x-kom hosting

Problemy z wirusami - logi do sprawdzenia

Makaveli_ns
utworzono
utworzono (edytowane)

Witam, dzisiaj pojawil mi sie problem, antywir wykryl kilka spy i wirusow, wlaczyl sie rowniez dziwny "antywir chyba MS cos tam maleware czy cos ala to Doctor"


Logi OTL.txt:

[log]OTL logfile created on: 2010-07-27 23:27:32 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Admin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,07 Gb Total Space | 85,07 Gb Free Space | 87,63% Space Free | Partition Type: NTFS
Drive D: | 201,01 Gb Total Space | 133,96 Gb Free Space | 66,64% Space Free | Partition Type: NTFS
Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS
Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color="#e56717"]========== Processes (All) ==========[/color]

PRC - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
PRC - [2010-07-27 21:44:13 | 000,189,440 | ---- | M] (Electronic Arts, Inc.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\Idj.exe
PRC - [2010-07-27 21:44:10 | 000,194,560 | ---- | M] (Electronic Arts, Inc.) -- C:\WINDOWS\Iwepya.exe
PRC - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2010-02-18 13:33:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2010-01-11 20:03:00 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-12-02 15:26:07 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2009-10-16 18:45:00 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2009-10-16 18:45:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2009-10-16 18:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2009-08-28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-08-06 20:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009-03-05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-12-12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007-04-06 12:42:26 | 000,073,728 | ---- | M] (Philips) -- C:\WINDOWS\VPro520.exe
PRC - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


[color="#e56717"]========== Modules (All) ==========[/color]

MOD - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
MOD - [2010-01-11 20:03:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-10-16 18:45:00 | 008,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2009-10-16 18:45:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009-10-16 18:45:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2009-10-16 18:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-10-16 18:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2009-10-16 18:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2009-10-16 18:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-10-16 18:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-10-16 18:45:00 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-10-16 18:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2009-10-16 18:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2009-10-16 18:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2009-10-16 18:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2009-10-16 18:45:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2009-10-16 18:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2009-10-16 18:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2009-10-16 18:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2009-10-16 18:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2009-10-16 18:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2009-10-16 18:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2009-10-16 18:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2009-10-16 18:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2009-10-16 18:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2009-10-16 18:45:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-07-27 21:44:05 | 000,241,664 | ---- | M] (ApexDC++ Development Team) [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006-11-06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005-07-08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- (StarWindService)


[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010-04-14 13:23:36 | 000,116,968 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010-04-03 23:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010-02-05 10:51:44 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-02-05 10:39:06 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-01-21 18:08:28 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-01-11 20:03:00 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2010-01-02 17:31:18 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-01-02 17:31:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-10-16 18:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5)
DRV - [2009-10-16 18:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2009-10-16 18:45:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009-10-16 18:45:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009-10-16 18:45:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2009-10-16 18:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132)
DRV - [2009-10-16 18:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124)
DRV - [2009-10-16 18:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2009-07-31 07:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-04-13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2007-04-09 13:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007-03-27 21:27:56 | 000,007,680 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520m.sys -- (SPC520m)
DRV - [2007-03-27 21:27:50 | 000,085,504 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520.sys -- (SPC520)
DRV - [2006-11-02 07:55:17 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006-09-24 14:28:47 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006-05-16 12:25:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-05-16 12:25:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-05-10 11:33:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-05-02 10:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006-03-17 11:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005-07-08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-07-08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#e56717"]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url]
IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.onet.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-26 11:31:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-26 11:31:54 | 000,000,000 | ---D | M]

[2010-01-02 18:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions
[2010-07-27 00:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions
[2010-05-20 09:09:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010-01-11 22:48:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-02-05 10:53:49 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\searchplugins\daemon-search.xml
[2010-07-27 00:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-07-10 17:55:57 | 000,411,898 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14235 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VPro520.lnk = C:\WINDOWS\VPro520.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [url="http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab"]http://www.nvidia.co...sreqlab_nvd.cab[/url] (System Requirements Lab Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.p...kanerOnline.cab[/url] (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Admin\Dane aplikacji\ohydy.exe) - C:\Documents and Settings\Admin\Dane aplikacji\ohydy.exe File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{571e1ce5-fea5-11de-8a0b-0018f3f0144b}\Shell - "" = AutoRun
O33 - MountPoints2\{571e1ce5-fea5-11de-8a0b-0018f3f0144b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (ApexDC++ Development Team)

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "InCDsrv"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "Adobe LM Service"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-07-27 22:29:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
[2010-07-27 21:44:17 | 000,194,560 | ---- | C] (Electronic Arts, Inc.) -- C:\WINDOWS\Iwepya.exe
[2010-07-27 21:44:05 | 000,241,664 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\System32\sshnas21.dll
[2010-07-27 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E
[2010-07-25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010-07-23 11:20:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-07-10 15:01:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com
[2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2010-07-07 23:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2010-07-07 23:32:12 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010-07-07 23:32:12 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2010-07-07 23:32:12 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx
[2010-07-07 23:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AOL
[2010-07-05 12:13:52 | 000,070,656 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010-06-29 11:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\D2NT_3.1
[2010-06-06 01:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie
[2010-06-04 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Jufsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color="#e56717"]========== Files - Modified Within 60 Days ==========[/color]

[2010-07-27 23:30:34 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\sdzkl.sys
[2010-07-27 23:24:58 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010-07-27 23:24:09 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-07-27 23:23:57 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-07-27 23:23:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-27 23:23:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-27 23:22:57 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010-07-27 22:29:46 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe
[2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
[2010-07-27 21:44:10 | 000,194,560 | ---- | M] (Electronic Arts, Inc.) -- C:\WINDOWS\Iwepya.exe
[2010-07-27 21:44:05 | 000,241,664 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\System32\sshnas21.dll
[2010-07-27 21:43:48 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010-07-27 03:42:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-27 01:29:57 | 002,111,874 | -H-- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-07-26 12:19:51 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-07-23 23:03:10 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-20 14:34:37 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif
[2010-07-20 14:34:32 | 000,009,532 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif
[2010-07-19 16:58:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-19 02:25:26 | 000,001,432 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010-07-16 19:10:34 | 004,871,301 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq
[2010-07-16 10:49:42 | 000,656,902 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg
[2010-07-15 13:23:36 | 000,037,795 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2010-07-14 18:59:50 | 000,057,141 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg
[2010-07-10 17:55:57 | 000,411,898 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-07-10 17:12:54 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010-07-10 15:01:25 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 8.lnk
[2010-07-08 01:13:33 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-08 01:13:06 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010-07-07 23:30:21 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010-07-07 23:30:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\atid.ini
[2010-07-07 00:01:45 | 000,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-07-05 23:46:39 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100710-175557.backup
[2010-07-05 23:45:58 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234639.backup
[2010-07-05 23:44:52 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234558.backup
[2010-07-05 20:51:35 | 001,610,084 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg
[2010-07-05 20:51:27 | 001,646,247 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg
[2010-07-05 20:51:18 | 000,910,385 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG
[2010-07-05 20:51:07 | 000,774,332 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG
[2010-07-05 20:50:57 | 000,931,344 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG
[2010-07-05 12:16:30 | 000,034,245 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010-07-05 12:16:05 | 000,070,656 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010-07-05 12:16:05 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010-07-05 11:44:03 | 000,000,765 | ---- | M] () -- C:\WINDOWS\COD.INI
[2010-07-05 10:35:03 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Gadu-Gadu.lnk
[2010-07-01 22:25:51 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk
[2010-06-29 11:13:21 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Admin\Pulpit\D2NT.rar.sha
[2010-06-23 21:09:47 | 000,177,413 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg
[2010-06-18 12:59:32 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Ventrilo.lnk
[2010-06-17 14:15:28 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234452.backup
[2010-06-17 14:13:44 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141528.backup
[2010-06-17 12:09:11 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141344.backup
[2010-06-14 20:16:08 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Admin\Pulpit\arek.rar.sha
[2010-06-14 19:24:34 | 000,063,984 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-06-11 08:22:45 | 000,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-10 18:21:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-10 17:52:22 | 000,495,825 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg
[2010-06-03 18:47:21 | 000,395,202 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-120911.backup
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2010-07-27 22:29:43 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe
[2010-07-27 21:44:27 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010-07-27 21:44:12 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-07-27 21:43:46 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010-07-27 21:43:12 | 000,766,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdzkl.sys
[2010-07-25 23:44:48 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-07-20 14:34:36 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif
[2010-07-20 14:34:31 | 000,009,532 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif
[2010-07-16 19:10:31 | 004,871,301 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq
[2010-07-16 10:49:40 | 000,656,902 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg
[2010-07-14 18:59:49 | 000,057,141 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg
[2010-07-08 01:13:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010-07-07 23:30:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2010-07-05 20:51:34 | 001,610,084 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg
[2010-07-05 20:51:26 | 001,646,247 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg
[2010-07-05 20:51:18 | 000,910,385 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG
[2010-07-05 20:51:06 | 000,774,332 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG
[2010-07-05 20:50:57 | 000,931,344 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG
[2010-07-05 12:13:53 | 000,034,245 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010-07-05 12:13:52 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010-07-05 11:44:03 | 000,000,765 | ---- | C] () -- C:\WINDOWS\COD.INI
[2010-06-29 12:52:31 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk
[2010-06-29 11:13:21 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Admin\Pulpit\D2NT.rar.sha
[2010-06-23 21:09:47 | 000,177,413 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg
[2010-06-14 20:16:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Admin\Pulpit\arek.rar.sha
[2010-06-10 17:52:19 | 000,495,825 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg
[2010-04-20 21:29:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-04-15 21:45:20 | 000,001,432 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010-02-18 01:32:48 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010-01-21 18:08:28 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010-01-21 18:08:28 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010-01-11 19:46:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2010-01-11 19:46:39 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2010-01-11 01:51:56 | 000,001,130 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2010-01-05 18:11:43 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-01-05 01:19:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\D2NT.dll
[2010-01-03 23:33:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-02 20:03:07 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010-01-02 20:03:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010-01-02 20:03:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010-01-02 18:28:19 | 000,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll
[2010-01-02 17:25:21 | 000,000,259 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010-01-02 15:58:10 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-01-02 15:29:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010-01-02 15:29:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2010-01-02 15:29:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010-01-02 15:29:02 | 000,024,978 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-01-02 15:28:47 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005-12-07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[color="#e56717"]========== LOP Check ==========[/color]

[2010-07-27 21:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E
[2010-02-05 10:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools
[2010-03-14 20:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\FreeCall
[2010-01-02 16:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
[2010-05-04 17:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10
[2010-05-22 01:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\maxup
[2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nokia
[2010-01-02 19:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Notepad++
[2010-05-04 17:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu
[2010-01-02 16:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\PC Suite
[2010-05-04 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Qrix
[2010-01-21 16:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TS3Client
[2010-07-23 11:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
[2010-06-08 13:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Firefly Studios
[2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-07-07 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2010-02-09 02:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-01-21 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\AutoUpdate
[2010-01-09 17:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Gadu-Gadu
[2010-03-22 13:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Kamerzysta
[2010-07-27 23:24:58 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010-07-27 23:24:09 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[color="#e56717"]========== Purity Check ==========[/color]



[color="#e56717"]========== Custom Scans ==========[/color]


[color="#a23bec"]< %systemdrive%\*.* >[/color]
[2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-01-18 01:52:18 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2009-10-16 18:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-05-05 17:24:24 | 000,000,178 | -H-- | M] () -- C:\GG8+.url
[2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-05-05 16:46:16 | 000,000,175 | -H-- | M] () -- C:\legalne.url
[2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-10-16 18:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-10-16 18:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-07-27 23:23:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-05-06 11:20:10 | 000,000,185 | -H-- | M] () -- C:\SGG.url
[2010-01-11 22:50:45 | 000,000,027 | ---- | M] () -- C:\sledzik.css.txt
[2009-05-05 17:24:16 | 000,000,178 | -H-- | M] () -- C:\Strona GG8+.url
[2010-07-27 21:43:48 | 000,000,150 | ---- | M] () -- C:\zrpt.xml


[color="#a23bec"]< MD5 for: AGP440.SYS >[/color]
[2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color="#a23bec"]< MD5 for: ATAPI.SYS >[/color]
[2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[color="#a23bec"]< MD5 for: BEEP.SYS >[/color]
[2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color="#a23bec"]< MD5 for: CDROM.SYS >[/color]
[2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009-10-16 18:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color]
[2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color="#a23bec"]< MD5 for: NDIS.SYS >[/color]
[2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]

oraz OTL Extras.txt:

[log]OTL Extras logfile created on: 2010-07-27 23:27:32 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Admin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,07 Gb Total Space | 85,07 Gb Free Space | 87,63% Space Free | Partition Type: NTFS
Drive D: | 201,01 Gb Total Space | 133,96 Gb Free Space | 66,64% Space Free | Partition Type: NTFS
Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS
Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color="#e56717"]========== Extra Registry (SafeList) ==========[/color]


[color="#e56717"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color="#e56717"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color="#e56717"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color="#e56717"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Call of Duty\CoDMP.exe" = E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Program Files\Anno 1701\Anno1701.exe" = E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH)
"E:\Program Files\Anno 1701\Anno1701AddOn.exe" = E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01 -- (Related Designs Software GmbH)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall -- (FreeCall)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe" = E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- File not found
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"E:\Program Files\Gadu-Gadu\gg.exe" = E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)


[color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B3A8956-FAF7-4DB7-897C-86926C5323D2}" = Philips VLounge
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC}" = Nokia PC Suite
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Add-On
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}" = Philips SPC520NC Webcam
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"2B0430566DEE7109F019A317398EA7F8DA53B293" = Pakiet sterowników systemu Windows - Philips (SPC520) Image (03/27/2007 1.00.2.6000)
"46D650DC11A19D8E1347F194E1244412C0FAFCF1" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BadCopy Pro" = BadCopy Pro
"Call of Duty" = Call of Duty
"CWK" = CWK (Czasowy Wyłącznik Komputera)
"Diablo II" = Diablo II
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00
"FLVPlayer" = FLV Player 1.3.3
"FreeCall_is1" = FreeCall
"Gadu-Gadu" = Gadu-Gadu 7.7
"InCD!UninstallKey" = InCD
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Kamerzysta" = Kamerzysta (deinstalacja)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Rzeźnik MPEGów 1.1.99_is1" = Rzeźnik MPEGów 1.1.99
"SkanerOnline" = Skaner on-line mks_vir
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SubEdit-Player_is1" = SubEdit-Player
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Winamp PL" = Winamp 5.33 PL
"WinRAR archiver" = Archiwizator WinRAR

[color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[color="#e56717"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-05-31 18:46:21 | Computer Name = PAWEL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-02 14:33:21 | Computer Name = PAWEL | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00011a79.

Error - 2010-06-02 14:33:34 | Computer Name = PAWEL | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010aeb.

Error - 2010-06-02 14:33:41 | Computer Name = PAWEL | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010aeb.

Error - 2010-06-02 15:06:20 | Computer Name = PAWEL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-07 16:38:42 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-08 14:45:09 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-11 15:39:36 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SkypeSetup.exe, wersja 4.2.0.169, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-22 15:53:51 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-22 16:09:49 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2010-07-25 07:57:32 | Computer Name = XXX | Source = Service Control Manager | ID = 7031
Description = Usługa Apple Mobile Device niespodziewanie zakończyła pracę. Wystąpiło
to razy: 2. W przeciągu 60000 milisekund zostanie podjęta następująca czynność
korekcyjna: Uruchom usługę ponownie.

Error - 2010-07-25 21:51:13 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego
błędu: %%2

Error - 2010-07-25 21:51:16 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531

Error - 2010-07-26 22:42:42 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego
błędu: %%2

Error - 2010-07-26 22:42:42 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531

Error - 2010-07-27 16:43:14 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Microsoft Kernel Acoustic Echo Canceller
z powodu następującego błędu: %%31

Error - 2010-07-27 16:45:36 | Computer Name = XXX | Source = Service Control Manager | ID = 7031
Description = Usługa Apple Mobile Device niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność
korekcyjna: Uruchom usługę ponownie.

Error - 2010-07-27 16:52:30 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie
jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem
klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA
SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń
można modyfikować przy użyciu narzędzia administracyjnego usług składowych.

Error - 2010-07-27 18:24:43 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego
błędu: %%2

Error - 2010-07-27 18:24:46 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531


< End of report >
[/log]

Oto logi z RSIT:

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-07-28 00:11:17
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 87 GB (88%) free of 99 GB
Total RAM: 3070 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:11:29, on 2010-07-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Iwepya.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Admin\USTAWI~1\Temp\Idj.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\VPro520.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Pulpit\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [5DR8ZAD8GX] C:\DOCUME~1\Admin\USTAWI~1\Temp\Idj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPro520.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - [url="http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab"]http://www.nvidia.co...sreqlab_nvd.cab[/url]
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.p...kanerOnline.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O19 - User stylesheet: C:\sledzik.css.txt
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

--
End of file - 8733 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-17 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2009-12-02 37376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SnoopFreeUI"=C:\WINDOWS\SnoopFreeUI.exe [2010-01-11 221184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-10-16 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2010-04-14 395496]
"5DR8ZAD8GX"=C:\DOCUME~1\Admin\USTAWI~1\Temp\Idj.exe [2010-07-27 189440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"LightScribeService"=2
"InCDsrv"=2
"Apple Mobile Device"=2
"Adobe LM Service"=3

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
VPro520.lnk - C:\WINDOWS\VPro520.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-10-16 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\Call of Duty\CoDMP.exe"="E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"E:\Program Files\Anno 1701\Anno1701.exe"="E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701"
"E:\Program Files\Anno 1701\Anno1701AddOn.exe"="E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe"="E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"E:\Program Files\Gadu-Gadu\gg.exe"="E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

======List of files/folders created in the last 3 months======

2010-07-28 00:08:21 ----D---- C:\rsit
2010-07-28 00:08:21 ----D---- C:\Program Files\trend micro
2010-07-27 21:44:17 ----A---- C:\WINDOWS\Iwepya.exe
2010-07-27 21:44:05 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-07-27 21:43:12 ----A---- C:\WINDOWS\system32\drivers\sdzkl.sys
2010-07-27 21:42:45 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E
2010-07-25 23:44:48 ----A---- C:\WINDOWS\system32\unrar.dll
2010-07-25 23:44:45 ----D---- C:\Program Files\K-Lite Codec Pack
2010-07-23 11:20:53 ----HD---- C:\WINDOWS\PIF
2010-07-15 01:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-10 15:01:11 ----SHD---- C:\Config.Msi
2010-07-08 01:13:06 ----A---- C:\WINDOWS\msoffice.ini
2010-07-07 23:32:56 ----D---- C:\WINDOWS\occache
2010-07-07 23:32:56 ----D---- C:\Program Files\Learn2.com
2010-07-07 23:32:50 ----D---- C:\Program Files\Viewpoint
2010-07-07 23:32:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
2010-07-07 23:32:48 ----A---- C:\WINDOWS\system32\shdocvw.bak
2010-07-07 23:32:47 ----D---- C:\Program Files\Common Files\Nullsoft
2010-07-07 23:32:12 ----A---- C:\WINDOWS\system32\roboex32.dll
2010-07-07 23:32:12 ----A---- C:\WINDOWS\system32\Inetwh32.dll
2010-07-07 23:31:50 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-07-07 23:31:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\AOL
2010-07-07 23:30:12 ----A---- C:\WINDOWS\atid.ini
2010-07-05 12:13:52 ----A---- C:\WINDOWS\ScUnin.pif
2010-07-05 12:13:52 ----A---- C:\WINDOWS\ScUnin.exe
2010-07-05 11:44:03 ----A---- C:\WINDOWS\COD.INI
2010-06-10 18:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 18:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 18:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 18:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 18:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 18:17:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-04 16:07:42 ----D---- C:\Program Files\Jufsoft
2010-05-26 12:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-22 01:50:19 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\maxup
2010-05-14 01:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-06 10:58:54 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-05-06 10:58:53 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-05-06 10:58:53 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-05-06 10:58:53 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-05-06 10:58:51 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-05-06 10:58:50 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-05-06 10:58:50 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-05-06 10:58:50 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-05-06 10:58:50 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-05-06 10:51:44 ----D---- C:\Program Files\SystemRequirementsLab
2010-05-04 17:16:27 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Qrix
2010-05-04 17:14:12 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10
2010-05-04 15:15:36 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu

======List of files/folders modified in the last 3 months======

2010-07-28 00:10:45 ----D---- C:\Program Files\Mozilla Firefox
2010-07-28 00:10:09 ----D---- C:\WINDOWS\Temp
2010-07-28 00:10:01 ----SD---- C:\WINDOWS\Tasks
2010-07-28 00:08:21 ----RD---- C:\Program Files
2010-07-27 23:24:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-27 23:22:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-27 21:44:18 ----D---- C:\WINDOWS\Prefetch
2010-07-27 21:44:17 ----D---- C:\WINDOWS
2010-07-27 21:44:05 ----D---- C:\WINDOWS\system32
2010-07-27 21:43:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-27 21:43:14 ----D---- C:\WINDOWS\system32\drivers
2010-07-26 12:20:09 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Skype
2010-07-26 12:20:04 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\skypePM
2010-07-24 13:55:57 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\U3
2010-07-23 11:27:10 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2010-07-22 17:06:04 ----D---- C:\Program Files\AC3Filter
2010-07-21 00:11:29 ----D---- C:\Program Files\SpeedFan
2010-07-19 20:32:24 ----HD---- C:\WINDOWS\inf
2010-07-19 16:58:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-19 02:25:26 ----A---- C:\WINDOWS\Sandboxie.ini
2010-07-16 21:48:59 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2010-07-16 21:46:26 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Adobe
2010-07-15 01:01:50 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-10 17:55:57 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-10 15:01:43 ----SHD---- C:\WINDOWS\Installer
2010-07-08 01:14:23 ----D---- C:\Program Files\Common Files
2010-07-08 01:13:33 ----A---- C:\WINDOWS\win.ini
2010-07-07 23:30:21 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla
2010-07-07 00:01:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-07-05 11:51:02 ----D---- C:\WINDOWS\system32\LogFiles
2010-07-02 20:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-16 23:18:02 ----D---- C:\WINDOWS\Minidump
2010-06-10 18:21:45 ----A---- C:\WINDOWS\imsins.BAK
2010-06-10 18:21:04 ----D---- C:\Program Files\Internet Explorer
2010-06-10 18:20:54 ----D---- C:\WINDOWS\ie8updates
2010-06-08 13:18:28 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Firefly Studios
2010-06-08 10:38:00 ----D---- C:\Program Files\uTorrent
2010-06-04 17:59:18 ----SD---- C:\Documents and Settings\Admin\Dane aplikacji\Microsoft
2010-05-14 01:29:05 ----D---- C:\Program Files\Outlook Express
2010-05-06 15:58:44 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-05-06 11:28:51 ----A---- C:\WINDOWS\system32\wininet.dll
2010-05-06 11:28:50 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-05-06 11:28:50 ----A---- C:\WINDOWS\system32\occache.dll
2010-05-06 11:28:50 ----A---- C:\WINDOWS\system32\mstime.dll
2010-05-06 11:28:49 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-05-06 11:28:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-05-06 11:28:46 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-05-06 11:28:45 ----A---- C:\WINDOWS\system32\jsproxy.dll
2010-05-06 11:28:44 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-05-06 11:28:43 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-05-06 11:28:38 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2010-05-06 11:00:16 ----D---- C:\WINDOWS\Help
2010-05-06 11:00:16 ----D---- C:\Program Files\NVIDIA Corporation
2010-05-06 10:59:28 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-06 10:51:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-05 14:56:34 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2010-05-04 16:53:59 ----D---- C:\Program Files\Gadu-Gadu
2010-05-04 15:16:30 ----D---- C:\WINDOWS\WinSxS
2010-05-02 15:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-05-02 14:24:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2009-10-16 164896]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 SnoopFree;SnoopFree Driver; C:\WINDOWS\System32\Drivers\SnopFree.sys [2010-01-11 9472]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-05 717296]
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-11-02 28672]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-02 28520]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2009-10-16 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-05 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-02 56816]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-21 18048]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2009-10-16 144384]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2009-10-16 10368]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-10-16 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-16 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-16 18944]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 SPC520;Philips SPC520NC PC Camera; C:\WINDOWS\system32\drivers\SPC520.sys [2007-03-27 85504]
R3 SPC520m;Philips SPC520NC PC Cameram; C:\WINDOWS\system32\drivers\SPC520m.sys [2007-03-27 7680]
R3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2009-10-16 100736]
S0 Si3112;Si3112; C:\WINDOWS\system32\drivers\Si3112.sys [2009-10-16 62336]
S0 Si3114r5;Si3114r5; C:\WINDOWS\system32\drivers\Si3114r5.sys [2009-10-16 195072]
S0 Si3124;Si3124; C:\WINDOWS\system32\drivers\Si3124.sys [2009-10-16 69248]
S0 Si3132;Si3132; C:\WINDOWS\system32\drivers\Si3132.sys [2009-10-16 74672]
S0 Si3132r5;Si3132r5; C:\WINDOWS\system32\drivers\Si3132r5.sys [2009-10-16 215856]
S0 Si3531;Si3531; C:\WINDOWS\system32\drivers\Si3531.sys [2009-10-16 212520]
S3 a5abfpfr;a5abfpfr; C:\WINDOWS\system32\drivers\a5abfpfr.sys []
S3 aqvtswm6;aqvtswm6; C:\WINDOWS\system32\drivers\aqvtswm6.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2009-07-31 341504]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-16 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-16 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-02 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-06-29 172032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-06-29 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-06-29 65599]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-18 66872]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2010-04-14 73960]
R2 SnoopFreeSvc;Snoop Free Service; C:\WINDOWS\System32\SnoopFreeSvc.exe [2010-01-11 90112]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2009-10-16 14336]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe [2005-04-02 217600]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-02 68096]
S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-16 14336]
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
S4 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

-----------------EOF-----------------
[/log]

Info RSIT

[log]info.txt logfile of random's system information tool 1.08 2010-07-28 00:08:37

======Uninstall list======

-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter 1.63b-->"C:\Program Files\AC3Filter\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.2.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Aktualizacja dla systemu Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Anno 1701 - Add-On-->"C:\Program Files\InstallShield Installation Information\{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}\Setup.exe" -runfromtemp -l0x0015 -removeonly
Anno 1701-->"C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\SETUP.EXE" -runfromtemp -l0x0015 -removeonly
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BadCopy Pro-->C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty-->E:\Program Files\CALLOF~1\Uninstall\Unwise.exe /u E:\Program Files\CALLOF~1\Uninstall\Install.log
Commandos 2: Men of Courage-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}\setup.exe"
CWK (Czasowy Wyłącznik Komputera)-->"C:\Program Files\Damian Pasternak\CWK\CWK.exe" /uninstall
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
FreeCall-->"C:\Program Files\FreeCall.com\FreeCall\unins000.exe"
Gadu-Gadu 7.7-->E:\Program Files\Call of Duty\Gadu-Gadu\Setup.exe
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Kamerzysta (deinstalacja)-->"C:\Program Files\Onet\Kamerzysta\odinstaluj.exe"
K-Lite Codec Pack 6.2.0 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NAPIPROJEKT 1.0.6.1-->"C:\Program Files\NAPI-PROJEKT\unins000.exe"
Need for Speed™ Most Wanted-->e:\Program Files\Need for Speed Most Wanted\EAUninstall.exe
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia PC Suite-->MsiExec.exe /I{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1DD56D2122DDFA3E4C3B165E3A5CFA613B48BDC7\amdk8.inf
Pakiet sterowników systemu Windows - Philips (SPC520) Image (03/27/2007 1.00.2.6000)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\spc520_2393375C41A81CBA8FE7B4BD848464BF36BCAC40\spc520.inf
PC Connectivity Solution-->MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
Philips SPC520NC Webcam-->C:\Program Files\InstallShield Installation Information\{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}\Setup.exe -runfromtemp -l0x0015 -removeonly
Philips VLounge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B3A8956-FAF7-4DB7-897C-86926C5323D2}\Setup.exe" -l0x9
Poprawka dla systemu Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Real Alternative 1.9.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
Rzeźnik MPEGów 1.1.99-->"C:\Program Files\MGrenda\Rzeznik\unins000.exe"
Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SnoopFree Privacy Shield-->SnoopFreeUI.exe /U
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x15 -removeonly
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Winamp 5.33 PL-->"C:\Program Files\Winamp\uninst-winamp_pl.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: PAWEL
Event Code: 17
Message: AVGNTFLT successfully loaded

Record Number: 13114
Source Name: avgntflt
Time Written: 20100603135258.000000+060
Event Type: informacje
User:

Computer Name: PAWEL
Event Code: 1002
Message: Adres IP połączenia 192.168.1.2 dla karty sieciowej o adresie 0018F3F0144B został
zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Record Number: 13113
Source Name: Dhcp
Time Written: 20100603135232.000000+060
Event Type: błąd
User:

Computer Name: PAWEL
Event Code: 6005
Message: Uruchomiono usługę Dziennik zdarzeń.

Record Number: 13112
Source Name: EventLog
Time Written: 20100603135229.000000+060
Event Type: informacje
User:

Computer Name: PAWEL
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Multiprocessor Free.

Record Number: 13111
Source Name: EventLog
Time Written: 20100603135229.000000+060
Event Type: informacje
User:

Computer Name: PAWEL
Event Code: 6006
Message: Zatrzymano usługę Dziennik zdarzeń.

Record Number: 13110
Source Name: EventLog
Time Written: 20100603122451.000000+060
Event Type: informacje
User:

=====Application event log=====

Computer Name: PAWEL
Event Code: 1000
Message: Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd msvcrt.dll, wersja 7.0.2600.5512, adres błędu 0x00037410.

Record Number: 187
Source Name: Application Error
Time Written: 20100106224847.000000+000
Event Type: błąd
User:

Computer Name: PAWEL
Event Code: 1000
Message: Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.22918, adres błędu 0x0008ddc2.

Record Number: 186
Source Name: Application Error
Time Written: 20100106214430.000000+000
Event Type: błąd
User:

Computer Name: PAWEL
Event Code: 1000
Message: Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00029265.

Record Number: 185
Source Name: Application Error
Time Written: 20100106214415.000000+000
Event Type: błąd
User:

Computer Name: PAWEL
Event Code: 4097
Message: Aplikacja C:\Program Files\Internet Explorer\IEXPLORE.EXE wygenerowała błąd aplikacji.
Błąd wystąpił na 01/06/2010 @ 21:43:56.281.
Wygenerowany wyjątek to c0000005 pod adresem 7C9375C4 (ntdll!RtlRemoveVectoredExceptionHandler).

Record Number: 184
Source Name: DrWatson
Time Written: 20100106214356.000000+000
Event Type: informacje
User:

Computer Name: PAWEL
Event Code: 1000
Message: Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x000375c4.

Record Number: 183
Source Name: Application Error
Time Written: 20100106214354.000000+000
Event Type: błąd
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
[/log]


Bardzo prosze o sprawdzenie logow

ktos pomoze?

Gość
komentarz
komentarz (edytowane)

[code][2010-07-27 23:30:34 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\sdzkl.sys [/code]

Masz rootkita.

Daj loga z Combofixa.

Sohei
komentarz
komentarz

Do tego nie jest potrzebny combofix. Używamy go tylko w przy bardzo ciężkich infekcjach!
Do autora wątku
wklej do OTL i kliknij run fix

[code]:Processes
Explorer.exe



:OTL
O33 - MountPoints2\{571e1ce5-fea5-11de-8a0b-0018f3f0144b}\Shell - "" = AutoRun
O33 - MountPoints2\{571e1ce5-fea5-11de-8a0b-0018f3f0144b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found'



:files
C:\WINDOWS\System32\drivers\sdzkl.sys
C:\WINDOWS\System32\sshnas21.dll
C:\zrpt.xml



:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url]
Wykonaj pełny skan[url=http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html][b]MBAM[/b][/url]
Co znajda usun po czym daj logi z usuwania + nowy log OTL + log z GMER

Makaveli_ns
komentarz
komentarz

OTL Extras:

[log]OTL Extras logfile created on: 2010-08-01 19:49:39 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Programy\Antywiry\Sprawdzanie logow
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,07 Gb Total Space | 85,19 Gb Free Space | 87,76% Space Free | Partition Type: NTFS
Drive D: | 201,01 Gb Total Space | 119,78 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS
Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,15% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Call of Duty\CoDMP.exe" = E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Program Files\Anno 1701\Anno1701.exe" = E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH)
"E:\Program Files\Anno 1701\Anno1701AddOn.exe" = E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01 -- (Related Designs Software GmbH)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall -- (FreeCall)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe" = E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- File not found
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"E:\Program Files\Gadu-Gadu\gg.exe" = E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B3A8956-FAF7-4DB7-897C-86926C5323D2}" = Philips VLounge
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC}" = Nokia PC Suite
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Add-On
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}" = Philips SPC520NC Webcam
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"2B0430566DEE7109F019A317398EA7F8DA53B293" = Pakiet sterowników systemu Windows - Philips (SPC520) Image (03/27/2007 1.00.2.6000)
"46D650DC11A19D8E1347F194E1244412C0FAFCF1" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BadCopy Pro" = BadCopy Pro
"Call of Duty" = Call of Duty
"CWK" = CWK (Czasowy Wyłącznik Komputera)
"Diablo II" = Diablo II
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00
"FLVPlayer" = FLV Player 1.3.3
"FreeCall_is1" = FreeCall
"Gadu-Gadu" = Gadu-Gadu 7.7
"InCD!UninstallKey" = InCD
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Kamerzysta" = Kamerzysta (deinstalacja)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Rzeźnik MPEGów 1.1.99_is1" = Rzeźnik MPEGów 1.1.99
"SkanerOnline" = Skaner on-line mks_vir
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SubEdit-Player_is1" = SubEdit-Player
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Winamp PL" = Winamp 5.33 PL
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-06-02 14:33:34 | Computer Name = PAWEL | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010aeb.

Error - 2010-06-02 14:33:41 | Computer Name = PAWEL | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010aeb.

Error - 2010-06-02 15:06:20 | Computer Name = PAWEL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-07 16:38:42 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-08 14:45:09 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-11 15:39:36 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SkypeSetup.exe, wersja 4.2.0.169, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-22 15:53:51 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-22 16:09:49 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-24 18:18:45 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-30 12:00:41 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca KissCloneHunter2.2.exe, wersja 2.2.0.0, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Usługa Sandboxie Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Usługa ForceWare Intelligent Application Manager (IAM) niespodziewanie
zakończyła pracę. Wystąpiło to razy: 1.

Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Usługa ForceWare IP service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Usługa ForceWare user log service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.

Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034
Description = Usługa StarWind iSCSI Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-08-01 07:06:00 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego
błędu: %%2

Error - 2010-08-01 07:06:02 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531

Error - 2010-08-01 08:08:03 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie
jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem
klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA
SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń
można modyfikować przy użyciu narzędzia administracyjnego usług składowych.

Error - 2010-08-01 09:11:44 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie
jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem
klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA
SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń
można modyfikować przy użyciu narzędzia administracyjnego usług składowych.

Error - 2010-08-01 11:07:58 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie
jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem
klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA
SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń
można modyfikować przy użyciu narzędzia administracyjnego usług składowych.


< End of report >
[/log]

OTL Log:

[log]OTL logfile created on: 2010-08-01 19:49:39 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Programy\Antywiry\Sprawdzanie logow
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,07 Gb Total Space | 85,19 Gb Free Space | 87,76% Space Free | Partition Type: NTFS
Drive D: | 201,01 Gb Total Space | 119,78 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS
Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,15% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Programy\Antywiry\Sprawdzanie logow\OTL.exe
PRC - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2010-02-18 13:33:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2010-01-11 20:03:00 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-12-02 15:26:07 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2009-10-16 18:45:00 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2009-10-16 18:45:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2009-10-16 18:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2009-08-28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-03-05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-12-12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007-04-06 12:42:26 | 000,073,728 | ---- | M] (Philips) -- C:\WINDOWS\VPro520.exe
PRC - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Programy\Antywiry\Sprawdzanie logow\OTL.exe
MOD - [2010-01-11 20:03:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-10-16 18:45:00 | 008,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2009-10-16 18:45:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009-10-16 18:45:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2009-10-16 18:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-10-16 18:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2009-10-16 18:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2009-10-16 18:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-10-16 18:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-10-16 18:45:00 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-10-16 18:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2009-10-16 18:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2009-10-16 18:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2009-10-16 18:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2009-10-16 18:45:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2009-10-16 18:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2009-10-16 18:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2009-10-16 18:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2009-10-16 18:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2009-10-16 18:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2009-10-16 18:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2009-10-16 18:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2009-10-16 18:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2009-10-16 18:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2009-10-16 18:45:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-10-16 18:45:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006-11-06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005-07-08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- (StarWindService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | Unknown | Running] -- -- (DwProt)
DRV - [2010-04-14 13:23:36 | 000,116,968 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010-04-03 23:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010-02-05 10:51:44 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-02-05 10:39:06 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-01-21 18:08:28 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-01-11 20:03:00 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2010-01-02 17:31:18 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-01-02 17:31:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-10-16 18:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5)
DRV - [2009-10-16 18:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2009-10-16 18:45:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009-10-16 18:45:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009-10-16 18:45:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2009-10-16 18:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132)
DRV - [2009-10-16 18:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124)
DRV - [2009-10-16 18:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2009-07-31 07:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-04-13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2007-04-09 13:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007-03-27 21:27:56 | 000,007,680 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520m.sys -- (SPC520m)
DRV - [2007-03-27 21:27:50 | 000,085,504 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520.sys -- (SPC520)
DRV - [2006-11-02 07:55:17 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006-09-24 14:28:47 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006-05-16 12:25:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-05-16 12:25:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-05-10 11:33:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-05-02 10:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006-03-17 11:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005-07-08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-07-08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.gazeta.pl/msn/0,0.html?ocid=iehp
IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.onet.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-01 03:08:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-26 11:31:54 | 000,000,000 | ---D | M]

[2010-01-02 18:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions
[2010-08-01 01:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions
[2010-05-20 09:09:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010-01-11 22:48:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-02-05 10:53:49 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\searchplugins\daemon-search.xml
[2010-08-01 01:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-07-10 17:55:57 | 000,411,898 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14235 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VPro520.lnk = C:\WINDOWS\VPro520.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Admin\Dane aplikacji\ohydy.exe) - C:\Documents and Settings\Admin\Dane aplikacji\ohydy.exe File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "InCDsrv"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "Adobe LM Service"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-08-01 13:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\DoctorWeb
[2010-07-28 00:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-07-28 00:08:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010-07-27 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E
[2010-07-25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010-07-23 11:20:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-07-10 15:01:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com
[2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2010-07-07 23:32:48 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.bak
[2010-07-07 23:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2010-07-07 23:32:12 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010-07-07 23:32:12 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2010-07-07 23:32:12 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx
[2010-07-07 23:31:50 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2010-07-07 23:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AOL
[2010-07-05 12:13:52 | 000,070,656 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010-06-29 11:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\D2NT_3.1
[2010-06-10 18:02:06 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010-06-06 01:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie
[2010-06-04 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Jufsoft

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-08-01 19:51:44 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\sdzkl.sys
[2010-08-01 19:04:01 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-08-01 12:05:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-01 12:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-01 12:04:37 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010-08-01 03:53:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-30 02:38:11 | 002,642,210 | -H-- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-07-29 07:28:00 | 000,001,432 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010-07-28 20:17:47 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-07-23 23:03:10 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-20 14:34:37 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif
[2010-07-20 14:34:32 | 000,009,532 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif
[2010-07-19 16:58:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-16 19:10:34 | 004,871,301 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq
[2010-07-16 10:49:42 | 000,656,902 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg
[2010-07-15 13:23:36 | 000,037,795 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2010-07-14 18:59:50 | 000,057,141 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg
[2010-07-10 17:55:57 | 000,411,898 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-07-10 17:12:54 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010-07-10 15:01:25 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 8.lnk
[2010-07-08 01:13:33 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-08 01:13:06 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010-07-07 23:30:21 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010-07-07 23:30:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\atid.ini
[2010-07-07 00:01:45 | 000,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-07-05 23:46:39 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100710-175557.backup
[2010-07-05 23:45:58 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234639.backup
[2010-07-05 23:44:52 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234558.backup
[2010-07-05 20:51:35 | 001,610,084 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg
[2010-07-05 20:51:27 | 001,646,247 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg
[2010-07-05 20:51:18 | 000,910,385 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG
[2010-07-05 20:51:07 | 000,774,332 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG
[2010-07-05 20:50:57 | 000,931,344 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG
[2010-07-05 12:16:30 | 000,034,245 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010-07-05 12:16:05 | 000,070,656 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010-07-05 12:16:05 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010-07-05 11:44:03 | 000,000,765 | ---- | M] () -- C:\WINDOWS\COD.INI
[2010-07-05 10:35:03 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Gadu-Gadu.lnk
[2010-07-01 22:25:51 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk
[2010-06-23 21:09:47 | 000,177,413 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg
[2010-06-18 12:59:32 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Ventrilo.lnk
[2010-06-17 14:15:28 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234452.backup
[2010-06-17 14:13:44 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141528.backup
[2010-06-17 12:09:11 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141344.backup
[2010-06-14 19:24:34 | 000,063,984 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-06-14 15:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010-06-11 08:22:45 | 000,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-10 18:21:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-10 17:52:22 | 000,495,825 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg
[2010-06-03 18:47:21 | 000,395,202 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-120911.backup

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-07-27 21:43:12 | 000,766,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdzkl.sys
[2010-07-25 23:44:48 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-07-20 14:34:36 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif
[2010-07-20 14:34:31 | 000,009,532 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif
[2010-07-16 19:10:31 | 004,871,301 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq
[2010-07-16 10:49:40 | 000,656,902 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg
[2010-07-14 18:59:49 | 000,057,141 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg
[2010-07-08 01:13:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010-07-07 23:30:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2010-07-05 20:51:34 | 001,610,084 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg
[2010-07-05 20:51:26 | 001,646,247 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg
[2010-07-05 20:51:18 | 000,910,385 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG
[2010-07-05 20:51:06 | 000,774,332 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG
[2010-07-05 20:50:57 | 000,931,344 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG
[2010-07-05 12:13:53 | 000,034,245 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010-07-05 12:13:52 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010-07-05 11:44:03 | 000,000,765 | ---- | C] () -- C:\WINDOWS\COD.INI
[2010-06-29 12:52:31 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk
[2010-06-23 21:09:47 | 000,177,413 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg
[2010-06-10 17:52:19 | 000,495,825 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg
[2010-04-20 21:29:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-04-15 21:45:20 | 000,001,432 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010-02-18 01:32:48 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010-01-21 18:08:28 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010-01-21 18:08:28 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010-01-11 19:46:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2010-01-11 19:46:39 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2010-01-11 01:51:56 | 000,001,130 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2010-01-05 18:11:43 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-01-05 01:19:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\D2NT.dll
[2010-01-03 23:33:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-02 20:03:07 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010-01-02 20:03:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010-01-02 20:03:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010-01-02 18:28:19 | 000,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll
[2010-01-02 17:25:21 | 000,000,259 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010-01-02 15:58:10 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-01-02 15:29:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010-01-02 15:29:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2010-01-02 15:29:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010-01-02 15:29:02 | 000,024,978 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-01-02 15:28:47 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005-12-07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-07-27 21:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E
[2010-02-05 10:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools
[2010-03-14 20:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\FreeCall
[2010-01-02 16:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
[2010-05-04 17:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10
[2010-05-22 01:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\maxup
[2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nokia
[2010-01-02 19:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Notepad++
[2010-05-04 17:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu
[2010-01-02 16:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\PC Suite
[2010-05-04 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Qrix
[2010-01-21 16:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TS3Client
[2010-08-01 11:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
[2010-06-08 13:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Firefly Studios
[2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-07-07 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2010-02-09 02:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-01-21 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\AutoUpdate
[2010-01-09 17:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Gadu-Gadu
[2010-03-22 13:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Kamerzysta

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-01-18 01:52:18 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2009-10-16 18:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-05-05 17:24:24 | 000,000,178 | -H-- | M] () -- C:\GG8+.url
[2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-05-05 16:46:16 | 000,000,175 | -H-- | M] () -- C:\legalne.url
[2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-10-16 18:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-10-16 18:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-08-01 12:05:22 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-05-06 11:20:10 | 000,000,185 | -H-- | M] () -- C:\SGG.url
[2010-01-11 22:50:45 | 000,000,027 | ---- | M] () -- C:\sledzik.css.txt
[2009-05-05 17:24:16 | 000,000,178 | -H-- | M] () -- C:\Strona GG8+.url


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009-10-16 18:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]

Gmer przy uruchomieniu:

[log]GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-01 21:07:22
Windows 5.1.2600 Dodatek Service Pack 3
Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys


---- System - GMER 1.0.15 ----

SSDT spie.sys ZwEnumerateKey [0xB7EC6CA2] <-- ROOTKIT !!!
SSDT spie.sys ZwEnumerateValueKey [0xB7EC7030] <-- ROOTKIT !!!

Code B87B9C9C ZwRequestPort
Code B87B9D3C ZwRequestWaitReplyPort
Code B87B9BFC ZwTraceEvent
Code B87B9C9B NtRequestPort
Code B87B9D3B NtRequestWaitReplyPort
Code B87B9BFB NtTraceEvent

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A344DD8
Device \FileSystem\Ntfs \Ntfs 8A4D51F8
Device \FileSystem\Fastfat \Fat 8A1EF500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] sdzkl <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
[/log]

GMER log nr 1:

[log] GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-01 21:02:05
Windows 5.1.2600 Dodatek Service Pack 3
Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys


---- System - GMER 1.0.15 ----

SSDT B8760B16 ZwCreateKey
SSDT SnopFree.sys ZwCreateProcessEx [0xB84BC9E4] <-- ROOTKIT !!!
SSDT B8760B0C ZwCreateThread
SSDT B8760B1B ZwDeleteKey
SSDT B8760B25 ZwDeleteValueKey
SSDT spgk.sys ZwEnumerateKey [0xB7EC6CA2] <-- ROOTKIT !!!
SSDT spgk.sys ZwEnumerateValueKey [0xB7EC7030] <-- ROOTKIT !!!
SSDT B8760B2A ZwLoadKey
SSDT spgk.sys ZwOpenKey [0xB7EA80C0] <-- ROOTKIT !!!
SSDT B8760AF8 ZwOpenProcess
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwOpenSection [0xA125DFE0] <-- ROOTKIT !!!
SSDT B8760AFD ZwOpenThread
SSDT spgk.sys ZwQueryKey [0xB7EC7108] <-- ROOTKIT !!!
SSDT spgk.sys ZwQueryValueKey [0xB7EC6F88] <-- ROOTKIT !!!
SSDT B8760B34 ZwReplaceKey
SSDT B8760B2F ZwRestoreKey
SSDT B8760B20 ZwSetValueKey
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSystemDebugControl [0xA125DF0E] <-- ROOTKIT !!!
SSDT B8760B07 ZwTerminateProcess

INT 0x62 ? 8A4D2BF8
INT 0x63 ? 8A54CBF8
INT 0x73 ? 8A54CBF8
INT 0x83 ? 8A54CBF8
INT 0xB1 ? 8A54CBF8
INT 0xB1 ? 8A54CBF8
INT 0xB4 ? 8A547BF8

Code AEC59C9C ZwRequestPort
Code AEC59D3C ZwRequestWaitReplyPort
Code AEC59BFC ZwTraceEvent
Code AEC59C9B NtRequestPort
Code AEC59D3B NtRequestWaitReplyPort
Code AEC59BFB NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 80535118 5 Bytes JMP AEC59C00
PAGE ntkrnlpa.exe!NtRequestPort 805A2A3C 5 Bytes JMP AEC59CA0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2D68 5 Bytes JMP AEC59D40
.text SnopFree.sys B84BCD42 5 Bytes JMP AEC598E0
.text SnopFree.sys B84BCDA8 5 Bytes JMP AEC593E0
? C:\WINDOWS\system32\drivers\SnopFree.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
? spgk.sys Nie można odnaleźć określonego pliku. !
.text sdzkl.sys B7D8E000 96 Bytes JMP B7DCCFE1 sdzkl.sys
.text sdzkl.sys B7D8E062 147 Bytes [60, 5E, 89, 44, 24, 18, 66, ...]
.text sdzkl.sys B7D8E0F6 5 Bytes [FE, C9, FE, C9, 8A]
.text sdzkl.sys B7D8E0FC 216 Bytes [04, 83, C4, 04, 0F, 81, E7, ...]
.text sdzkl.sys B7D8E1D5 53 Bytes [00, 9C, F8, 83, ED, 02, E8, ...]
.text ...
? C:\WINDOWS\system32\drivers\sdzkl.sys Urządzenie podłączone do komputera nie działa.
.text USBPORT.SYS!DllUnload B7A908AC 5 Bytes JMP 8A5471D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F10380, 0x566445, 0xE8000020]
? System32\Drivers\akzhdu06.SYS System nie może odnaleźć określonej ścieżki. !
? System32\Drivers\aludaym5.SYS System nie może odnaleźć określonej ścieżki. !
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB3804A00]
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E8 5 Bytes JMP AEC59480
.text win32k.sys!EngCopyBits + 68D BF838F8D 5 Bytes JMP AEC595C0
.text win32k.sys!EngCreateBitmap + 6F4 BF83E197 5 Bytes JMP AEC59700
.text win32k.sys!EngMultiByteToWideChar + 789E BF869E44 5 Bytes JMP AEC59A20
.text win32k.sys!EngMulDiv + 8195 BF872D39 5 Bytes JMP AEC59660
.text win32k.sys!EngCreatePalette + 1C0 BF87EA6A 5 Bytes JMP AEC59520
.text win32k.sys!EngAlphaBlend + 2998 BF8C3163 5 Bytes JMP AEC597A0
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F97FA 5 Bytes JMP AEC59980
.text win32k.sys!EngCreateClip + 19C1 BF9133D3 5 Bytes JMP AEC59AC0
.text win32k.sys!EngCreateClip + 1F51 BF913963 5 Bytes JMP AEC59B60
.text win32k.sys!EngCreateClip + 2597 BF913FA9 5 Bytes JMP AEC59840
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA2135300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB84A0300, 0x1B7E, 0xE8000020]
? system32\drivers\dwprot.sys System nie może odnaleźć określonej ścieżki. !
? C:\DOCUME~1\Admin\USTAWI~1\Temp\lD9yMvU5.sys Nie można odnaleźć określonego pliku. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA9040] spgk.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA913C] spgk.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA90BE] spgk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA97FC] spgk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA96D2] spgk.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB9048] spgk.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A41F388
Device \FileSystem\Ntfs \Ntfs 888A7448
Device \FileSystem\Ntfs \Ntfs 88A03690
Device \FileSystem\Ntfs \Ntfs 889E0BB0
Device \FileSystem\Ntfs \Ntfs 887A2250

AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys

Device \FileSystem\Fastfat \FatCdrom 8A201500
Device \Driver\sptd \Device\1685513042 spgk.sys

AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys

Device \Driver\PCI_PNP9292 \Device\00000050 spgk.sys
Device \Driver\usbohci \Device\USBPDO-0 8A5481F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A54A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A54A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A54A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A54A1F8
Device \Driver\usbehci \Device\USBPDO-1 8A4D11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1392BF3B-04DB-4FF2-B6EB-5835A832A4E5} 89DE0500

AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4D31F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4D31F8
Device \Driver\Cdrom \Device\CdRom0 8A4D01F8
Device \Driver\Cdrom \Device\CdRom1 8A4D01F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4D31F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7D39B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7D39B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7D39B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7D39B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A4D31F8
Device \Driver\Cdrom \Device\CdRom2 8A4D01F8
Device \Driver\Cdrom \Device\CdRom3 8A4D01F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89DE0500
Device \Driver\NetBT \Device\NetbiosSmb 89DE0500
Device \Driver\PCI_PNP9292 \Device\0000004f spgk.sys

AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys
AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys

Device \Driver\usbohci \Device\USBFDO-0 8A5481F8
Device \Driver\usbehci \Device\USBFDO-1 8A4D11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 893961F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 893961F8
Device \Driver\Ftdisk \Device\FtControl 8A4D31F8
Device \Driver\sptd \Device\1685356792 spgk.sys
Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path1Target1Lun0 8A5491F8
Device \Driver\akzhdu06 \Device\Scsi\akzhdu061 8A07F1F8
Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path0Target0Lun0 8A5491F8
Device \Driver\nvgts \Device\Scsi\nvgts1 8A5491F8
Device \Driver\nvgts \Device\Scsi\nvgts2 8A5491F8
Device \Driver\akzhdu06 \Device\Scsi\akzhdu061Port5Path0Target1Lun0 8A07F1F8
Device \Driver\nvgts \Device\Scsi\nvgts3 8A5491F8
Device \Driver\aludaym5 \Device\Scsi\aludaym51 89F7A1F8
Device \Driver\akzhdu06 \Device\Scsi\akzhdu061Port5Path0Target0Lun0 8A07F1F8
Device \FileSystem\Fastfat \Fat 8A201500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat dwprot.sys

Device \FileSystem\Cdfs \Cdfs 89D794B0

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] sdzkl <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sdzkl@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sdzkl@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sdzkl@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sdzkl@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -764495635
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1033911924
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0xD0 0x2A 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5A 0x24 0xB5 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEB 0xBD 0xE2 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xD5 0x42 0x5F 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x1D 0xDF 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF7 0x2E 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x42 0xAE 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sdzkl@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\sdzkl@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\sdzkl@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\sdzkl@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0xD0 0x2A 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5A 0x24 0xB5 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEB 0xBD 0xE2 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xD5 0x42 0x5F 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x1D 0xDF 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF7 0x2E 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x42 0xAE 0x1F ...

---- EOF - GMER 1.0.15 ----
[/log]

GMER log nr 2:

[log]GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-01 21:08:27
Windows 5.1.2600 Dodatek Service Pack 3
Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys


---- Services - GMER 1.0.15 ----

Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI
Service (Sterownik kontrolera osadzonego interfejsu ACPI/Microsoft Corporation) [DISABLED] ACPIEC
Service C:\WINDOWS\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) [MANUAL] ADIHdAudAddService
Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation) [MANUAL] AEAudio
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service [DISABLED] Aha154x
Service ahcix86
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service [DISABLED] AliIde
Service amdide
Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys (AMD Processor Driver/Advanced Micro Devices) [SYSTEM] AmdK8
Service [DISABLED] amsint
Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\DRIVERS\atksgt.sys [AUTO] atksgt
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb
Service BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv
Service [DISABLED] CmdIde
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [MANUAL] Cpcudnntr
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe (Proces usługi Menedżera dysków logicznych/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (Sterownik uruchamiania Menedżera dysków NT/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys (Sterownik We/Wy menedżera dysków NT/Microsoft Corp., Veritas Software) [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service (Sterownik kryptografii FIPS/Microsoft Corporation) [SYSTEM] Fips
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [AUTO] ForceWare Intelligent Application Manager (IAM)
Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache HTTP Server/Apache Software Foundation) [AUTO] ForcewareWebInterface
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Sterownik dysku FT/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\WINDOWS\system32\giveio.sys [BOOT] giveio
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] hidusb
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc
Service [DISABLED] hpn
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [SYSTEM] i8042prt
Service iaStor
Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service (InCD File System Driver/Nero AG) [DISABLED] InCDfs
Service C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead RW Filter Driver/Nero AG) [SYSTEM] InCDPass
Service (InCD File System Recognizer/Nero AG) [SYSTEM] InCDrec
Service (Ahead MRW Filter Driver/Nero AG) [SYSTEM] incdrm
Service C:\Program Files\Ahead\InCD\InCDsrv.exe (incdsrv/Nero AG) [DISABLED] InCDsrv
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [BOOT] isapnp
Service C:\Program Files\Java\jre6\bin\jqs.exe [AUTO] JavaQuickStarterService
Service Jraid
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [DISABLED] LightScribeService
Service C:\WINDOWS\system32\DRIVERS\lirsgt.sys [AUTO] lirsgt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Machine Debug Manager/Microsoft Corporation) [AUTO] MDM
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe (Zdalne udostępnianie pulpitu NetMeeting/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys (Sterownik filtru myszy HID/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service C:\WINDOWS\system32\DRIVERS\ASACPI.sys [MANUAL] MTsensor
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (ActiveArmor Firewall IP Service/NVIDIA Corporation) [AUTO] nSvcIp
Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (nSvcLog/NVIDIA Corporation) [AUTO] nSvcLog
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 /NVIDIA Corporation) [MANUAL] nv
Service (NVIDIA® nForce(TM) IDE Performance Driver/NVIDIA Corporation) [BOOT] nvatabus
Service C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD
Service C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [BOOT] nvgts
Service C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) [MANUAL] nvnetbus
Service nvraid
Service nvrd32
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 197.45/NVIDIA Corporation) [AUTO] nvsvc
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\parport.sys (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm
Service C:\WINDOWS\system32\DRIVERS\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Rodzajowy sterownik magistrali PCI IDE/Microsoft Corporation) [BOOT] PCIIde
Service (Sterownik magistrali PCMCIA/Microsoft Corporation) [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\system32\PnkBstrA.exe [AUTO] PnkBstrA
Service PnP680
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\DRIVERS\processr.sys (Sterownik urządzenia procesora/Microsoft Corporation) [SYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Menedżer sesji pomocy pulpitu zdalnego Microsoft®/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Sterownik filtru audio Redbook/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry
Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS\system32\DRIVERS\wg111v3.sys (NETGEAR WG111v3 Wireless-G USB Adapter NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTL8187B
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Kernel Mode Driver/tzuk) [MANUAL] SbieDrv
Service C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Service/tzuk) [AUTO] SbieSvc
Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr
Service (PowerISO Virtual Drive/PowerISO Computing, Inc.) [SYSTEM] SCDEmu
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service (*** hidden *** ) [BOOT] sdzkl <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\drivers\Senfilt.sys (Sensaura WDM 3D Audio Driver/Sensaura) [MANUAL] SenFiltService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys (Sterownik urządzenia szeregowego/Microsoft Corporation) [SYSTEM] Serial
Service C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3112
Service Si3114
Service (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) [BOOT] Si3114r5
Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3124
Service Si3124r5
Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3132
Service (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) [BOOT] Si3132r5
Service (SATA Controller miniport driver/Silicon Image, Inc) [BOOT] Si3531
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP
Service C:\WINDOWS\System32\Drivers\SnopFree.sys [BOOT] SnoopFree
Service C:\WINDOWS\System32\SnoopFreeSvc.exe [AUTO] SnoopFreeSvc
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\SPC520.sys (Philips SPC520 Camera Driver (WDM Main Driver)/Philips ) [MANUAL] SPC520
Service C:\WINDOWS\system32\drivers\SPC520m.sys (Philips SPC520 Camera Driver (DS MiniDriver) /Philips ) [MANUAL] SPC520m
Service C:\WINDOWS\system32\speedfan.sys (SpeedFan Device Driver/Windows (R) 2000 DDK provider) [BOOT] speedfan
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd
Service C:\WINDOWS\system32\DRIVERS\sr.sys (Sterownik filtru systemu plików Przywracania systemu/Microsoft Corporation) [BOOT] sr
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv
Service C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) [AUTO] StarWindService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] stisvc
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Usługa dzienników wydajności i alertów/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:\WINDOWS\system32\tlntsvr.exe (Usługa Telnet/Microsoft Corporation) [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service viamraid
Service (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft®/Microsoft Corporation) [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service system32\DRIVERS\wanatw4.sys [MANUAL] wanatw
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (Usługa karty wydajności WMI/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Usługa udostępniania w sieci programu Windows Media Player/Microsoft Corporation) [DISABLED] WMPNetworkSvc
Service C:\WINDOWS\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {1392BF3B-04DB-4FF2-B6EB-5835A832A4E5}
Service {5B372BBB-2744-4B5A-883D-1DF92341242E}
Service {C2460799-C1C2-4AF9-A3ED-5C620AF8767F}

---- EOF - GMER 1.0.15 ----
[/log]


Logow z usuwania nie mam poniewaz niechcacy wylaczylem ale znalaz kilkanascie wirusow ktore usunal.

Sohei
komentarz
komentarz

Teraz można stwierdzić potrzebę użycia combofix gdyż w systemie siedzą również inne rootkikty.
http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix Przeczytaj to dokładnie i pobierz combofix. Uruchom go ale pamiętaj o ZAINSTALOWANIU KONSOLI ODZYSKIWANIA!

Makaveli_ns
komentarz
komentarz

Skad biora sie takie programy? Jak moglem sie nim zarazic? Czy jest jakis program ktory chroni przed tym?

Oto log z ComboFix:

[log]ComboFix 10-07-31.04 - Admin 2010-08-01 22:34:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3070.2649 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Utworzono nowy punkt przywracania
* Rezydentny antywirus jest aktywny

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E
c:\documents and settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E\enemies-names.txt
c:\documents and settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E\local.ini
c:\documents and settings\Admin\Menu Start\Programy\Antimalware Doctor
c:\documents and settings\Admin\Menu Start\Programy\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Admin\Menu Start\Programy\Antimalware Doctor\Uninstall.lnk
c:\windows\system32\VB6KO.DLL

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Pliki utworzone od 2010-07-01 do 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-08-01 12:30 . 2010-08-01 12:31 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2010-07-27 23:08 . 2010-07-27 23:11 -------- d-----w- c:\program files\trend micro
2010-07-27 23:08 . 2010-07-27 23:08 -------- d-----w- C:\rsit
2010-07-27 20:43 . 2010-08-01 21:40 766976 ----a-w- c:\windows\system32\drivers\sdzkl.sys
2010-07-25 22:44 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-07-25 22:44 . 2010-07-25 22:44 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-24 13:03 . 2007-10-23 08:27 110592 ----a-w- c:\documents and settings\De 2\Dane aplikacji\U3\temp\cleanup.exe
2010-07-24 13:02 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\De 2\Dane aplikacji\U3\temp\Launchpad Removal.exe
2010-07-24 13:02 . 2010-07-24 13:03 -------- d-----w- c:\documents and settings\De 2\Dane aplikacji\U3
2010-07-23 10:20 . 2010-07-23 10:20 -------- d--h--w- c:\windows\PIF
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\windows\occache
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Learn2.com
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Viewpoint
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Viewpoint
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Common Files\Nullsoft
2010-07-07 22:32 . 2003-08-15 14:17 54784 ----a-w- c:\windows\system32\Inetwh32.dll
2010-07-07 22:32 . 2003-08-15 14:17 1044480 ----a-w- c:\windows\system32\roboex32.dll
2010-07-07 22:31 . 2003-05-30 12:46 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-07-07 22:31 . 2010-07-08 00:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AOL
2010-07-05 11:13 . 2010-07-05 11:16 34245 ----a-w- c:\windows\scunin.dat
2010-07-05 11:13 . 2010-07-05 11:16 967 ----a-w- c:\windows\ScUnin.pif
2010-07-05 11:13 . 2010-07-05 11:16 70656 ----a-w- c:\windows\ScUnin.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 10:58 . 2010-01-02 15:06 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\uTorrent
2010-07-29 09:27 . 2010-01-02 14:46 -------- d-----w- c:\program files\SpeedFan
2010-07-28 20:09 . 2010-01-02 15:15 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Skype
2010-07-28 16:27 . 2010-01-05 21:29 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\skypePM
2010-07-24 12:55 . 2010-01-11 16:03 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\U3
2010-07-22 16:06 . 2010-01-11 14:24 -------- d-----w- c:\program files\AC3Filter
2010-07-15 12:23 . 2010-04-15 19:20 37795 ----a-w- c:\windows\DIIUnin.dat
2010-07-07 22:30 . 2010-01-02 14:51 335 ----a-w- c:\windows\nsreg.dat
2010-07-06 23:01 . 2010-01-05 17:11 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-06 23:01 . 2010-01-05 17:11 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-14 18:24 . 2010-01-28 19:49 63984 ----a-w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-06-14 14:31 . 2010-01-02 14:07 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 12:18 . 2010-01-28 19:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Firefly Studios
2010-06-08 09:38 . 2010-01-02 15:06 -------- d-----w- c:\program files\uTorrent
2010-06-04 15:07 . 2010-06-04 15:07 -------- d-----w- c:\program files\Jufsoft
2010-05-06 10:28 . 2009-10-16 17:45 919040 ----a-w- c:\windows\system32\wininet.dll
2004-10-01 14:00 . 2010-01-02 15:21 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-10-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-14 395496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SnoopFreeUI"="SnoopFreeUI.exe" [2010-01-11 221184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-10-16 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
VPro520.lnk - c:\windows\VPro520.exe [2010-1-2 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Program Files\\Anno 1701\\Anno1701.exe"=
"e:\\Program Files\\Anno 1701\\Anno1701AddOn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"e:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-02 108289]
R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2010-01-02 85504]
R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2010-01-02 7680]
S0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-10-16 69248]
S0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-10-16 212520]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-07-31 341504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-02 717296]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - sdzkl
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - component: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

AddRemove-Gadu-Gadu - e:\program files\Call of Duty\Gadu-Gadu\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 22:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdzkl]

.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(384)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_pol.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll
c:\program files\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SnoopFreeUI.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\System32\SnoopFreeSvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
.
**************************************************************************
.
Czas ukończenia: 2010-08-01 22:43:24 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-08-01 21:43

Przed: 91 365 101 568 bajtów wolnych
Po: 91 249 655 808 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - ECA0BE692198392F86211F98EB0E8EE8
[/log]

Sohei
komentarz
komentarz

[code]File::
c:\windows\system32\drivers\sdzkl.sys

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdzkl][/code]

Wklejasz do notanika>Plik>>Zapisz jako... >CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
(http://forum.programosy.pl/problem-z-rtk-win32-rootkit-gen-avast-go-znalazl-vp882718.html w 2 poście masz pokazane jak to powinno przebiegać na animacji)

Makaveli_ns
komentarz
komentarz (edytowane)

[log]ComboFix 10-07-31.04 - Admin 2010-08-01 23:20:44.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3070.2700 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Rezydentny antywirus jest aktywny


FILE ::
"c:\windows\system32\drivers\sdzkl.sys"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sdzkl.sys

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sdzkl
-------\Service_sdzkl


((((((((((((((((((((((((( Pliki utworzone od 2010-07-01 do 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-08-01 12:30 . 2010-08-01 12:31 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2010-07-27 23:08 . 2010-07-27 23:11 -------- d-----w- c:\program files\trend micro
2010-07-27 23:08 . 2010-07-27 23:08 -------- d-----w- C:\rsit
2010-07-25 22:44 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-07-25 22:44 . 2010-07-25 22:44 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-24 13:03 . 2007-10-23 08:27 110592 ----a-w- c:\documents and settings\De 2\Dane aplikacji\U3\temp\cleanup.exe
2010-07-24 13:02 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\De 2\Dane aplikacji\U3\temp\Launchpad Removal.exe
2010-07-24 13:02 . 2010-07-24 13:03 -------- d-----w- c:\documents and settings\De 2\Dane aplikacji\U3
2010-07-23 10:20 . 2010-07-23 10:20 -------- d--h--w- c:\windows\PIF
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\windows\occache
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Learn2.com
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Viewpoint
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Viewpoint
2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Common Files\Nullsoft
2010-07-07 22:32 . 2003-08-15 14:17 54784 ----a-w- c:\windows\system32\Inetwh32.dll
2010-07-07 22:32 . 2003-08-15 14:17 1044480 ----a-w- c:\windows\system32\roboex32.dll
2010-07-07 22:31 . 2003-05-30 12:46 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-07-07 22:31 . 2010-07-08 00:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AOL
2010-07-05 11:13 . 2010-07-05 11:16 34245 ----a-w- c:\windows\scunin.dat
2010-07-05 11:13 . 2010-07-05 11:16 967 ----a-w- c:\windows\ScUnin.pif
2010-07-05 11:13 . 2010-07-05 11:16 70656 ----a-w- c:\windows\ScUnin.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 10:58 . 2010-01-02 15:06 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\uTorrent
2010-07-29 09:27 . 2010-01-02 14:46 -------- d-----w- c:\program files\SpeedFan
2010-07-28 20:09 . 2010-01-02 15:15 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Skype
2010-07-28 16:27 . 2010-01-05 21:29 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\skypePM
2010-07-24 12:55 . 2010-01-11 16:03 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\U3
2010-07-22 16:06 . 2010-01-11 14:24 -------- d-----w- c:\program files\AC3Filter
2010-07-15 12:23 . 2010-04-15 19:20 37795 ----a-w- c:\windows\DIIUnin.dat
2010-07-07 22:30 . 2010-01-02 14:51 335 ----a-w- c:\windows\nsreg.dat
2010-07-06 23:01 . 2010-01-05 17:11 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-06 23:01 . 2010-01-05 17:11 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-14 18:24 . 2010-01-28 19:49 63984 ----a-w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-06-14 14:31 . 2010-01-02 14:07 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 12:18 . 2010-01-28 19:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Firefly Studios
2010-06-08 09:38 . 2010-01-02 15:06 -------- d-----w- c:\program files\uTorrent
2010-06-04 15:07 . 2010-06-04 15:07 -------- d-----w- c:\program files\Jufsoft
2010-05-06 10:28 . 2009-10-16 17:45 919040 ----a-w- c:\windows\system32\wininet.dll
2004-10-01 14:00 . 2010-01-02 15:21 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-10-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-14 395496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SnoopFreeUI"="SnoopFreeUI.exe" [2010-01-11 221184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-10-16 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
VPro520.lnk - c:\windows\VPro520.exe [2010-1-2 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Program Files\\Anno 1701\\Anno1701.exe"=
"e:\\Program Files\\Anno 1701\\Anno1701AddOn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"e:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-02 108289]
R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2010-01-02 85504]
R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2010-01-02 7680]
S0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-10-16 69248]
S0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-10-16 212520]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-07-31 341504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-02 717296]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - component: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-08-01 23:28
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(1904)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_pol.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll
c:\program files\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\NVRSPL.DLL
c:\windows\system32\nvapi.dll
c:\program files\Ahead\InCD\incdshx.dll
c:\program files\NVIDIA Corporation\nView\nvshell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\System32\SnoopFreeSvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\SnoopFreeUI.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2010-08-01 23:30:56 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-08-01 22:30
ComboFix2.txt 2010-08-01 22:00
ComboFix3.txt 2010-08-01 21:43

Przed: 91 252 727 808 bajtów wolnych
Po: 91 244 867 584 bajtów wolnych

- - End Of File - - BD2121CF81F8FBBC2DD8367DD81AF8F5
[/log]


Mam nadzieje ze juz jest czysto?

Pojawil sie kolejny problem :/

Teraz mam tak ze coz zuzywa mi caly procesor w tym przypadku np Avira, i mam takie jakby zaciecia komputera co 10sek pozniej 10sek spokoj i znowu zaciecie :/

Za chwile zrobie na nowo skan OTL i RSIT


OTL Log:

[log]OTL logfile created on: 2010-08-02 00:32:15 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Admin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,07 Gb Total Space | 84,90 Gb Free Space | 87,46% Space Free | Partition Type: NTFS
Drive D: | 201,01 Gb Total Space | 119,78 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS
Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,15% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
PRC - [2010-04-14 13:23:44 | 000,395,496 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2010-02-18 13:33:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2010-01-11 20:03:00 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-12-02 15:26:07 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2009-10-16 18:45:00 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2009-10-16 18:45:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2009-10-16 18:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2009-08-28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-03-05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-12-12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007-04-06 12:42:26 | 000,073,728 | ---- | M] (Philips) -- C:\WINDOWS\VPro520.exe
PRC - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
MOD - [2010-01-11 20:03:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-10-16 18:45:00 | 008,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2009-10-16 18:45:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009-10-16 18:45:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2009-10-16 18:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-10-16 18:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2009-10-16 18:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2009-10-16 18:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-10-16 18:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-10-16 18:45:00 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-10-16 18:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2009-10-16 18:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2009-10-16 18:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2009-10-16 18:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2009-10-16 18:45:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2009-10-16 18:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2009-10-16 18:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2009-10-16 18:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2009-10-16 18:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2009-10-16 18:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2009-10-16 18:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2009-10-16 18:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2009-10-16 18:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2009-10-16 18:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2009-10-16 18:45:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006-11-06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005-07-08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- (StarWindService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010-04-14 13:23:36 | 000,116,968 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010-04-03 23:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010-02-05 10:51:44 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-02-05 10:39:06 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-01-21 18:08:28 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-01-11 20:03:00 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2010-01-02 17:31:18 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-01-02 17:31:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-10-16 18:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5)
DRV - [2009-10-16 18:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2009-10-16 18:45:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009-10-16 18:45:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009-10-16 18:45:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2009-10-16 18:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132)
DRV - [2009-10-16 18:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124)
DRV - [2009-10-16 18:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2009-07-31 07:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-04-13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2007-04-09 13:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007-03-27 21:27:56 | 000,007,680 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520m.sys -- (SPC520m)
DRV - [2007-03-27 21:27:50 | 000,085,504 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520.sys -- (SPC520)
DRV - [2006-11-02 07:55:17 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006-09-24 14:28:47 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006-05-16 12:25:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-05-16 12:25:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-05-10 11:33:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-05-02 10:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006-03-17 11:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005-07-08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-07-08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.onet.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-01 03:08:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-26 11:31:54 | 000,000,000 | ---D | M]

[2010-01-02 18:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions
[2010-08-01 01:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions
[2010-05-20 09:09:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010-01-11 22:48:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-02-05 10:53:49 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\searchplugins\daemon-search.xml
[2010-08-01 01:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-08-01 23:27:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VPro520.lnk = C:\WINDOWS\VPro520.exe (Philips)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "InCDsrv"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "Adobe LM Service"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-08-02 00:31:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
[2010-08-01 23:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\Logi dawida
[2010-08-01 23:33:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-08-01 23:30:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-08-01 22:33:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-08-01 22:30:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-08-01 22:30:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-08-01 22:30:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-08-01 22:30:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-08-01 22:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-08-01 22:26:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-08-01 13:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\DoctorWeb
[2010-07-28 00:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-07-28 00:08:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010-07-25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010-07-23 11:20:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-07-10 15:01:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com
[2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2010-07-07 23:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2010-07-07 23:32:12 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010-07-07 23:32:12 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2010-07-07 23:32:12 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx
[2010-07-07 23:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AOL
[2010-07-05 12:13:52 | 000,070,656 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010-06-29 11:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\D2NT_3.1
[2010-06-06 01:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie
[2010-06-04 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Jufsoft

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-08-02 00:25:06 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-08-02 00:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-02 00:24:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-01 23:28:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-08-01 23:27:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-08-01 23:26:14 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010-08-01 22:33:29 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010-08-01 22:23:41 | 003,748,898 | R--- | M] () -- C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
[2010-08-01 19:47:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\bfjhemsl.exe
[2010-08-01 03:53:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-30 02:38:11 | 002,642,210 | -H-- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-07-29 07:28:00 | 000,001,432 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010-07-28 20:17:47 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-07-27 22:29:46 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe
[2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
[2010-07-23 23:03:10 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-20 14:34:37 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif
[2010-07-20 14:34:32 | 000,009,532 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif
[2010-07-19 16:58:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-16 19:10:34 | 004,871,301 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq
[2010-07-16 10:49:42 | 000,656,902 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg
[2010-07-15 13:23:36 | 000,037,795 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2010-07-14 18:59:50 | 000,057,141 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg
[2010-07-10 17:55:57 | 000,411,898 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100801-222434.backup
[2010-07-10 17:12:54 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010-07-10 15:01:25 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 8.lnk
[2010-07-08 01:13:33 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-08 01:13:06 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010-07-07 23:30:21 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010-07-07 23:30:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\atid.ini
[2010-07-07 00:01:45 | 000,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-07-05 23:46:39 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100710-175557.backup
[2010-07-05 23:45:58 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234639.backup
[2010-07-05 23:44:52 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234558.backup
[2010-07-05 20:51:35 | 001,610,084 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg
[2010-07-05 20:51:27 | 001,646,247 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg
[2010-07-05 20:51:18 | 000,910,385 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG
[2010-07-05 20:51:07 | 000,774,332 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG
[2010-07-05 20:50:57 | 000,931,344 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG
[2010-07-05 12:16:30 | 000,034,245 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010-07-05 12:16:05 | 000,070,656 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010-07-05 12:16:05 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010-07-05 11:44:03 | 000,000,765 | ---- | M] () -- C:\WINDOWS\COD.INI
[2010-07-05 10:35:03 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Gadu-Gadu.lnk
[2010-07-01 22:25:51 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk
[2010-06-23 21:09:47 | 000,177,413 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg
[2010-06-18 12:59:32 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Ventrilo.lnk
[2010-06-17 14:15:28 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234452.backup
[2010-06-17 14:13:44 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141528.backup
[2010-06-17 12:09:11 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141344.backup
[2010-06-14 19:24:34 | 000,063,984 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-06-11 08:22:45 | 000,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-10 18:21:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-10 17:52:22 | 000,495,825 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg
[2010-06-03 18:47:21 | 000,395,202 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-120911.backup

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-08-02 00:31:20 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe
[2010-08-01 22:33:28 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010-08-01 22:33:24 | 000,262,400 | ---- | C] () -- C:\cmldr
[2010-08-01 22:30:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-08-01 22:30:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-08-01 22:30:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-08-01 22:30:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-08-01 22:30:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-08-01 22:23:39 | 003,748,898 | R--- | C] () -- C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
[2010-08-01 19:47:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\bfjhemsl.exe
[2010-07-25 23:44:48 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-07-20 14:34:36 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif
[2010-07-20 14:34:31 | 000,009,532 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif
[2010-07-16 19:10:31 | 004,871,301 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq
[2010-07-16 10:49:40 | 000,656,902 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg
[2010-07-14 18:59:49 | 000,057,141 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg
[2010-07-08 01:13:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010-07-07 23:30:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2010-07-05 20:51:34 | 001,610,084 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg
[2010-07-05 20:51:26 | 001,646,247 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg
[2010-07-05 20:51:18 | 000,910,385 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG
[2010-07-05 20:51:06 | 000,774,332 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG
[2010-07-05 20:50:57 | 000,931,344 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG
[2010-07-05 12:13:53 | 000,034,245 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010-07-05 12:13:52 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010-07-05 11:44:03 | 000,000,765 | ---- | C] () -- C:\WINDOWS\COD.INI
[2010-06-29 12:52:31 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk
[2010-06-23 21:09:47 | 000,177,413 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg
[2010-06-10 17:52:19 | 000,495,825 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg
[2010-04-20 21:29:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-04-15 21:45:20 | 000,001,432 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010-02-18 01:32:48 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010-01-21 18:08:28 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010-01-21 18:08:28 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010-01-11 19:46:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2010-01-11 19:46:39 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2010-01-11 01:51:56 | 000,001,130 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2010-01-05 18:11:43 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-01-05 01:19:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\D2NT.dll
[2010-01-03 23:33:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-02 20:03:07 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010-01-02 20:03:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010-01-02 20:03:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010-01-02 18:28:19 | 000,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll
[2010-01-02 17:25:21 | 000,000,259 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010-01-02 15:58:10 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-01-02 15:29:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010-01-02 15:29:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2010-01-02 15:29:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010-01-02 15:29:02 | 000,024,978 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-01-02 15:28:47 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005-12-07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-02-05 10:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools
[2010-03-14 20:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\FreeCall
[2010-01-02 16:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
[2010-05-04 17:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10
[2010-05-22 01:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\maxup
[2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nokia
[2010-01-02 19:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Notepad++
[2010-05-04 17:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu
[2010-01-02 16:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\PC Suite
[2010-05-04 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Qrix
[2010-01-21 16:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TS3Client
[2010-08-01 11:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
[2010-06-08 13:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Firefly Studios
[2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-07-07 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2010-02-09 02:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-01-21 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\AutoUpdate
[2010-01-09 17:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Gadu-Gadu
[2010-03-22 13:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Kamerzysta

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-01-18 01:52:18 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010-08-01 22:33:29 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2009-10-16 18:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2010-08-01 23:30:57 | 000,011,958 | ---- | M] () -- C:\ComboFix.txt
[2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-05-05 17:24:24 | 000,000,178 | -H-- | M] () -- C:\GG8+.url
[2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-05-05 16:46:16 | 000,000,175 | -H-- | M] () -- C:\legalne.url
[2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-10-16 18:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-10-16 18:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-08-02 00:24:54 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-05-06 11:20:10 | 000,000,185 | -H-- | M] () -- C:\SGG.url
[2010-01-11 22:50:45 | 000,000,027 | ---- | M] () -- C:\sledzik.css.txt
[2009-05-05 17:24:16 | 000,000,178 | -H-- | M] () -- C:\Strona GG8+.url


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009-10-16 18:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]

OTL Extras:

[log]OTL Extras logfile created on: 2010-08-02 00:32:15 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Admin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,07 Gb Total Space | 84,90 Gb Free Space | 87,46% Space Free | Partition Type: NTFS
Drive D: | 201,01 Gb Total Space | 119,78 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS
Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,15% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Call of Duty\CoDMP.exe" = E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Program Files\Anno 1701\Anno1701.exe" = E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH)
"E:\Program Files\Anno 1701\Anno1701AddOn.exe" = E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01 -- (Related Designs Software GmbH)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall -- (FreeCall)
"E:\Program Files\Gadu-Gadu\gg.exe" = E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B3A8956-FAF7-4DB7-897C-86926C5323D2}" = Philips VLounge
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC}" = Nokia PC Suite
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Add-On
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}" = Philips SPC520NC Webcam
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"2B0430566DEE7109F019A317398EA7F8DA53B293" = Pakiet sterowników systemu Windows - Philips (SPC520) Image (03/27/2007 1.00.2.6000)
"46D650DC11A19D8E1347F194E1244412C0FAFCF1" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BadCopy Pro" = BadCopy Pro
"Call of Duty" = Call of Duty
"CWK" = CWK (Czasowy Wyłącznik Komputera)
"Diablo II" = Diablo II
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00
"FLVPlayer" = FLV Player 1.3.3
"FreeCall_is1" = FreeCall
"InCD!UninstallKey" = InCD
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Kamerzysta" = Kamerzysta (deinstalacja)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Rzeźnik MPEGów 1.1.99_is1" = Rzeźnik MPEGów 1.1.99
"SkanerOnline" = Skaner on-line mks_vir
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SubEdit-Player_is1" = SubEdit-Player
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Winamp PL" = Winamp 5.33 PL
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-06-02 15:06:20 | Computer Name = PAWEL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-07 16:38:42 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-08 14:45:09 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-11 15:39:36 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SkypeSetup.exe, wersja 4.2.0.169, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-22 15:53:51 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-22 16:09:49 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-24 18:18:45 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-06-30 12:00:41 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca KissCloneHunter2.2.exe, wersja 2.2.0.0, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-07-06 09:20:11 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010ede.

Error - 2010-07-07 20:09:48 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x000108b2.

[ System Events ]
Error - 2010-08-01 18:25:43 | Computer Name = XXX | Source = PlugPlayManager | ID = 11
Description = Urządzenie Root\LEGACY_SDZKL\0000 zniknęło z systemu bez uprzedniego
przygotowania go do usunięcia.

Error - 2010-08-01 18:27:12 | Computer Name = XXX | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.

Error - 2010-08-01 18:27:50 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego
błędu: %%2

Error - 2010-08-01 18:28:05 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531

Error - 2010-08-01 18:34:20 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie
jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem
klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA
SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń
można modyfikować przy użyciu narzędzia administracyjnego usług składowych.

Error - 2010-08-01 18:47:19 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego
błędu: %%2

Error - 2010-08-01 18:47:19 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531

Error - 2010-08-01 19:25:54 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego
błędu: %%2

Error - 2010-08-01 19:25:57 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531

Error - 2010-08-01 19:26:06 | Computer Name = XXX | Source = DCOM | ID = 10016
Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie
jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem
klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA
SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń
można modyfikować przy użyciu narzędzia administracyjnego usług składowych.


< End of report >
[/log]

RSIT:

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-08-02 00:38:59
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 87 GB (87%) free of 99 GB
Total RAM: 3070 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:39:11, on 2010-08-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\VPro520.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Pulpit\OTL.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Admin\Pulpit\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPro520.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O19 - User stylesheet: C:\sledzik.css.txt
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

--
End of file - 8330 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-17 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2009-12-02 37376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SnoopFreeUI"=C:\WINDOWS\SnoopFreeUI.exe [2010-01-11 221184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2010-04-14 395496]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-10-16 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"LightScribeService"=2
"InCDsrv"=2
"Apple Mobile Device"=2
"Adobe LM Service"=3

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
VPro520.lnk - C:\WINDOWS\VPro520.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-10-16 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\Call of Duty\CoDMP.exe"="E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Program Files\Anno 1701\Anno1701.exe"="E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701"
"E:\Program Files\Anno 1701\Anno1701AddOn.exe"="E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"E:\Program Files\Gadu-Gadu\gg.exe"="E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

======List of files/folders created in the last 1 months======

2010-08-01 23:33:53 ----SHD---- C:\RECYCLER
2010-08-01 23:30:59 ----D---- C:\WINDOWS\temp
2010-08-01 23:30:57 ----A---- C:\ComboFix.txt
2010-08-01 22:33:28 ----A---- C:\Boot.bak
2010-08-01 22:33:21 ----RASHD---- C:\cmdcons
2010-08-01 22:30:58 ----A---- C:\WINDOWS\zip.exe
2010-08-01 22:30:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-01 22:30:58 ----A---- C:\WINDOWS\SWSC.exe
2010-08-01 22:30:58 ----A---- C:\WINDOWS\SWREG.exe
2010-08-01 22:30:58 ----A---- C:\WINDOWS\sed.exe
2010-08-01 22:30:58 ----A---- C:\WINDOWS\PEV.exe
2010-08-01 22:30:58 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-01 22:30:58 ----A---- C:\WINDOWS\MBR.exe
2010-08-01 22:30:58 ----A---- C:\WINDOWS\grep.exe
2010-08-01 22:30:52 ----D---- C:\WINDOWS\ERDNT
2010-08-01 22:26:24 ----D---- C:\Qoobox
2010-07-28 00:08:21 ----D---- C:\rsit
2010-07-28 00:08:21 ----D---- C:\Program Files\trend micro
2010-07-25 23:44:48 ----A---- C:\WINDOWS\system32\unrar.dll
2010-07-25 23:44:45 ----D---- C:\Program Files\K-Lite Codec Pack
2010-07-23 11:20:53 ----HD---- C:\WINDOWS\PIF
2010-07-15 01:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-10 15:01:11 ----D---- C:\Config.Msi
2010-07-08 01:13:06 ----A---- C:\WINDOWS\msoffice.ini
2010-07-07 23:32:56 ----D---- C:\WINDOWS\occache
2010-07-07 23:32:56 ----D---- C:\Program Files\Learn2.com
2010-07-07 23:32:50 ----D---- C:\Program Files\Viewpoint
2010-07-07 23:32:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
2010-07-07 23:32:48 ----A---- C:\WINDOWS\system32\shdocvw.bak
2010-07-07 23:32:47 ----D---- C:\Program Files\Common Files\Nullsoft
2010-07-07 23:32:12 ----A---- C:\WINDOWS\system32\roboex32.dll
2010-07-07 23:32:12 ----A---- C:\WINDOWS\system32\Inetwh32.dll
2010-07-07 23:31:50 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-07-07 23:31:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\AOL
2010-07-07 23:30:12 ----A---- C:\WINDOWS\atid.ini
2010-07-05 12:13:52 ----A---- C:\WINDOWS\ScUnin.pif
2010-07-05 12:13:52 ----A---- C:\WINDOWS\ScUnin.exe
2010-07-05 11:44:03 ----A---- C:\WINDOWS\COD.INI

======List of files/folders modified in the last 1 months======

2010-08-02 00:29:00 ----D---- C:\Program Files\Mozilla Firefox
2010-08-02 00:26:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-01 23:30:59 ----D---- C:\WINDOWS\system32\drivers
2010-08-01 23:30:59 ----D---- C:\WINDOWS
2010-08-01 23:28:07 ----A---- C:\WINDOWS\system.ini
2010-08-01 23:27:20 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-01 23:25:55 ----D---- C:\WINDOWS\system32\config
2010-08-01 23:23:31 ----D---- C:\WINDOWS\system32
2010-08-01 23:23:30 ----D---- C:\WINDOWS\AppPatch
2010-08-01 23:23:24 ----D---- C:\Program Files\Common Files
2010-08-01 23:20:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-01 22:33:29 ----RASH---- C:\boot.ini
2010-08-01 11:58:14 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2010-07-29 10:27:23 ----D---- C:\Program Files\SpeedFan
2010-07-29 07:28:00 ----A---- C:\WINDOWS\Sandboxie.ini
2010-07-28 23:56:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-28 23:55:30 ----SD---- C:\WINDOWS\Tasks
2010-07-28 22:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-07-28 21:09:00 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Skype
2010-07-28 17:27:37 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\skypePM
2010-07-28 00:08:21 ----RD---- C:\Program Files
2010-07-27 21:44:18 ----D---- C:\WINDOWS\Prefetch
2010-07-27 21:43:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-24 13:55:57 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\U3
2010-07-22 17:06:04 ----D---- C:\Program Files\AC3Filter
2010-07-19 20:32:24 ----HD---- C:\WINDOWS\inf
2010-07-19 16:58:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-16 21:48:59 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2010-07-16 21:46:26 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Adobe
2010-07-15 01:01:50 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-10 15:01:43 ----SHD---- C:\WINDOWS\Installer
2010-07-08 01:13:33 ----A---- C:\WINDOWS\win.ini
2010-07-07 23:30:21 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla
2010-07-07 00:01:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-07-05 11:51:02 ----D---- C:\WINDOWS\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2009-10-16 164896]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 SnoopFree;SnoopFree Driver; C:\WINDOWS\System32\Drivers\SnopFree.sys [2010-01-11 9472]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-05 717296]
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-11-02 28672]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-02 28520]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2009-10-16 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-05 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-02 56816]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-21 18048]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2009-10-16 144384]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2009-10-16 10368]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-10-16 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-16 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-16 18944]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 SPC520;Philips SPC520NC PC Camera; C:\WINDOWS\system32\drivers\SPC520.sys [2007-03-27 85504]
R3 SPC520m;Philips SPC520NC PC Cameram; C:\WINDOWS\system32\drivers\SPC520m.sys [2007-03-27 7680]
R3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2009-10-16 100736]
S0 Si3112;Si3112; C:\WINDOWS\system32\drivers\Si3112.sys [2009-10-16 62336]
S0 Si3114r5;Si3114r5; C:\WINDOWS\system32\drivers\Si3114r5.sys [2009-10-16 195072]
S0 Si3124;Si3124; C:\WINDOWS\system32\drivers\Si3124.sys [2009-10-16 69248]
S0 Si3132;Si3132; C:\WINDOWS\system32\drivers\Si3132.sys [2009-10-16 74672]
S0 Si3132r5;Si3132r5; C:\WINDOWS\system32\drivers\Si3132r5.sys [2009-10-16 215856]
S0 Si3531;Si3531; C:\WINDOWS\system32\drivers\Si3531.sys [2009-10-16 212520]
S3 atehw345;atehw345; C:\WINDOWS\system32\drivers\atehw345.sys []
S3 axai5suq;axai5suq; C:\WINDOWS\system32\drivers\axai5suq.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pgtdipow;pgtdipow; \??\C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys []
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2009-07-31 341504]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-16 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-16 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-02 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-06-29 172032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-06-29 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-06-29 65599]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-18 66872]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2010-04-14 73960]
R2 SnoopFreeSvc;Snoop Free Service; C:\WINDOWS\System32\SnoopFreeSvc.exe [2010-01-11 90112]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe [2005-04-02 217600]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-02 68096]
S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-16 14336]
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
S4 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

-----------------EOF-----------------
[/log]

Sohei
komentarz
komentarz

C:\WINDOWS\system32\SnoopFreeSvc.exe
C:\WINDOWS\SnoopFreeDll.dll znasz może te pliki? czy jest to jakiś program?? Bo nie za bardzo mi się one podobają.

Dodatkowo dołącz jeszcze loga z GMER

Makaveli_ns
komentarz
komentarz (edytowane)

No Snoop to program do ochrony klawiatury przed keyloggerami tylko nie jestem pewien czy te dwa programy to, to samo


za chwile zrobi skan GMERem

Log nr 1:

[log]GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-02 13:37:01
Windows 5.1.2600 Dodatek Service Pack 3
Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys


---- System - GMER 1.0.15 ----

SSDT B876D0F6 ZwCreateKey
SSDT SnopFree.sys ZwCreateProcessEx [0xB84BC9E4]
SSDT B876D0EC ZwCreateThread
SSDT B876D0FB ZwDeleteKey
SSDT B876D105 ZwDeleteValueKey
SSDT spsj.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spsj.sys ZwEnumerateValueKey [0xB7EC7030]
SSDT B876D10A ZwLoadKey
SSDT spsj.sys ZwOpenKey [0xB7EA80C0]
SSDT B876D0D8 ZwOpenProcess
SSDT B876D0DD ZwOpenThread
SSDT spsj.sys ZwQueryKey [0xB7EC7108]
SSDT spsj.sys ZwQueryValueKey [0xB7EC6F88]
SSDT B876D114 ZwReplaceKey
SSDT B876D10F ZwRestoreKey
SSDT B876D100 ZwSetValueKey
SSDT B876D0E7 ZwTerminateProcess

INT 0x62 ? 8A542BF8
INT 0x63 ? 8A4DCBF8
INT 0x73 ? 8A4DCBF8
INT 0x83 ? 8A4DCBF8
INT 0xB1 ? 8A4DCBF8
INT 0xB1 ? 8A4DCBF8
INT 0xB4 ? 8A4D7BF8

Code B87B2C9C ZwRequestPort
Code B87B2D3C ZwRequestWaitReplyPort
Code B87B2BFC ZwTraceEvent
Code B87B2C9B NtRequestPort
Code B87B2D3B NtRequestWaitReplyPort
Code B87B2BFB NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 80535118 5 Bytes JMP B87B2C00
PAGE ntkrnlpa.exe!NtRequestPort 805A2A3C 5 Bytes JMP B87B2CA0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2D68 5 Bytes JMP B87B2D40
.text SnopFree.sys B84BCD42 5 Bytes JMP B87B28E0
.text SnopFree.sys B84BCDA8 5 Bytes JMP B87B23E0
? C:\WINDOWS\system32\drivers\SnopFree.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
? spsj.sys Nie można odnaleźć określonego pliku. !
.text USBPORT.SYS!DllUnload B75838AC 5 Bytes JMP 8A4D71D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A03380, 0x566445, 0xE8000020]
? System32\Drivers\a6ktxbvt.SYS System nie może odnaleźć określonej ścieżki. !
.text aaazy448.SYS B62EB386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aaazy448.SYS B62EB3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aaazy448.SYS B62EB3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aaazy448.SYS B62EB3C9 1 Byte [2E]
.text aaazy448.SYS B62EB3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB2FFCA00]
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E8 5 Bytes JMP B87B2480
.text win32k.sys!EngCopyBits + 68D BF838F8D 5 Bytes JMP B87B25C0
.text win32k.sys!EngCreateBitmap + 6F4 BF83E197 5 Bytes JMP B87B2700
.text win32k.sys!EngMultiByteToWideChar + 789E BF869E44 5 Bytes JMP B87B2A20
.text win32k.sys!EngMulDiv + 8195 BF872D39 5 Bytes JMP B87B2660
.text win32k.sys!EngCreatePalette + 1C0 BF87EA6A 5 Bytes JMP B87B2520
.text win32k.sys!EngAlphaBlend + 2998 BF8C3163 5 Bytes JMP B87B27A0
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F97FA 5 Bytes JMP B87B2980
.text win32k.sys!EngCreateClip + 19C1 BF9133D3 5 Bytes JMP B87B2AC0
.text win32k.sys!EngCreateClip + 1F51 BF913963 5 Bytes JMP B87B2B60
.text win32k.sys!EngCreateClip + 2597 BF913FA9 5 Bytes JMP B87B2840
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA51D2300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xAC73B300, 0x1B7E, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA9040] spsj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA913C] spsj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA90BE] spsj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA97FC] spsj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA96D2] spsj.sys
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\aaazy448.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB9048] spsj.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A53D1F8
Device \Driver\PCI_PNP2492 \Device\00000050 spsj.sys
Device \Driver\usbohci \Device\USBPDO-0 8A4D81F8
Device \Driver\PCI_PNP2492 \Device\00000051 spsj.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4DA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A4DA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A4DA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A4DA1F8
Device \Driver\usbehci \Device\USBPDO-1 8A5411F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1392BF3B-04DB-4FF2-B6EB-5835A832A4E5} 8A2BC500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5431F8
Device \Driver\sptd \Device\3256236242 spsj.sys
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5431F8
Device \Driver\Cdrom \Device\CdRom0 8A5401F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5431F8
Device \Driver\Cdrom \Device\CdRom1 8A5401F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A5431F8
Device \Driver\Cdrom \Device\CdRom2 8A5401F8
Device \Driver\Cdrom \Device\CdRom3 8A5401F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2BC500
Device \Driver\NetBT \Device\NetbiosSmb 8A2BC500
Device \Driver\usbohci \Device\USBFDO-0 8A4D81F8
Device \Driver\usbehci \Device\USBFDO-1 8A5411F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8943E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8943E1F8
Device \Driver\Ftdisk \Device\FtControl 8A5431F8
Device \Driver\sptd \Device\3256079992 spsj.sys
Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path1Target1Lun0 8A4D91F8
Device \Driver\a6ktxbvt \Device\Scsi\a6ktxbvt1Port5Path0Target0Lun0 8A1401F8
Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path0Target0Lun0 8A4D91F8
Device \Driver\nvgts \Device\Scsi\nvgts1 8A4D91F8
Device \Driver\nvgts \Device\Scsi\nvgts2 8A4D91F8
Device \Driver\aaazy448 \Device\Scsi\aaazy4481 8A0761F8
Device \Driver\nvgts \Device\Scsi\nvgts3 8A4D91F8
Device \Driver\a6ktxbvt \Device\Scsi\a6ktxbvt1Port5Path0Target1Lun0 8A1401F8
Device \Driver\a6ktxbvt \Device\Scsi\a6ktxbvt1 8A1401F8
Device \FileSystem\Cdfs \Cdfs 8A02B500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -764495635
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1033911924
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0xD0 0x2A 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5A 0x24 0xB5 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x27 0xB7 0x65 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBE 0x39 0x6D 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x1D 0xDF 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF7 0x2E 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x42 0xAE 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0xD0 0x2A 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5A 0x24 0xB5 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x27 0xB7 0x65 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBE 0x39 0x6D 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x1D 0xDF 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF7 0x2E 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x42 0xAE 0x1F ...

---- EOF - GMER 1.0.15 ----
[/log]


Log nr 2:

[log]GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-02 13:42:52
Windows 5.1.2600 Dodatek Service Pack 3
Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys


---- Services - GMER 1.0.15 ----

Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI
Service (Sterownik kontrolera osadzonego interfejsu ACPI/Microsoft Corporation) [DISABLED] ACPIEC
Service C:\WINDOWS\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) [MANUAL] ADIHdAudAddService
Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation) [MANUAL] AEAudio
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service [DISABLED] Aha154x
Service ahcix86
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service [DISABLED] AliIde
Service amdide
Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys (AMD Processor Driver/Advanced Micro Devices) [SYSTEM] AmdK8
Service [DISABLED] amsint
Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\DRIVERS\atksgt.sys [AUTO] atksgt
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb
Service BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\ComboFix\catchme.sys [MANUAL] catchme
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv
Service [DISABLED] CmdIde
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [MANUAL] Cpcudnntr
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe (Proces usługi Menedżera dysków logicznych/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (Sterownik uruchamiania Menedżera dysków NT/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys (Sterownik We/Wy menedżera dysków NT/Microsoft Corp., Veritas Software) [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service (Sterownik kryptografii FIPS/Microsoft Corporation) [SYSTEM] Fips
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [AUTO] ForceWare Intelligent Application Manager (IAM)
Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache HTTP Server/Apache Software Foundation) [AUTO] ForcewareWebInterface
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Sterownik dysku FT/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\WINDOWS\system32\giveio.sys [BOOT] giveio
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] hidusb
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc
Service [DISABLED] hpn
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [SYSTEM] i8042prt
Service iaStor
Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service (InCD File System Driver/Nero AG) [DISABLED] InCDfs
Service C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead RW Filter Driver/Nero AG) [SYSTEM] InCDPass
Service (InCD File System Recognizer/Nero AG) [SYSTEM] InCDrec
Service (Ahead MRW Filter Driver/Nero AG) [SYSTEM] incdrm
Service C:\Program Files\Ahead\InCD\InCDsrv.exe (incdsrv/Nero AG) [DISABLED] InCDsrv
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [BOOT] isapnp
Service C:\Program Files\Java\jre6\bin\jqs.exe [AUTO] JavaQuickStarterService
Service Jraid
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [DISABLED] LightScribeService
Service C:\WINDOWS\system32\DRIVERS\lirsgt.sys [AUTO] lirsgt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMSwissArmy
Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Machine Debug Manager/Microsoft Corporation) [AUTO] MDM
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe (Zdalne udostępnianie pulpitu NetMeeting/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys (Sterownik filtru myszy HID/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service C:\WINDOWS\system32\DRIVERS\ASACPI.sys [MANUAL] MTsensor
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (ActiveArmor Firewall IP Service/NVIDIA Corporation) [AUTO] nSvcIp
Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (nSvcLog/NVIDIA Corporation) [AUTO] nSvcLog
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 /NVIDIA Corporation) [MANUAL] nv
Service (NVIDIA® nForce(TM) IDE Performance Driver/NVIDIA Corporation) [BOOT] nvatabus
Service C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD
Service C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [BOOT] nvgts
Service C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) [MANUAL] nvnetbus
Service nvraid
Service nvrd32
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 197.45/NVIDIA Corporation) [AUTO] nvsvc
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\parport.sys (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm
Service C:\WINDOWS\system32\DRIVERS\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Rodzajowy sterownik magistrali PCI IDE/Microsoft Corporation) [BOOT] PCIIde
Service (Sterownik magistrali PCMCIA/Microsoft Corporation) [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\system32\PnkBstrA.exe [AUTO] PnkBstrA
Service PnP680
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\DRIVERS\processr.sys (Sterownik urządzenia procesora/Microsoft Corporation) [SYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Menedżer sesji pomocy pulpitu zdalnego Microsoft®/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Sterownik filtru audio Redbook/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry
Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS\system32\DRIVERS\wg111v3.sys (NETGEAR WG111v3 Wireless-G USB Adapter NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTL8187B
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Kernel Mode Driver/tzuk) [MANUAL] SbieDrv
Service C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Service/tzuk) [AUTO] SbieSvc
Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr
Service (PowerISO Virtual Drive/PowerISO Computing, Inc.) [SYSTEM] SCDEmu
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\drivers\Senfilt.sys (Sensaura WDM 3D Audio Driver/Sensaura) [MANUAL] SenFiltService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys (Sterownik urządzenia szeregowego/Microsoft Corporation) [SYSTEM] Serial
Service C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3112
Service Si3114
Service (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) [BOOT] Si3114r5
Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3124
Service Si3124r5
Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3132
Service (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) [BOOT] Si3132r5
Service (SATA Controller miniport driver/Silicon Image, Inc) [BOOT] Si3531
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP
Service C:\WINDOWS\System32\Drivers\SnopFree.sys [BOOT] SnoopFree
Service C:\WINDOWS\System32\SnoopFreeSvc.exe [AUTO] SnoopFreeSvc
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\SPC520.sys (Philips SPC520 Camera Driver (WDM Main Driver)/Philips ) [MANUAL] SPC520
Service C:\WINDOWS\system32\drivers\SPC520m.sys (Philips SPC520 Camera Driver (DS MiniDriver) /Philips ) [MANUAL] SPC520m
Service C:\WINDOWS\system32\speedfan.sys (SpeedFan Device Driver/Windows (R) 2000 DDK provider) [BOOT] speedfan
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd
Service C:\WINDOWS\system32\DRIVERS\sr.sys (Sterownik filtru systemu plików Przywracania systemu/Microsoft Corporation) [BOOT] sr
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv
Service C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) [AUTO] StarWindService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] stisvc
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Usługa dzienników wydajności i alertów/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:\WINDOWS\system32\tlntsvr.exe (Usługa Telnet/Microsoft Corporation) [MANUAL] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service viamraid
Service (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft®/Microsoft Corporation) [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service system32\DRIVERS\wanatw4.sys [MANUAL] wanatw
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (Usługa karty wydajności WMI/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Usługa udostępniania w sieci programu Windows Media Player/Microsoft Corporation) [DISABLED] WMPNetworkSvc
Service C:\WINDOWS\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {1392BF3B-04DB-4FF2-B6EB-5835A832A4E5}
Service {5B372BBB-2744-4B5A-883D-1DF92341242E}
Service {C2460799-C1C2-4AF9-A3ED-5C620AF8767F}

---- EOF - GMER 1.0.15 ----
[/log]


[b]Dodam iz problemy te zaczynaja sie dopiero po uruchomieniu jakiegos skanera, wtym przypadku kjomputer chodzil bardzo dobrze od rana dopuki nie uruchomilem GMER i zaczely sie problemy z przycinaniem mniej wiecej co 10sek komputer nie reaguje na nic :/ i tak w kolko co kilka sek. Zauwazylem to juz wczoraj robiac skan Avira oraz Malware Byte's.

Nie wiem co sie dzieje prosze o pomoc[/b]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.