My name is Jarek, I live in Germany though I'm Polish. Working in IT, but have had little to do with Windows world for years... There are no viruses (trojans, rootkits etc.) in my world Unfortunately I still run an XP PC at home, mainly for my wife. And here it is different... very different since Friday, when Avast reported Win32:Rootkit-gen [Rtk] detection.
The symptoms are very like in http://www.geekstogo...tk-t270702.html.
I need help in removing the stuff and estimating the danger - is it 'just' a spamer, backdoor or anything else?
Here are the reports from OTL and gmer, collected as decribed in the other post.
OTL.Txt
OTL logfile created on: 2010-05-15 23:32:17 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\wspolne\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 393,87 Gb Free Space | 84,57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 372,61 Gb Total Space | 120,39 Gb Free Space | 32,31% Space Free | Partition Type: NTFS
Drive G: | 7,52 Gb Total Space | 3,22 Gb Free Space | 42,85% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DZIDKI
Current User Name: wspolne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\wspolne\Moje dokumenty\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\wspolne\Moje dokumenty\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
========== Driver Services (SafeList) ==========
DRV - (MEMSWEEP2) -- File not found
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (usbaudio) Sterownik audio USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys (Logitech Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wyborcza.pl/0,0.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://wiadomosci.ga...mosci/0,0.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {472f4ef0-a825-11da-a746-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {62fe3c1e-482a-4498-bbea-1dc8bfd2d439}:2.0.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.14
FF - prefs.js..network.proxy.autoconfig_url: "http://inetprox.inet...e/rasproxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-15 18:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-15 18:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-04-15 18:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009-10-18 21:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Extensions
[2010-05-15 22:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions
[2010-05-08 14:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010-05-08 14:20:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-10-18 21:57:57 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009-10-18 21:57:57 | 000,000,000 | ---D | M] (Tab Clicking Options) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{43520B8F-4107-4351-AC64-9BCC5EEA24B9}
[2009-10-18 21:57:57 | 000,000,000 | ---D | M] (FavLoc) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2010-03-01 23:43:18 | 000,000,000 | ---D | M] (Snajper.net) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{62fe3c1e-482a-4498-bbea-1dc8bfd2d439}
[2009-10-18 21:57:55 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010-01-26 10:37:02 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009-12-09 00:22:28 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010-05-08 14:20:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-04-20 07:42:57 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-10-18 21:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010-04-25 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\[email protected]
[2010-05-15 22:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-08-24 21:19:13 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-08-24 21:19:13 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-08-24 21:19:13 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-08-24 21:19:13 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-08-24 21:19:13 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-08-24 21:19:13 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2009-10-19 21:04:18 | 000,000,765 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost adserver.gadu-gadu.pl
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\wspolne\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\wspolne\Menu Start\Programy\Autostart\Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255879580890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1257446468187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-18 15:30:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aa7a376f-bc1b-11de-8596-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{aa7a376f-bc1b-11de-8596-806d6172696f}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-10-18 23:18:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Renderowanie grafiki wektorowej (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Powiązania danych dynamicznego HTML dla języka Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autorstwo zaawansowane
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Klasy Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Foldery w sieci Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Harmonogram zadań
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)
========== Files/Folders - Created Within 30 Days ==========
[2010-05-15 23:29:26 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010-05-15 23:10:10 | 000,000,000 | ---D | C] -- C:\antivir_rootkit
[2010-05-15 22:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010-05-15 15:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wspolne\Dane aplikacji\Uniblue
[2010-05-15 15:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010-05-14 18:58:34 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010-05-14 18:58:34 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010-05-14 18:58:14 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010-05-14 18:57:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010-05-14 18:57:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010-05-09 20:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wspolne\Dane aplikacji\Google
[2010-05-09 20:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-05-03 21:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wspolne\Citrix
[2010-04-20 16:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\AidemMedia
[2010-04-19 08:47:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010-05-15 23:35:09 | 000,755,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\inhjklf.sys
[2010-05-15 23:35:02 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1343024091-725345543-1003UA.job
[2010-05-15 23:05:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-05-15 22:35:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-15 22:35:36 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{627EE941-C74F-49D6-864C-875D05DA1D4B}
[2010-05-15 22:35:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-05-15 22:35:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-15 22:34:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-15 22:34:32 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010-05-15 21:36:24 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Safari.lnk
[2010-05-15 16:12:17 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\wspolne\NTUSER.DAT
[2010-05-15 16:12:17 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\wspolne\ntuser.ini
[2010-05-15 15:38:06 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\RegistryBooster.lnk
[2010-05-14 20:04:40 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-05-14 18:57:08 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\wspolne\Dane aplikacji\qvjsge.dat
[2010-05-13 17:09:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-05-13 06:35:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1343024091-725345543-1003Core1cab63f4ae2f264.job
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-29 03:36:29 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\wspolne\Pulpit\Google Chrome.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010-05-15 15:38:06 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\RegistryBooster.lnk
[2010-05-14 20:08:22 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\inhjklf.sys
[2010-05-14 18:56:59 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\wspolne\Dane aplikacji\qvjsge.dat
[2010-05-09 20:00:18 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-05-09 20:00:17 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-10-28 22:49:36 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-10-28 22:46:35 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll
[2009-10-28 22:46:32 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2009-10-28 22:46:22 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009-10-28 22:46:22 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009-10-21 22:06:46 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009-10-19 20:45:12 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2009-10-19 20:45:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009-10-19 20:10:47 | 000,014,938 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-10-19 20:10:32 | 000,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009-10-19 19:58:30 | 000,000,556 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-18 22:45:28 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-18 21:46:37 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2009-10-18 21:18:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009-10-18 21:17:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-10-18 21:17:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-10-18 16:12:41 | 000,001,701 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009-10-18 15:44:20 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009-10-18 15:44:01 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-10-18 15:43:52 | 000,030,988 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-10-18 15:43:52 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-07-29 21:10:04 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\evr.dll
[2008-07-29 21:10:04 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\dxva2.dll
[1999-01-27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997-06-13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2007-08-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009-10-18 20:19:17 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009-10-18 20:19:17 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2007-08-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009-10-18 20:19:17 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009-10-18 20:19:17 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007-08-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2007-08-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2007-08-02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=8BE1BEBB1447EFFAF5F2135DC098431E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008-04-14 19:20:40 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=9858AD0A3FCD83C3B100EDD5852DE540 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-14 19:20:40 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=9858AD0A3FCD83C3B100EDD5852DE540 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2007-08-02 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=3609496AE18FF399920C494270C526F9 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008-04-14 19:20:45 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=3F74B6B4E2721272A117D25990141F73 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-14 19:20:45 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=3F74B6B4E2721272A117D25990141F73 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009-04-29 04:18:06 | 000,442,368 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010-05-15 23:37:20 | 000,755,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\inhjklf.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
< %systemroot%\System32\config\*.sav >
[2009-10-18 23:23:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-10-18 23:23:13 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-10-18 23:23:12 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
Extras.Txt
OTL Extras logfile created on: 2010-05-15 23:32:17 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\wspolne\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 393,87 Gb Free Space | 84,57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 372,61 Gb Total Space | 120,39 Gb Free Space | 32,31% Space Free | Partition Type: NTFS
Drive G: | 7,52 Gb Total Space | 3,22 Gb Free Space | 42,85% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DZIDKI
Current User Name: wspolne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F20556-47EA-501F-3C42-6466E8EFBD18}" = Catalyst Control Center HydraVision Full
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{0446DCC4-1C4B-1FDB-EE6A-CC85EC03B6D4}" = Catalyst Control Center Core Implementation
"{05373199-CBD8-6F0E-A4CE-6818C52F71F9}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10BCCCA6-0FDD-600C-D99B-D756CEDF58E2}" = CCC Help Greek
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1B3D048E-17E3-04CB-4D9F-1029B96E0CCB}" = CCC Help Czech
"{1EA9AF24-7723-4C8C-88F0-6E8FDF731886}" = Domisie - Kolorowy Świat
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2661DD63-57EF-7FDB-7D12-876FE6A3B0AA}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D5E0A99-B781-CE3A-D2F7-9F223A355550}" = CCC Help Norwegian
"{2F14B9B4-C61B-2F39-B5F5-599B847BFE9F}" = CCC Help Swedish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{48B5DAA4-D63A-A560-B3B9-B5B12CF759DF}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53714632-5AAD-0E8B-DD71-72BB8FA1AA20}" = CCC Help Polish
"{5412EFB0-65B8-94AC-1942-891095222840}" = CCC Help Spanish
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{63D3148E-8ECF-A665-AEE7-A35E59105F28}" = Catalyst Control Center Localization All
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{64768886-46ED-8542-D895-CC6FB0D3C790}" = Catalyst Control Center Graphics Full Existing
"{6580EC1E-3DA8-9ED7-4D7B-63C6B9DE6B21}" = CCC Help Thai
"{65BD4E29-4D47-0485-18EE-35252113818B}" = CCC Help Korean
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B4862E4-DBA5-B7CB-CA97-92F6D5F51B43}" = CCC Help Japanese
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{721D85B3-DABD-B560-C1FB-E2869BFF9692}" = ccc-core-static
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7CE8384C-F522-6E9E-2F41-FE78687B9AE7}" = CCC Help Chinese Standard
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510
"{8B3F9FA4-F44B-6E12-AF77-54104504F857}" = CCC Help Italian
"{8BC53B23-81B9-8F7E-8B51-FF95DAEBD2D4}" = ccc-utility
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90280415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional z programem FrontPage
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{980A6789-F5BD-5919-54A2-41B846361A3A}" = ccc-core-preinstall
"{9829B8D6-69C6-6DA8-AADE-3950042EDACE}" = CCC Help Chinese Traditional
"{99F5C5F4-A6B2-5C8C-2469-19C5B3A46AED}" = CCC Help Danish
"{9BA23EC5-B474-E4E6-87D0-CE62118B720A}" = CCC Help German
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3B7DDB1-4A0F-A1D1-F5AE-CAE0E8779320}" = CCC Help Hungarian
"{A3B7DFAF-3537-043C-903D-2DB8B07087B2}" = Catalyst Control Center Graphics Light
"{A488D63E-B3DD-4423-892F-2F2EC8909518}" = Logitech QuickCam
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B34591F0-64E7-0015-58B6-77D9EBF6CFE4}" = CCC Help French
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CCB4E948-9B47-04BD-43AF-6B1847C9F936}" = CCC Help Russian
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0127EC7-E022-3C4D-FE52-73AEBBF52D5B}" = CCC Help English
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C59A40-378A-4546-9ADE-984EB6FA72D3}" = KiSS PC-Link
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EE64D2D7-04E4-6F9B-5437-4CDFE5D93F9A}" = CCC Help Dutch
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F1AF6CBE-B7B8-9F62-6BE7-48C4FE6EEEDD}" = CCC Help Portuguese
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FC8FCC14-23B7-CC7D-9C12-7F9111787E21}" = CCC Help Finnish
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI
"ALLPlayer V2.1" = ALLPlayer V2.1
"ALLPlayer_is1" = ALLPlayer V4.X
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.1.0
"Exact Audio Copy_is1" = Exact Audio Copy v0.9 beta 4
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FreePDF_XP" = FreePDF (Remove only)
"Gadu-Gadu" = Gadu-Gadu 7.0
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"IrfanView" = IrfanView (remove only)
"Karen's Replicator" = Karen's Replicator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NapiProjekt_is1" = NapiProjekt 1.0.6.5
"NAVIGON Fresh" = NAVIGON Fresh 2.0.2
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"Picasa 3" = Picasa 3
"QcDrv" = Camera Driver
"RealAlt_is1" = Real Alternative 2.0.1 Lite
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"uTorrent" = µTorrent
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 2010-04-28 16:13:25 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir26976\TEMP_INSTALL\jquery-ui\js\jquery-ui-1.8rc1.custom.min.js
failed, 00000005.
Error - 2010-04-28 16:13:25 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir26976\TEMP_INSTALL\manifest.json
failed, 00000005.
Error - 2010-04-28 16:13:25 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir26976\TEMP_INSTALL\options.html
failed, 00000005.
Error - 2010-04-28 16:13:25 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir26976\TEMP_INSTALL\popup.html
failed, 00000005.
Error - 2010-05-05 02:03:11 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir400\TEMP_INSTALL\background.html
failed, 00000005.
Error - 2010-05-05 02:03:11 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir400\TEMP_INSTALL\fbphotozoom.css
failed, 00000005.
Error - 2010-05-05 02:03:11 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir400\TEMP_INSTALL\fbphotozoom.js
failed, 00000005.
Error - 2010-05-05 02:03:12 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir400\TEMP_INSTALL\manifest.json
failed, 00000005.
Error - 2010-05-15 17:33:15 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\databases\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0\1-journal
failed, 00000005.
Error - 2010-05-15 17:33:16 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\databases\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0\1-journal
failed, 00000005.
[ Application Events ]
Error - 2010-03-11 18:11:02 | Computer Name = DZIDKI | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca chrome.exe, wersja 0.0.0.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-03-11 23:24:00 | Computer Name = DZIDKI | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący
błąd npswf32.dll, wersja 10.0.45.2, adres błędu 0x001f6df1.
Error - 2010-03-12 16:26:35 | Computer Name = DZIDKI | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca ALLPlayer.exe, wersja 3.7.6.5, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-03-15 05:36:54 | Computer Name = DZIDKI | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.2627.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00018ea0.
Error - 2010-04-20 11:33:24 | Computer Name = DZIDKI | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd AidemMediaSplash.exe, wersja 0.0.0.0, moduł
powodujący błąd AidemMediaSplash.exe, wersja 0.0.0.0, adres błędu 0x000d8790.
Error - 2010-05-14 14:25:11 | Computer Name = DZIDKI | Source = PerfNet | ID = 2005
Description = Nie można odczytać danych wydajności z usługi Server. W tej próbce
nie zostaną zwrócone dane wydajności usługi Server. Zwrócony kod stanu to dane DWORD
0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.
Error - 2010-05-14 14:25:11 | Computer Name = DZIDKI | Source = PerfNet | ID = 2006
Description = Nie można odczytać danych wydajności z usługi Server Queue. W tej próbce
nie zostaną zwrócone dane wydajności usługi Server Queue. Zwrócony kod stanu to
dane DWORD 0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.
Error - 2010-05-15 04:46:00 | Computer Name = DZIDKI | Source = PerfNet | ID = 2005
Description = Nie można odczytać danych wydajności z usługi Server. W tej próbce
nie zostaną zwrócone dane wydajności usługi Server. Zwrócony kod stanu to dane DWORD
0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.
Error - 2010-05-15 04:46:00 | Computer Name = DZIDKI | Source = PerfNet | ID = 2006
Description = Nie można odczytać danych wydajności z usługi Server Queue. W tej próbce
nie zostaną zwrócone dane wydajności usługi Server Queue. Zwrócony kod stanu to
dane DWORD 0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.
Error - 2010-05-15 16:35:30 | Computer Name = DZIDKI | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
[ System Events ]
Error - 2010-05-15 15:23:31 | Computer Name = DZIDKI | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
hpqddsvc z argumentami „” w celu uruchomienia serwera: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}
Error - 2010-05-15 15:34:24 | Computer Name = DZIDKI | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
hpqddsvc z argumentami „” w celu uruchomienia serwera: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}
Error - 2010-05-15 15:40:37 | Computer Name = DZIDKI | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
hpqddsvc z argumentami „” w celu uruchomienia serwera: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}
Error - 2010-05-15 16:35:50 | Computer Name = DZIDKI | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
hpqddsvc z argumentami „” w celu uruchomienia serwera: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}
Error - 2010-05-15 17:10:25 | Computer Name = DZIDKI | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT; ostatni błąd:
Odnośny zestaw nie jest zainstalowany w tym systemie.
Error - 2010-05-15 17:10:25 | Computer Name = DZIDKI | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.CRT. Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .
Error - 2010-05-15 17:10:25 | Computer Name = DZIDKI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\antivir_rootkit\avirarkd.exe.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .
Error - 2010-05-15 17:10:31 | Computer Name = DZIDKI | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT; ostatni błąd:
Odnośny zestaw nie jest zainstalowany w tym systemie.
Error - 2010-05-15 17:10:31 | Computer Name = DZIDKI | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.CRT. Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .
Error - 2010-05-15 17:10:31 | Computer Name = DZIDKI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\antivir_rootkit\avirarkd.exe.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .
< End of report >
gmer.log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 12:28:43
Windows 5.1.2600 Dodatek Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\wspolne\USTAWI~1\Temp\uxtdapob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xACB636B8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xACB63574] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xACB63A52] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xACB6314C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xACB6364E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xACB6308C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xACB630F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xACB6376E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xACB6372E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xACB638AE] <-- ROOTKIT !!!
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A4D6F48
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] inhjklf <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\inhjklf@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\inhjklf@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\inhjklf@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\inhjklf@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\inhjklf@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\inhjklf@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\inhjklf@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\inhjklf@Group Boot Bus Extender
---- EOF - GMER 1.0.15 ----