) -- H:\WINDOWS\System32\drivers\viaudios.sys -- (VIAudio [On_Demand | Running]) DRV - [2008-10-28 23:08:58 | 00,054,960 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\Drivers\vmci.sys -- (vmci [Auto | Running]) DRV - [2008-10-28 23:08:56 | 00,023,216 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running]) DRV - [2008-10-28 17:03:28 | 00,016,560 | R--- | M] (VMware, Inc.) -- H:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Running]) DRV - [2008-10-28 17:03:28 | 00,031,280 | R--- | M] (VMware, Inc.) -- H:\WINDOWS\System32\DRIVERS\vmnetbridge.sys -- (VMnetBridge [Auto | Running]) DRV - [2008-10-28 23:08:58 | 00,026,288 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running]) DRV - [2008-10-28 23:08:42 | 00,014,896 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\Drivers\VMparport.sys -- (VMparport [Auto | Running]) DRV - [2008-10-28 23:08:54 | 00,857,392 | ---- | M] (VMware, Inc.) -- H:\WINDOWS\System32\Drivers\vmx86.sys -- (vmx86 [Auto | Running]) DRV - [2005-01-26 06:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- H:\WINDOWS\System32\vsdatant.sys -- (vsdatant [On_Demand | Stopped]) DRV - [2008-10-02 18:24:48 | 00,022,448 | ---- | M] (VMware, Inc.) -- D:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\SYSTEM32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\SYSTEM32\blank.htm IE - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-1844237615-562591055-682003330-1003\S-1-5-21-1844237615-562591055-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.84 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.2 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1 FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-21 00:29:50 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\apps\firefox\components [2009-09-10 23:26:03 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\apps\firefox\plugins [2009-09-10 23:26:03 | 00,000,000 | ---D | M] [2008-07-14 01:44:53 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Extensions [2008-07-14 01:44:53 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-09-13 11:39:14 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions [2009-06-14 01:44:02 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2008-07-14 01:47:29 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-17 02:16:49 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2009-06-03 22:22:14 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2009-08-13 13:18:40 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-04-05 17:03:25 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\dave2x@download [2009-08-14 11:25:11 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\mozilla\Firefox\Profiles\i5ibg8im.default\extensions\firebug@software.joehewitt.com [2008-12-15 17:21:44 | 00,000,878 | ---- | M] () -- H:\Documents and Settings\z3\Dane aplikacji\Mozilla\FireFox\Profiles\i5ibg8im.default\searchplugins\conduit.xml O1 HOSTS File: (686 bytes) - H:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKU\S-1-5-21-1844237615-562591055-682003330-1003..\Run: [Gadu-Gadu] C:\apps\gg\gg.exe (Gadu-Gadu S.A.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1844237615-562591055-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1844237615-562591055-682003330-1003\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.199.225.14 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - H:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - H:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-07-14 01:19:07 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - H:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - H:\WINDOWS\System32\lsdelete.exe () ========== Files/Folders - Created Within 30 Days ========== [2009-09-13 23:47:32 | 00,229,888 | ---- | C] () -- H:\WINDOWS\PEV.exe [2009-09-13 23:47:32 | 00,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe [2009-09-13 23:47:32 | 00,161,792 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe [2009-09-13 23:47:32 | 00,136,704 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe [2009-09-13 23:47:32 | 00,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe [2009-09-13 23:47:32 | 00,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe [2009-09-13 23:47:32 | 00,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe [2009-09-13 23:47:32 | 00,031,232 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe [2009-09-13 23:47:13 | 00,000,000 | ---D | C] -- H:\WINDOWS\ERDNT [2009-09-13 23:47:12 | 00,395,776 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\CF10037.exe [2009-09-13 23:47:12 | 00,000,000 | --SD | C] -- H:\ble [2009-09-13 23:47:08 | 00,000,000 | ---D | C] -- H:\Qoobox [2009-09-13 23:39:50 | 00,000,000 | ---D | C] -- H:\WINDOWS\Internet Logs [2009-09-13 22:58:08 | 00,395,776 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\CF25845.exe [2009-09-13 22:51:42 | 00,000,610 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\UnHookExec.inf [2009-09-13 16:29:03 | 00,013,234 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\01e4e99e12.jpeg [2009-09-13 14:51:05 | 00,395,776 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\CF23236.exe [2009-09-13 14:46:37 | 00,000,000 | -H-D | C] -- H:\Program Files\Uninstall Information [2009-09-13 14:45:48 | 00,009,830 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\exefix.reg [2009-09-12 00:10:16 | 00,126,207 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\agusia.jpg [2009-09-10 22:58:24 | 00,000,000 | ---D | C] -- H:\WINDOWS\System32\0 [2009-09-10 22:58:08 | 02,155,096 | ---- | C] (Exam Solutions) -- H:\WINDOWS\System32\QDMEAXRT.ocx [2009-09-10 22:58:08 | 00,622,592 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KUserService.dll [2009-09-10 22:58:08 | 00,462,848 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KDataService.dll [2009-09-10 22:58:08 | 00,209,608 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\TabCtl32.ocx [2009-09-10 22:58:08 | 00,193,784 | ---- | C] (Mabry Software, Inc.) -- H:\WINDOWS\System32\HttpX.dll [2009-09-10 22:58:08 | 00,172,032 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KBusinessService.dll [2009-09-10 22:58:08 | 00,144,640 | ---- | C] (Mabry Software, Inc.) -- H:\WINDOWS\System32\HttpX.ocx [2009-09-10 22:58:08 | 00,057,344 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KWebFarm.dll [2009-09-10 22:58:08 | 00,045,056 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\KCommon.dll [2009-09-10 22:58:08 | 00,032,768 | ---- | C] (Self Test Software) -- H:\WINDOWS\System32\webCryption.dll [2009-09-10 22:58:08 | 00,024,576 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKUserInterface.dll [2009-09-10 22:58:08 | 00,024,576 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKDataInterface.dll [2009-09-10 22:58:08 | 00,020,480 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKLiveInterface.dll [2009-09-10 22:58:08 | 00,020,480 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKCryptionInterface.dll [2009-09-10 22:58:08 | 00,020,480 | ---- | C] (Kaplan IT) -- H:\WINDOWS\System32\IKBusinessInterface.dll [2009-09-10 22:58:07 | 01,229,408 | ---- | C] (Pallas, Inc., A Dev Group of Exam Solutions, Inc.) -- H:\WINDOWS\System32\ESPICaseStudyLibrary.ocx [2009-09-10 22:58:07 | 00,933,888 | ---- | C] (Macromedia, Inc.) -- H:\WINDOWS\System32\Flash.ocx [2009-09-10 22:58:07 | 00,466,944 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\capicom.dll [2009-09-10 22:58:07 | 00,099,576 | ---- | C] (Mabry Software, Inc.) -- H:\WINDOWS\System32\MabryObj.dll [2009-09-10 22:58:07 | 00,036,864 | ---- | C] (Self Test Software) -- H:\WINDOWS\System32\MouseWheelTrap.ocx [2009-09-10 22:58:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\msxml3a.dll [2009-09-10 22:58:07 | 00,000,037 | ---- | C] () -- H:\WINDOWS\System32\nett12.dll [2009-09-10 22:58:06 | 00,368,912 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\vbar332.dll [2009-09-10 11:28:50 | 00,000,000 | ---- | C] () -- H:\WINDOWS\System32\YUJOY [2009-09-10 11:27:06 | 00,007,680 | ---- | C] (Lavasoft AB) -- H:\WINDOWS\System32\drivers\RKL2A.tmp.sys [2009-09-10 01:05:17 | 00,000,000 | ---D | C] -- H:\Documents and Settings\z3\Dane aplikacji\Malwarebytes [2009-09-10 01:05:15 | 00,000,566 | ---- | C] () -- H:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-09-10 01:05:13 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-09-10 01:05:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys [2009-09-10 00:07:03 | 00,021,596 | ---- | C] () -- H:\WINDOWS\System32\AAWService_2009_09_10_00_07_03.dmp [2009-09-09 23:59:03 | 00,000,000 | ---D | C] -- H:\Program Files\Visual CertExam Suite [2009-09-07 08:21:47 | 00,000,000 | ---D | C] -- H:\Program Files\DAEMON Tools Toolbar [2009-08-31 23:18:44 | 00,000,000 | ---D | C] -- H:\Program Files\Transcender [2009-08-31 15:41:27 | 00,000,000 | -HSD | C] -- H:\RECYCLER [2009-08-27 00:07:10 | 00,034,835 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\Zespół Angelmana.docx [2009-08-23 22:03:58 | 00,000,657 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\Netspace Challenge.lnk [2009-08-22 23:13:24 | 00,053,760 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\Nowy Rysunek programu Microsoft Office Visio.vsd [2009-08-20 20:00:46 | 00,064,585 | ---- | C] () -- H:\Documents and Settings\z3\Pulpit\1250790491_by_EndlessDark.jpg [2009-08-18 14:13:14 | 00,000,000 | ---D | C] -- H:\Documents and Settings\z3\Moje dokumenty\Pobieranie [2009-08-11 19:18:22 | 00,000,163 | ---- | C] () -- H:\WINDOWS\disney.ini [2009-04-05 22:21:36 | 00,029,752 | ---- | C] () -- H:\WINDOWS\System32\InstHelper.dll [2009-04-05 22:20:35 | 00,197,680 | ---- | C] () -- H:\WINDOWS\System32\vpnapi.dll [2009-04-05 22:20:33 | 00,193,584 | ---- | C] () -- H:\WINDOWS\System32\CSGina.dll [2009-03-31 03:55:10 | 00,055,856 | R--- | C] () -- H:\WINDOWS\System32\vnetinst.dll [2009-02-24 01:27:49 | 00,000,023 | ---- | C] () -- H:\WINDOWS\BlendSettings.ini [2009-02-21 13:42:35 | 00,021,840 | ---- | C] () -- H:\WINDOWS\System32\SIntfNT.dll [2009-02-21 13:42:35 | 00,017,212 | ---- | C] () -- H:\WINDOWS\System32\SIntf32.dll [2009-02-21 13:42:34 | 00,012,067 | ---- | C] () -- H:\WINDOWS\System32\SIntf16.dll [2009-01-16 12:35:57 | 00,116,224 | ---- | C] () -- H:\WINDOWS\System32\pdfcmnnt.dll [2009-01-12 22:37:14 | 00,000,600 | ---- | C] () -- H:\WINDOWS\Rtcw.INI [2008-12-23 03:11:20 | 00,001,016 | ---- | C] () -- H:\WINDOWS\mgreg.ini [2008-12-23 03:10:57 | 00,000,030 | ---- | C] () -- H:\WINDOWS\mgwin.ini [2008-12-12 01:36:23 | 00,000,165 | ---- | C] () -- H:\WINDOWS\ODBC.INI [2008-11-14 19:44:01 | 00,003,249 | ---- | C] () -- H:\WINDOWS\VPlayer.INI [2008-10-29 15:12:11 | 00,000,000 | ---- | C] () -- H:\WINDOWS\mngui.INI [2008-08-08 22:42:52 | 00,399,872 | ---- | C] () -- H:\WINDOWS\c4dstand.dll [2008-08-08 22:42:48 | 00,003,300 | ---- | C] () -- H:\WINDOWS\splash.ini [2008-07-16 00:25:59 | 00,005,632 | ---- | C] () -- H:\WINDOWS\System32\drivers\StarOpen.sys [2008-07-15 19:56:24 | 00,721,904 | ---- | C] () -- H:\WINDOWS\System32\drivers\sptd.sys [2008-07-15 00:45:02 | 00,081,920 | ---- | C] () -- H:\WINDOWS\System32\ieencode.dll [2008-07-15 00:30:59 | 00,010,752 | ---- | C] () -- H:\WINDOWS\System32\ff_vfw.dll [2008-07-15 00:30:59 | 00,000,547 | ---- | C] () -- H:\WINDOWS\System32\ff_vfw.dll.manifest [2008-07-14 01:36:10 | 00,000,011 | ---- | C] () -- H:\WINDOWS\System32\atiicdxx.ini [2008-07-14 01:31:17 | 00,036,864 | ---- | C] () -- H:\WINDOWS\System32\UnAudioNT.dll [2007-11-06 22:19:28 | 00,053,299 | ---- | C] () -- H:\WINDOWS\System32\pthreadVC.dll [2006-04-14 10:14:12 | 00,014,312 | ---- | C] () -- H:\WINDOWS\System32\drivers\BTNetFilter.sys [2005-07-30 08:21:32 | 00,011,988 | ---- | C] () -- H:\WINDOWS\System32\drivers\vbtenum.sys [2002-03-25 21:02:14 | 00,011,376 | R--- | C] () -- H:\WINDOWS\System32\drivers\secdrv.sys [2001-07-21 23:16:20 | 00,000,634 | ---- | C] () -- H:\WINDOWS\win.ini [2001-07-21 23:15:52 | 00,000,227 | ---- | C] () -- H:\WINDOWS\system.ini ========== Files - Modified Within 30 Days ========== [2009-09-14 19:14:00 | 00,001,120 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-562591055-682003330-1003UA.job [2009-09-14 17:13:03 | 00,000,006 | -H-- | M] () -- H:\WINDOWS\tasks\SA.DAT [2009-09-14 17:13:01 | 00,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat [2009-09-14 02:12:36 | 00,229,888 | ---- | M] () -- H:\WINDOWS\PEV.exe [2009-09-14 00:31:04 | 08,576,810 | -H-- | M] () -- H:\Documents and Settings\z3\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-09-13 23:47:06 | 00,395,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\CF10037.exe [2009-09-13 22:57:31 | 00,395,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\CF25845.exe [2009-09-13 22:51:43 | 00,000,610 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\UnHookExec.inf [2009-09-13 16:29:04 | 00,013,234 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\01e4e99e12.jpeg [2009-09-13 14:50:58 | 00,395,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\CF23236.exe [2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\WindowsShell.Manifest [2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\wuaucpl.cpl.manifest [2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\sapi.cpl.manifest [2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\nwc.cpl.manifest [2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\ncpa.cpl.manifest [2009-09-13 14:46:37 | 00,000,749 | RH-- | M] () -- H:\WINDOWS\System32\cdplayer.exe.manifest [2009-09-13 14:45:49 | 00,009,830 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\exefix.reg [2009-09-13 14:21:09 | 00,000,686 | ---- | M] () -- H:\WINDOWS\System32\drivers\etc\HOSTS [2009-09-13 11:58:35 | 00,000,600 | ---- | M] () -- H:\Documents and Settings\z3\Ustawienia lokalne\Dane aplikacji\PUTTY.RND [2009-09-13 11:21:06 | 00,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl [2009-09-13 00:14:00 | 00,001,068 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-562591055-682003330-1003Core.job [2009-09-12 17:59:17 | 00,003,249 | ---- | M] () -- H:\WINDOWS\VPlayer.INI [2009-09-12 17:59:17 | 00,000,085 | ---- | M] () -- H:\WINDOWS\VplayerINI.vpl [2009-09-12 06:25:38 | 00,459,078 | ---- | M] () -- H:\WINDOWS\System32\perfh015.dat [2009-09-12 06:25:38 | 00,401,332 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat [2009-09-12 06:25:38 | 00,078,374 | ---- | M] () -- H:\WINDOWS\System32\perfc015.dat [2009-09-12 06:25:38 | 00,061,238 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat [2009-09-12 06:25:37 | 01,011,254 | ---- | M] () -- H:\WINDOWS\System32\PerfStringBackup.INI [2009-09-12 00:10:17 | 00,126,207 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\agusia.jpg [2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys [2009-09-10 11:28:50 | 00,000,000 | ---- | M] () -- H:\WINDOWS\System32\YUJOY [2009-09-10 11:27:06 | 00,007,680 | ---- | M] (Lavasoft AB) -- H:\WINDOWS\System32\drivers\RKL2A.tmp.sys [2009-09-10 01:05:15 | 00,000,566 | ---- | M] () -- H:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-09-10 00:07:04 | 00,021,596 | ---- | M] () -- H:\WINDOWS\System32\AAWService_2009_09_10_00_07_03.dmp [2009-09-10 00:00:18 | 00,000,227 | ---- | M] () -- H:\WINDOWS\system.ini [2009-09-09 19:54:34 | 00,000,472 | ---- | M] () -- H:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009-09-07 01:42:58 | 00,721,904 | ---- | M] () -- H:\WINDOWS\System32\drivers\sptd.sys [2009-08-27 00:41:14 | 00,034,835 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\Zespół Angelmana.docx [2009-08-24 11:30:02 | 00,028,053 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\cv.docx [2009-08-23 22:03:58 | 00,000,657 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\Netspace Challenge.lnk [2009-08-22 23:37:24 | 00,053,760 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\Nowy Rysunek programu Microsoft Office Visio.vsd [2009-08-20 20:00:47 | 00,064,585 | ---- | M] () -- H:\Documents and Settings\z3\Pulpit\1250790491_by_EndlessDark.jpg ========== LOP Check ========== [2008-07-14 02:08:28 | 00,000,000 | RH-D | M] -- H:\Documents and Settings\Administrator\Dane aplikacji [2009-08-11 19:19:04 | 00,000,000 | RH-D | M] -- H:\Documents and Settings\All Users\Dane aplikacji [2009-03-29 14:19:27 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2009-05-20 19:44:14 | 00,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2009-02-18 16:47:15 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\2DBoy [2008-11-06 13:38:28 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2008-07-17 15:04:02 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\Boson [2008-12-04 03:42:24 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\Boson Software [2008-12-18 20:26:51 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2009-07-28 22:51:15 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2008-10-29 15:03:51 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\Teleca [2009-01-28 21:04:52 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Dane aplikacji\TEMP [2008-07-14 02:08:28 | 00,000,000 | RH-D | M] -- H:\Documents and Settings\Default User\Dane aplikacji [2009-03-31 03:55:55 | 00,000,000 | ---D | M] -- H:\Documents and Settings\LocalService\Dane aplikacji [2008-07-14 01:22:15 | 00,000,000 | ---D | M] -- H:\Documents and Settings\NetworkService\Dane aplikacji [2009-09-10 01:05:17 | 00,000,000 | RH-D | M] -- H:\Documents and Settings\z3\Dane aplikacji [2008-07-15 06:23:26 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\atitray [2009-06-12 17:09:31 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\DAEMON Tools [2009-09-07 11:17:07 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\DAEMON Tools Lite [2009-06-12 17:09:31 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\DAEMON Tools Pro [2008-09-17 01:24:00 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\FlashFXP [2008-07-22 19:10:03 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\Gadu-Gadu [2009-03-10 19:13:20 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\id Software [2008-07-14 09:20:29 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\IrfanView [2008-07-15 00:43:58 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\Notepad++ [2009-02-13 13:45:55 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\Nowe Gadu-Gadu [2009-09-14 19:25:01 | 00,000,000 | ---D | M] -- H:\Documents and Settings\z3\Dane aplikacji\uTorrent [2009-09-09 19:54:34 | 00,000,472 | ---- | M] () -- H:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2001-07-21 23:17:50 | 00,000,065 | RH-- | M] () -- H:\WINDOWS\Tasks\desktop.ini [2009-09-13 00:14:00 | 00,001,068 | ---- | M] () -- H:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-562591055-682003330-1003Core.job [2009-09-14 19:14:00 | 00,001,120 | ---- | M] () -- H:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-562591055-682003330-1003UA.job [2009-09-14 17:13:03 | 00,000,006 | -H-- | M] () -- H:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> H:\Documents and Settings\All Users\Dane aplikacji\TEMP:1AAB2E68 < End of report > Extras.txt: Log do sprawdzenia OTL Extras logfile created on: 2009-09-14 19:32:44 - Run 1 OTL by OldTimer - Version 3.0.11.0 Folder = H:\Documents and Settings\z3\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,48 Mb Total Physical Memory | 290,53 Mb Available Physical Memory | 37,85% Memory free 1,83 Gb Paging File | 1,49 Gb Available in Paging File | 81,42% Paging File free Paging file location(s): H:\pagefile.sys 2 1024 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files Drive C: | 8,56 Gb Total Space | 1,98 Gb Free Space | 23,12% Space Free | Partition Type: NTFS Drive D: | 74,52 Gb Total Space | 2,60 Gb Free Space | 3,48% Space Free | Partition Type: NTFS Drive E: | 29,30 Gb Total Space | 3,35 Gb Free Space | 11,43% Space Free | Partition Type: NTFS Drive F: | 17,02 Gb Total Space | 9,59 Gb Free Space | 56,37% Space Free | Partition Type: FAT32 Drive G: | 9,74 Gb Total Space | 0,15 Gb Free Space | 1,56% Space Free | Partition Type: FAT32 Drive H: | 7,38 Gb Total Space | 1,47 Gb Free Space | 19,92% Space Free | Partition Type: NTFS Drive I: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: Z3 Current User Name: z3 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- H:\WINDOWS\hh.exe (Microsoft Corporation) .html [@ = htmlfile] -- H:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\apps\firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "8461:TCP" = 8461:TCP:*:Enabled:GoD High Port "8462:TCP" = 8462:TCP:*:Enabled:GoD Low Port "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\AS\rapimgr.exe" = C:\AS\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\AS\wcescomm.exe" = C:\AS\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\AS\WCESMgr.exe" = C:\AS\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "H:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = H:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\apps\wamp server\bin\apache\apache2.2.8\bin\httpd.exe" = C:\apps\wamp server\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\apps\packet tracer 5.0\bin\PacketTracer5.exe" = C:\apps\packet tracer 5.0\bin\PacketTracer5.exe:*:Enabled:PacketTracer5 -- () "C:\apps\gg\gg.exe" = C:\apps\gg\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\apps\utorrent\uTorrent.exe" = C:\apps\utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\apps\firefox\firefox.exe" = C:\apps\firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe" = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe:*:Enabled:VPN Client -- (Cisco Systems, Inc.) "C:\Program Files\GNS\Dynamips\dynamips-wxp.exe" = C:\Program Files\GNS\Dynamips\dynamips-wxp.exe:*:Enabled:dynamips-wxp -- () "H:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe" = H:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe:*:Enabled:InstallShield ® Setup Engine -- (InstallShield Software Corporation) "H:\Program Files\Skype\Phone\Skype.exe" = H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\AS\rapimgr.exe" = C:\AS\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\AS\wcescomm.exe" = C:\AS\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\AS\WCESMgr.exe" = C:\AS\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{068B65E6-8960-4FAD-B143-126D86F228EE}" = Cisco SDM "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{12F69331-DCBB-46D5-B475-6BFD0F9048B3}" = Boson Exam Environment "{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13 "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3BC1AB78-2D98-4906-84B5-4230B5420DCC}" = Offline Course Player "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3 "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client "{61ADCC33-E631-4B53-8C64-0CBF0D683DD6}" = Ciscopedia v3.0 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7AE80E7B-3681-45A7-8F82-507590D92978}" = Microsoft Content Management Server Bootstrap "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0054-0415-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DA4493A-480C-4554-A02C-4B542D33A1D9}" = ManageEngine NetFlow Analyzer 7.5 "{A014D982-EAE5-4654-9D1B-4782C5868E9A}" = Microsoft Content Management Server SP1a "{A05BE20E-6510-44BC-95ED-6E6D730407D3}" = Vplayer "{A1938413-B21A-4D75-B76B-CF5E83F67E1D}" = MeasureUp Practice Tests "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3 "{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0 "{B383E23F-F8DE-4B61-A9FB-C82E313DAD0D}" = Instant Demo "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B7C076CA-126E-497C-8724-B589F54031AF}" = HDD Regenerator "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{CEB981CC-8624-4385-9D5A-1382952196BE}" = MeasureUp Practice Tests "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D82AF0E4-87DA-4BE0-BB1D-5E5263A40D73}" = MeasureUp Practice Tests "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E0649555-ACA7-4E2D-9490-0AEB158693EF}" = Visual CertExam Suite 1.9 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "AC3Filter" = AC3Filter (remove only) "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "ATI Display Driver" = ATI Display Driver (Omega 3.8.442) "CCleaner" = CCleaner (remove only) "Cisco TFTP Server v1.1" = Cisco TFTP Server v1.1 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "ENTERPRISE" = Microsoft Office Enterprise 2007 "ffdshow_is1" = ffdshow [rev 918] [2007-02-12] "FLV Player" = FLV Player 2.0 (build 25) "Gadu-Gadu" = Gadu-Gadu 7.7 "GNS3" = GNS3 0.6 "HijackThis" = HijackThis 2.0.2 "hp deskjet 3320 series" = hp deskjet 3320 series (Remove only) "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 "InstallShield_{A1938413-B21A-4D75-B76B-CF5E83F67E1D}" = MeasureUp Practice Tests "InstallShield_{CEB981CC-8624-4385-9D5A-1382952196BE}" = MeasureUp Practice Tests "InstallShield_{D82AF0E4-87DA-4BE0-BB1D-5E5263A40D73}" = MeasureUp Practice Tests "IrfanView" = IrfanView (remove only) "Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265) "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft Content Management Server SP1a" = Microsoft Content Management Server SP1a "Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6) "MultiRes (remove only)" = MultiRes (remove only) "Netspace Challenge" = Netspace Challenge 1.5 "Notepad++" = Notepad++ "Packet Tracer 5.2_is1" = Packet Tracer 5.2 "RealPlayer 6.0" = RealPlayer "save2pc Light_is1" = save2pc Light 3.41 "save2pc Pro_is1" = save2pc Pro 3.41 "Transcender Test Engine" = Transcender Test Engine "Transcender: Exam Cert-70-271 " = Transcender: Exam Cert-70-271 "Transcender: Exam Cert-70-272 " = Transcender: Exam Cert-70-272 "VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program "VISPRO" = Microsoft Office Visio Professional 2007 "Visual CertExam Suite_is1" = Visual CertExam Suite 1.9 "VLC media player" = VideoLAN VLC media player 0.8.6i "WampServer 2_is1" = WampServer 2.0 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4 "WinPcapInst" = WinPcap 4.0.2 "WinRAR archiver" = Archiwizator WinRAR "WinUAE" = WinUAE 1.5.3 "Wireshark" = Wireshark 1.0.5 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1844237615-562591055-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2009-09-13 07:52:09 | Computer Name = Z3 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2009-09-13 08:26:47 | Computer Name = Z3 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2009-09-13 12:37:08 | Computer Name = Z3 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2009-09-13 15:37:08 | Computer Name = Z3 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2009-09-13 17:39:51 | Computer Name = Z3 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2009-09-13 17:46:44 | Computer Name = Z3 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł powodujący błąd shgina.dll, wersja 6.0.2900.2180, adres błędu 0x00007b0c. Error - 2009-09-13 18:32:46 | Computer Name = Z3 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2009-09-14 02:18:53 | Computer Name = Z3 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2009-09-14 07:26:12 | Computer Name = Z3 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2009-09-14 11:13:20 | Computer Name = Z3 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. [ OSession Events ] Error - 2009-04-14 18:04:45 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 314 seconds with 0 seconds of active time. This session ended with a crash. Error - 2009-05-04 15:33:08 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 303 seconds with 240 seconds of active time. This session ended with a crash. Error - 2009-05-07 05:38:30 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1340 seconds with 420 seconds of active time. This session ended with a crash. Error - 2009-05-07 05:38:41 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 2009-05-07 05:44:16 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 333 seconds with 0 seconds of active time. This session ended with a crash. Error - 2009-05-07 05:44:53 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error - 2009-05-07 05:49:28 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 272 seconds with 240 seconds of active time. This session ended with a crash. Error - 2009-05-07 06:04:01 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 870 seconds with 300 seconds of active time. This session ended with a crash. Error - 2009-05-07 09:18:31 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1670 seconds with 480 seconds of active time. This session ended with a crash. Error - 2009-05-07 09:47:44 | Computer Name = Z3 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1749 seconds with 780 seconds of active time. This session ended with a crash. [ System Events ] Error - 2009-09-13 08:02:07 | Computer Name = Z3 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 2009-09-13 08:05:14 | Computer Name = Z3 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 2009-09-13 08:06:37 | Computer Name = Z3 | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą PEVSystemStart. Error - 2009-09-13 08:51:51 | Computer Name = Z3 | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą PEVSystemStart. Error - 2009-09-13 16:58:53 | Computer Name = Z3 | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą PEVSystemStart. Error - 2009-09-13 17:03:58 | Computer Name = Z3 | Source = Service Control Manager | ID = 7031 Description = Usługa Lavasoft Ad-Aware Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2009-09-13 17:03:58 | Computer Name = Z3 | Source = Service Control Manager | ID = 7034 Description = Usługa Cisco Systems, Inc. VPN Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2009-09-13 17:10:42 | Computer Name = Z3 | Source = Service Control Manager | ID = 7031 Description = Usługa Lavasoft Ad-Aware Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2009-09-13 17:12:52 | Computer Name = Z3 | Source = Service Control Manager | ID = 7034 Description = Usługa Usługa SNMP niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2009-09-13 17:48:09 | Computer Name = Z3 | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą PEVSystemStart. < End of report > Gmer: Log do sprawdzenia GMER 1.0.15.15077 [her.com] - http://www.gmer.net Rootkit quick scan 2009-09-14 19:29:41 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT spko.sys ZwEnumerateKey [0xF742CCA4] SSDT spko.sys ZwEnumerateValueKey [0xF742D032] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 82FDA1F8 Device \FileSystem\Fastfat \Fat 82DFE1F8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- DDS Attach.txt: Log do sprawdzenia UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2008-07-14 01:21:24 System Uptime: 2009-09-14 17:12:19 (2 hours ago) Motherboard: MSI | | MS-6380E Processor: AMD Athlon XP 2000+ | Socket-A | 1666/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 9 GiB total, 1,98 GiB free. D: is FIXED (NTFS) - 75 GiB total, 2,597 GiB free. E: is FIXED (NTFS) - 29 GiB total, 3,348 GiB free. F: is FIXED (FAT32) - 17 GiB total, 9,594 GiB free. G: is FIXED (FAT32) - 10 GiB total, 0,152 GiB free. H: is FIXED (NTFS) - 7 GiB total, 1,484 GiB free. I: is CDROM (CDFS) J: is CDROM () K: is CDROM () L: is CDROM () M: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&38 Manufacturer: Realtek Name: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&38 Service: rtl8139 Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0002 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0002 Service: CVirtA Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: Microsoft Kernel DLS Synthesizer Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC Manufacturer: Microsoft Name: Microsoft Kernel DLS Synthesizer PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC Service: DMusic ==== System Restore Points =================== RP501: 2009-09-11 13:58:13 - Punkt kontrolny systemu RP502: 2009-09-12 15:23:19 - Punkt kontrolny systemu RP503: 2009-09-13 21:52:02 - Punkt kontrolny systemu ==== Installed Programs ====================== AC3Filter (remove only) Acrobat.com Ad-Aware Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 9.1.3 Adobe Setup Adobe Shockwave Player 11 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Apple Mobile Device Support Apple Software Update Archiwizator WinRAR ATI Display Driver (Omega 3.8.442) µTorrent BlueSoleil Boson Exam Environment CCleaner (remove only) Cisco SDM Cisco TFTP Server v1.1 Ciscopedia v3.0 ffdshow [rev 918] [2007-02-12] FLV Player 2.0 (build 25) Gadu-Gadu 7.7 GNS3 0.6 Google Chrome HDD Regenerator Heroes of Might and Magic V HijackThis 2.0.2 Hotfix for Windows XP (KB954550-v5) hp deskjet 3320 series (Remove only) Instant Demo IrfanView (remove only) iTunes J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.2_19 Java 6 Update 13 Magic ISO Maker v5.5 (build 0265) Magic ISO Maker v5.5 (build 0276) Malwarebytes' Anti-Malware ManageEngine NetFlow Analyzer 7.5 MeasureUp Practice Tests Microsoft .NET Compact Framework 3.5 Microsoft .NET Framework 1.1 Microsoft ActiveSync 4.0 Microsoft Content Management Server Bootstrap Microsoft Content Management Server SP1a Microsoft Game Studios Common Redistributables Pack 1 Microsoft Office Access MUI (Polish) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Polish) 2007 Microsoft Office Groove MUI (Polish) 2007 Microsoft Office InfoPath MUI (Polish) 2007 Microsoft Office OneNote MUI (Polish) 2007 Microsoft Office Outlook MUI (Polish) 2007 Microsoft Office PowerPoint MUI (Polish) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Polish) 2007 Microsoft Office Proofing (Polish) 2007 Microsoft Office Publisher MUI (Polish) 2007 Microsoft Office Shared MUI (Polish) 2007 Microsoft Office Visio MUI (Polish) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (Polish) 2007 Microsoft Software Update for Web Folders (Polish) 12 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft XML Parser Mozilla Firefox (3.0.6) MSXML 6.0 Parser (KB933579) MultiRes (remove only) Netspace Challenge 1.5 Notepad++ Offline Course Player Packet Tracer 5.2 PartitionMagic PDF Settings PDFCreator PL-2303 USB-to-Serial PowerQuest PartitionMagic 8.0 QuickTime RealPlayer save2pc Light 3.41 save2pc Pro 3.41 Skype™ 4.0 Sony Ericsson PC Suite Spybot - Search & Destroy Transcender Test Engine Transcender: Exam Cert-70-271 Transcender: Exam Cert-70-272 VIA Audio Driver Setup Program VideoLAN VLC media player 0.8.6i Visual CertExam Suite 1.9 VMware Workstation Vplayer VPN Client WampServer 2.0 WebFldrs XP Winamp Windows Media Format Runtime WinHTTrack Website Copier 3.43-4 WinPcap 4.0.2 WinUAE 1.5.3 Wireshark 1.0.5 XML Paper Specification Shared Components Pack 1.0 ==== Event Viewer Messages From Past Week ======== 2009-09-13 23:22:05, informacje: Windows File Protection [64002] - Podjęto próbę zamiany chronionego pliku systemowego h:\windows\slrundll.exe. Dla zachowania stabilności systemu została przywrócona wersja oryginalna pliku. Wersja złego pliku: 3.80.1.0. 2009-09-13 14:43:51, informacje: Windows File Protection [64002] - Podjęto próbę zamiany chronionego pliku systemowego h:\windows\slrundll.exe. Dla zachowania stabilności systemu została przywrócona wersja oryginalna pliku. Wersja złego pliku: 3.80.1.0. ==== End Of File =========================== DDS.txt: Log do sprawdzenia DDS (Ver_09-07-30.01) - NTFSx86 Run by z3 at 19:46:13,17 on 2009-09-14 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.767.313 [GMT 2:00] ============== Running Processes =============== H:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe H:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\system32\spoolsv.exe c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe H:\WINDOWS\System32\snmp.exe C:\apps\gg\gg.exe H:\WINDOWS\System32\wbem\wmiapsrv.exe C:\apps\firefox\firefox.exe H:\Documents and Settings\z3\Moje dokumenty\Pobieranie\dds.pif ============== Pseudo HJT Report =============== EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Gadu-Gadu] "c:\apps\gg\gg.exe" /tray DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java Notify: AtiExtEvent - Ati2evxx.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - h:\progra~1\micros~2\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - h:\docume~1\z3\daneap~1\mozilla\firefox\profiles\i5ibg8im.default\ FF - plugin: c:\apps\firefox\plugins\NPOlp32.dll FF - plugin: c:\apps\quicktime\plugins\npqtplugin.dll FF - plugin: c:\apps\quicktime\plugins\npqtplugin2.dll FF - plugin: c:\apps\quicktime\plugins\npqtplugin3.dll FF - plugin: c:\apps\quicktime\plugins\npqtplugin4.dll FF - plugin: c:\apps\quicktime\plugins\npqtplugin5.dll FF - plugin: c:\apps\quicktime\plugins\npqtplugin6.dll FF - plugin: c:\apps\quicktime\plugins\npqtplugin7.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll FF - plugin: h:\documents and settings\z3\ustawienia lokalne\dane aplikacji\google\update\1.2.183.7\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\apps\firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\apps\firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\apps\firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\apps\firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\apps\firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\apps\firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\apps\firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\apps\firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\apps\firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\apps\firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\apps\firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\apps\firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\apps\firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\apps\firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\apps\firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\apps\firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\apps\firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\apps\firefox\greprefs\all.js - pref("geo.enabled", true); c:\apps\firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\apps\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\apps\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\apps\firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\apps\firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\apps\firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\apps\firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\apps\firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\apps\firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\apps\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\apps\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\apps\firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;h:\windows\system32\drivers\Lbd.sys [2009-5-20 64160] R1 atitray;atitray;h:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2008-7-14 17952] R1 vcdrom;Virtual CD-ROM Device Driver;c:\apps\virtualcd\VCdRom.sys [2001-12-19 8576] R2 vmci;VMware vmci;h:\windows\system32\drivers\vmci.sys [2008-10-28 54960] S3 NPF;NetGroup Packet Filter Driver;h:\windows\system32\drivers\npf.sys [2007-11-6 34064] S3 vsdatant;vsdatant;h:\windows\system32\vsdatant.sys [2009-4-5 280344] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456] S4 netflowanalyzer;ManageEngine NetFlow Analyzer 7;c:\advent~1\me\netflow\bin\wrapper.exe -s c:\advent~1\me\netflow\bin\\..\server\default\conf\wrapper.conf --> c:\advent~1\me\netflow\bin\wrapper.exe -s c:\advent~1\me\netflow\bin\\..\server\default\conf\wrapper.conf [?] S4 UGTEWQ;UGTEWQ;h:\docume~1\z3\ustawi~1\temp\ugtewq.exe --> h:\docume~1\z3\ustawi~1\temp\UGTEWQ.exe [?] ============== File Associations =============== scrfile="%1" %* =============== Created Last 30 ================ 2009-09-13 23:47 229,888 ac------ h:\windows\PEV.exe 2009-09-13 23:47 395,776 ac------ h:\windows\system32\CF10037.exe 2009-09-13 23:47 <DIR> -cds---- H:\ble 2009-09-13 23:39 <DIR> -cd----- h:\windows\Internet Logs 2009-09-13 22:58 395,776 ac------ h:\windows\system32\CF25845.exe 2009-09-13 14:51 395,776 ac------ h:\windows\system32\CF23236.exe 2009-09-10 11:28 0 ac------ h:\windows\system32\YUJOY 2009-09-10 11:27 7,680 ac------ h:\windows\system32\drivers\RKL2A.tmp.sys 2009-09-10 01:05 <DIR> -cd----- h:\docume~1\z3\daneap~1\Malwarebytes 2009-09-10 01:05 38,224 ac------ h:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 01:05 19,160 ac------ h:\windows\system32\drivers\mbam.sys 2009-09-10 00:07 21,596 ac------ h:\windows\system32\AAWService_2009_09_10_00_07_03.dmp 2009-09-09 23:59 <DIR> -cd----- h:\program files\Visual CertExam Suite 2009-09-07 08:21 <DIR> -cd----- h:\program files\DAEMON Tools Toolbar 2009-08-31 23:18 <DIR> -cd----- h:\program files\Transcender ==================== Find3M ==================== 2009-09-12 06:25 459,078 a------- h:\windows\system32\perfh015.dat 2009-09-12 06:25 78,374 a------- h:\windows\system32\perfc015.dat 2009-09-07 01:42 721,904 a------- h:\windows\system32\drivers\sptd.sys 2009-06-22 16:55 55,892 ac--h--- h:\windows\system32\mlfcache.dat 2009-03-10 19:12 22,328 ac------ h:\docume~1\z3\daneap~1\PnkBstrK.sys ============= FINISH: 19:46:42,75 =============== Widzę te błędy, lecz nie mam pewności jak stworzyć skrypt, więc piszę do was, koledzy.
MarekM25 komentarz 15 września 2009 komentarz 15 września 2009 Jak widzisz to powiedz, gdzie;) Zobacz czy combofix zadziała w awaryjnym.
raz3 komentarz 17 września 2009 Autor komentarz 17 września 2009 Combofix w żadnym trybie nie działa. Wszędzie zawiesza się na etapie 50.
MarekM25 komentarz 18 września 2009 komentarz 18 września 2009 Pobierz najnowszą wersję i spróbuj zmienić nazwę. W jakiej lokalizacji jest wykrywany rootkit??
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.