Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Another Win32:Rootkit-gen [Rtk] [Solved]


  • This topic is locked This topic is locked

#16
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
:)
  • 0

Advertisement


#17
dzid

dzid

    Member

  • Member
  • PipPip
  • 15 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 18, 2010
Operating system: Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, May 17, 2010 16:24:22
Records in database: 4119521
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 145149
Threats found: 4
Infected objects found: 4
Suspicious objects found: 2
Scan duration: 02:41:49


File name / Threat / Threats count
C:\Documents and Settings\wspolne\Moje dokumenty\DZID\CANON CD\SOFTWARE\WIA\PS_S45\GERMAN\SETUP.EXE Suspicious: Type_Win32 1
C:\downloads\VNC - Real Server.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 2
C:\Heniek\EwMapa.exe Infected: Trojan-Dropper.Win32.Agent.bcxt 1
C:\System Volume Information\_restore{A58BC295-3A51-49E6-9249-B768B9E781E6}\RP152\A0024567.sys Infected: Rootkit.Win32.Bubnix.s 1
F:\Kopia Domumentow\DZID\CANON CD\SOFTWARE\WIA\PS_S45\GERMAN\SETUP.EXE Suspicious: Type_Win32 1

Selected area has been scanned.
  • 0

#18
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
hi,

How's your computer running?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\Heniek\EwMapa.exe
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

  • 0

#19
dzid

dzid

    Member

  • Member
  • PipPip
  • 15 posts
All processes killed
========== FILES ==========
C:\Heniek\EwMapa.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: wspolne
->Temp folder emptied: 276456241 bytes
->Temporary Internet Files folder emptied: 1145772 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 37965220 bytes
->Google Chrome cache emptied: 9410415 bytes
->Apple Safari cache emptied: 36346 bytes
->Flash cache emptied: 1601 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 297405 bytes
RecycleBin emptied: 2187 bytes

Total Files Cleaned = 310,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: wspolne
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05182010_204452

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_60c.dat not found!

Registry entries deleted on Reboot...

##############

Still the 5 minutes delay at start-up is there.
Maenwhile I re-installed VIA HD Audio driver, but wothout success - my soundcard doesn't work. I will try again, but with uninstalling the driver first. The VIA HD ADeck doesn't load at start-up.

Edited by dzid, 18 May 2010 - 12:55 PM.

  • 0

#20
dzid

dzid

    Member

  • Member
  • PipPip
  • 15 posts
I can't get my soundcard to work. When trying to install driver it says "Failed to find HD device" and then::

SETUP LOG: DATE 5-18-2010 TIME 21:21:42
Installed components :
None

Fail to Installed components :
VIA HD Audio Codec Driver v7.0.31.31.090330 :0xfffffffe
  • 0

#21
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

I don't think these problems are malware related but let's run some scans to check.

-- Step 1 --

Run OTL
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scans/Fixes box paste this in the following.

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Under Extra Registry select Use Safelist
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
-- Step 2 --

Please run a GMER scan and post the log.

-- Step 3 --

Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#22
dzid

dzid

    Member

  • Member
  • PipPip
  • 15 posts
I agree with you, that's not malware related.
I managed to get the soundcard and HP DJ F2280 to work again and the delay at start-up is gone. One or another caused that.

Big thanks once more! I admire your methodology.
  • 0

#23
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Can you go ahead and run step 1 only.
  • 0

#24
dzid

dzid

    Member

  • Member
  • PipPip
  • 15 posts
OTL logfile created on: 2010-05-18 22:24:57 - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\wspolne\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 393,60 Gb Free Space | 84,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 372,61 Gb Total Space | 120,28 Gb Free Space | 32,28% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DZIDKI
Current User Name: wspolne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\wspolne\Moje dokumenty\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\wspolne\Moje dokumenty\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (usbaudio) Sterownik audio USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wyborcza.pl/0,0.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://wiadomosci.ga...mosci/0,0.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {472f4ef0-a825-11da-a746-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {62fe3c1e-482a-4498-bbea-1dc8bfd2d439}:2.0.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.autoconfig_url: "http://inetprox.inet...e/rasproxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "prx-fraint-06.inet.cns.fra.dlh.de"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-15 18:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-16 22:53:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-04-15 18:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009-10-18 21:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Extensions
[2010-05-18 21:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions
[2010-05-08 14:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010-05-08 14:20:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-10-18 21:57:57 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009-10-18 21:57:57 | 000,000,000 | ---D | M] (Tab Clicking Options) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{43520B8F-4107-4351-AC64-9BCC5EEA24B9}
[2009-10-18 21:57:57 | 000,000,000 | ---D | M] (FavLoc) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2010-03-01 23:43:18 | 000,000,000 | ---D | M] (Snajper.net) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{62fe3c1e-482a-4498-bbea-1dc8bfd2d439}
[2009-10-18 21:57:55 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010-01-26 10:37:02 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009-12-09 00:22:28 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010-05-08 14:20:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-04-20 07:42:57 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-10-18 21:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010-04-25 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wspolne\Dane aplikacji\Mozilla\Firefox\Profiles\f7leh3g1.default\extensions\foxmarks@kei.com
[2010-05-18 21:51:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-05-16 22:53:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-05-16 22:53:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009-08-24 21:19:13 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-08-24 21:19:13 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-08-24 21:19:13 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-08-24 21:19:13 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-08-24 21:19:13 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-08-24 21:19:13 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-05-16 19:56:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\wspolne\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\wspolne\Menu Start\Programy\Autostart\Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255879580890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1257446468187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-18 15:30:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-10-18 23:18:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010-05-18 21:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
[2010-05-18 21:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010-05-18 21:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010-05-18 21:58:12 | 000,729,088 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax7.dll
[2010-05-18 21:58:12 | 000,581,632 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl6.dll
[2010-05-18 21:58:12 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010-05-18 21:58:12 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010-05-18 21:58:12 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst15.dll
[2010-05-18 21:58:03 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010-05-18 21:28:54 | 000,008,704 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\viahdcpl.cpl
[2010-05-18 21:28:50 | 001,086,208 | R--- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\viahduaa.sys
[2010-05-16 22:53:48 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-05-16 22:53:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-05-16 22:53:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-05-16 22:53:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-05-16 22:53:48 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-05-16 22:42:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-05-16 22:08:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-05-16 22:07:16 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\wspolne\Pulpit\TFC.exe
[2010-05-16 19:49:53 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010-05-16 13:58:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-05-16 13:55:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-05-16 13:55:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-05-16 13:55:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-05-16 13:55:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-05-16 13:55:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-05-16 13:55:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-05-15 23:38:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-05-15 23:10:10 | 000,000,000 | ---D | C] -- C:\antivir_rootkit
[2010-05-15 22:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010-05-15 15:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wspolne\Dane aplikacji\Uniblue
[2010-05-14 18:58:34 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010-05-14 18:58:34 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010-05-14 18:58:14 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010-05-14 18:57:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010-05-14 18:57:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010-05-09 20:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wspolne\Dane aplikacji\Google
[2010-05-09 20:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-05-03 21:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wspolne\Citrix
[2010-04-20 16:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\AidemMedia
[2010-04-19 08:47:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe

========== Files - Modified Within 30 Days ==========

[2010-05-18 22:21:51 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{627EE941-C74F-49D6-864C-875D05DA1D4B}
[2010-05-18 22:21:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-18 22:20:12 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-05-18 22:20:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-18 22:19:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-18 22:19:30 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010-05-18 22:14:15 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\wspolne\NTUSER.DAT
[2010-05-18 22:14:15 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\wspolne\ntuser.ini
[2010-05-18 22:12:23 | 000,118,063 | ---- | M] () -- C:\WINDOWS\hpqins00.dat
[2010-05-18 22:11:12 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2010-05-18 22:09:59 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HP Print Diagnostic Utility.lnk
[2010-05-18 22:06:37 | 000,169,099 | ---- | M] () -- C:\WINDOWS\hpoins27.dat
[2010-05-18 22:06:15 | 000,000,597 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-18 22:05:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-05-18 21:59:42 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Centrum obsługi HP.lnk
[2010-05-18 21:47:18 | 001,087,636 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-18 21:47:18 | 000,490,628 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-18 21:47:18 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-18 21:47:18 | 000,083,880 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-18 21:47:18 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-18 21:35:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1343024091-725345543-1003UA.job
[2010-05-18 21:28:58 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HD ADeck.lnk
[2010-05-18 21:20:37 | 000,030,988 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-05-18 20:56:16 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\wspolne\Moje dokumenty\Moja muzyka.lnk
[2010-05-18 20:38:46 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Safari.lnk
[2010-05-18 07:42:00 | 000,140,999 | ---- | M] () -- C:\WINDOWS\hpoins27.dat.temp
[2010-05-18 06:35:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1343024091-725345543-1003Core1cab63f4ae2f264.job
[2010-05-17 21:06:04 | 000,047,248 | ---- | M] () -- C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-05-17 21:05:37 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-05-17 20:48:25 | 001,601,928 | ---- | M] () -- C:\Documents and Settings\wspolne\Pulpit\HPPDU.exe
[2010-05-16 22:53:39 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-05-16 22:53:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-05-16 22:53:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-05-16 22:53:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-05-16 22:53:38 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-05-16 22:07:33 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\wspolne\Pulpit\TFC.exe
[2010-05-16 19:57:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-16 19:57:05 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010-05-16 19:56:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-05-16 19:49:15 | 003,689,722 | R--- | M] () -- C:\Documents and Settings\wspolne\Pulpit\Combo-Fix.exe
[2010-05-16 13:58:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-05-16 09:59:37 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\wspolne\Pulpit\OTL.lnk
[2010-05-16 09:57:25 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\wspolne\Pulpit\gmer.lnk
[2010-05-14 20:04:40 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-05-13 17:09:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-05-13 03:00:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-29 03:36:29 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\wspolne\Pulpit\Google Chrome.lnk
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2010-05-18 22:11:12 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2010-05-18 22:10:19 | 000,118,063 | ---- | C] () -- C:\WINDOWS\hpqins00.dat.temp
[2010-05-18 22:09:59 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HP Print Diagnostic Utility.lnk
[2010-05-18 21:59:42 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Centrum obsługi HP.lnk
[2010-05-18 21:28:58 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HD ADeck.lnk
[2010-05-18 07:38:59 | 000,169,099 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2010-05-18 07:38:59 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2010-05-17 20:48:11 | 001,601,928 | ---- | C] () -- C:\Documents and Settings\wspolne\Pulpit\HPPDU.exe
[2010-05-16 13:58:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-05-16 13:58:44 | 000,262,400 | ---- | C] () -- C:\cmldr
[2010-05-16 13:55:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-05-16 13:55:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-05-16 13:55:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-05-16 13:55:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-05-16 13:55:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-05-16 13:23:31 | 003,689,722 | R--- | C] () -- C:\Documents and Settings\wspolne\Pulpit\Combo-Fix.exe
[2010-05-16 09:59:37 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\wspolne\Pulpit\OTL.lnk
[2010-05-16 09:57:25 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\wspolne\Pulpit\gmer.lnk
[2010-05-09 20:00:18 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-05-09 20:00:17 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-10-28 22:49:36 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-10-28 22:46:35 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll
[2009-10-28 22:46:32 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2009-10-28 22:46:22 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009-10-28 22:46:22 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009-10-21 22:06:46 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009-10-19 20:45:12 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2009-10-19 20:45:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009-10-19 20:10:47 | 000,014,938 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-10-19 20:10:32 | 000,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009-10-19 19:58:30 | 000,000,556 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-18 22:45:28 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-18 21:46:37 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2009-10-18 21:18:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009-10-18 21:17:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-10-18 21:17:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-10-18 16:12:41 | 000,001,701 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009-10-18 15:44:20 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009-10-18 15:44:01 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-10-18 15:43:52 | 000,030,988 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-10-18 15:43:52 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-07-29 21:10:04 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\evr.dll
[2008-07-29 21:10:04 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\dxva2.dll
[1999-01-27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997-06-13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009-10-18 22:08:22 | 000,000,060 | ---- | M] () -- C:\3.bat
[2009-10-18 15:30:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-10-18 15:25:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-05-16 13:58:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2007-08-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2010-05-16 20:05:33 | 000,016,429 | ---- | M] () -- C:\ComboFix.txt
[2009-10-18 15:30:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-05-09 22:44:33 | 000,002,940 | ---- | M] () -- C:\fpRedmon.log
[2009-10-18 15:30:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-05-14 19:39:36 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009-10-18 15:30:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007-08-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-10-18 20:21:04 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-05-18 22:19:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-10-30 23:00:19 | 000,000,824 | ---- | M] () -- C:\Skrót do Na cd.lnk

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-04-29 04:18:06 | 000,442,368 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009-10-18 23:23:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-10-18 23:23:13 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-10-18 23:23:12 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010-02-24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
< End of report >
  • 0

#25
dzid

dzid

    Member

  • Member
  • PipPip
  • 15 posts
OTL Extras logfile created on: 2010-05-18 22:24:57 - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\wspolne\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 393,60 Gb Free Space | 84,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 372,61 Gb Total Space | 120,28 Gb Free Space | 32,28% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DZIDKI
Current User Name: wspolne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F20556-47EA-501F-3C42-6466E8EFBD18}" = Catalyst Control Center HydraVision Full
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{0446DCC4-1C4B-1FDB-EE6A-CC85EC03B6D4}" = Catalyst Control Center Core Implementation
"{05373199-CBD8-6F0E-A4CE-6818C52F71F9}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10BCCCA6-0FDD-600C-D99B-D756CEDF58E2}" = CCC Help Greek
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1B3D048E-17E3-04CB-4D9F-1029B96E0CCB}" = CCC Help Czech
"{1EA9AF24-7723-4C8C-88F0-6E8FDF731886}" = Domisie - Kolorowy Świat
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2661DD63-57EF-7FDB-7D12-876FE6A3B0AA}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D5E0A99-B781-CE3A-D2F7-9F223A355550}" = CCC Help Norwegian
"{2F14B9B4-C61B-2F39-B5F5-599B847BFE9F}" = CCC Help Swedish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{48B5DAA4-D63A-A560-B3B9-B5B12CF759DF}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53714632-5AAD-0E8B-DD71-72BB8FA1AA20}" = CCC Help Polish
"{5412EFB0-65B8-94AC-1942-891095222840}" = CCC Help Spanish
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{63D3148E-8ECF-A665-AEE7-A35E59105F28}" = Catalyst Control Center Localization All
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{64768886-46ED-8542-D895-CC6FB0D3C790}" = Catalyst Control Center Graphics Full Existing
"{6580EC1E-3DA8-9ED7-4D7B-63C6B9DE6B21}" = CCC Help Thai
"{65BD4E29-4D47-0485-18EE-35252113818B}" = CCC Help Korean
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B4862E4-DBA5-B7CB-CA97-92F6D5F51B43}" = CCC Help Japanese
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{721D85B3-DABD-B560-C1FB-E2869BFF9692}" = ccc-core-static
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7CE8384C-F522-6E9E-2F41-FE78687B9AE7}" = CCC Help Chinese Standard
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510
"{8B3F9FA4-F44B-6E12-AF77-54104504F857}" = CCC Help Italian
"{8BC53B23-81B9-8F7E-8B51-FF95DAEBD2D4}" = ccc-utility
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90280415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional z programem FrontPage
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{980A6789-F5BD-5919-54A2-41B846361A3A}" = ccc-core-preinstall
"{9829B8D6-69C6-6DA8-AADE-3950042EDACE}" = CCC Help Chinese Traditional
"{99F5C5F4-A6B2-5C8C-2469-19C5B3A46AED}" = CCC Help Danish
"{9BA23EC5-B474-E4E6-87D0-CE62118B720A}" = CCC Help German
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3B7DDB1-4A0F-A1D1-F5AE-CAE0E8779320}" = CCC Help Hungarian
"{A3B7DFAF-3537-043C-903D-2DB8B07087B2}" = Catalyst Control Center Graphics Light
"{A488D63E-B3DD-4423-892F-2F2EC8909518}" = Logitech QuickCam
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B34591F0-64E7-0015-58B6-77D9EBF6CFE4}" = CCC Help French
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CCB4E948-9B47-04BD-43AF-6B1847C9F936}" = CCC Help Russian
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0127EC7-E022-3C4D-FE52-73AEBBF52D5B}" = CCC Help English
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C59A40-378A-4546-9ADE-984EB6FA72D3}" = KiSS PC-Link
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EE64D2D7-04E4-6F9B-5437-4CDFE5D93F9A}" = CCC Help Dutch
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F1AF6CBE-B7B8-9F62-6BE7-48C4FE6EEEDD}" = CCC Help Portuguese
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FC8FCC14-23B7-CC7D-9C12-7F9111787E21}" = CCC Help Finnish
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI
"ALLPlayer V2.1" = ALLPlayer V2.1
"ALLPlayer_is1" = ALLPlayer V4.X
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.1.0
"Exact Audio Copy_is1" = Exact Audio Copy v0.9 beta 4
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FreePDF_XP" = FreePDF (Remove only)
"Gadu-Gadu" = Gadu-Gadu 7.0
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"IrfanView" = IrfanView (remove only)
"Karen's Replicator" = Karen's Replicator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NapiProjekt_is1" = NapiProjekt 1.0.6.5
"NAVIGON Fresh" = NAVIGON Fresh 2.0.2
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"Picasa 3" = Picasa 3
"QcDrv" = Camera Driver
"RealAlt_is1" = Real Alternative 2.0.1 Lite
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"uTorrent" = µTorrent
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2010-04-28 16:13:25 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir26976\TEMP_INSTALL\jquery-ui\js\jquery-ui-1.8rc1.custom.min.js
failed, 00000005.

Error - 2010-04-28 16:13:25 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir26976\TEMP_INSTALL\manifest.json
failed, 00000005.

Error - 2010-04-28 16:13:25 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir26976\TEMP_INSTALL\options.html
failed, 00000005.

Error - 2010-04-28 16:13:25 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir26976\TEMP_INSTALL\popup.html
failed, 00000005.

Error - 2010-05-05 02:03:11 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir400\TEMP_INSTALL\background.html
failed, 00000005.

Error - 2010-05-05 02:03:11 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir400\TEMP_INSTALL\fbphotozoom.css
failed, 00000005.

Error - 2010-05-05 02:03:11 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir400\TEMP_INSTALL\fbphotozoom.js
failed, 00000005.

Error - 2010-05-05 02:03:12 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Temp\scoped_dir400\TEMP_INSTALL\manifest.json
failed, 00000005.

Error - 2010-05-15 17:33:15 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\databases\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0\1-journal
failed, 00000005.

Error - 2010-05-15 17:33:16 | Computer Name = DZIDKI | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\wspolne\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\databases\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0\1-journal
failed, 00000005.

[ Application Events ]
Error - 2010-05-16 12:06:58 | Computer Name = DZIDKI | Source = ESENT | ID = 455
Description = wuaueng.dll (1984) SUS20ClientDataStore: Wystąpił błąd -1032 (0xfffffbf8)
podczas otwierania pliku dziennika C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2010-05-16 12:07:09 | Computer Name = DZIDKI | Source = ESENT | ID = 489
Description = wuauclt (2776) Próba otwarcia pliku "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
w trybie tylko do odczytu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020):
"Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny
proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8).

Error - 2010-05-16 12:07:09 | Computer Name = DZIDKI | Source = ESENT | ID = 455
Description = wuaueng.dll (2776) SUS20ClientDataStore: Wystąpił błąd -1032 (0xfffffbf8)
podczas otwierania pliku dziennika C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2010-05-16 12:07:19 | Computer Name = DZIDKI | Source = ESENT | ID = 489
Description = wuauclt (2776) Próba otwarcia pliku "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
w trybie tylko do odczytu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020):
"Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny
proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8).

Error - 2010-05-16 12:07:19 | Computer Name = DZIDKI | Source = ESENT | ID = 455
Description = wuaueng.dll (2776) SUS20ClientDataStore: Wystąpił błąd -1032 (0xfffffbf8)
podczas otwierania pliku dziennika C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2010-05-16 12:07:30 | Computer Name = DZIDKI | Source = ESENT | ID = 489
Description = wuauclt (1420) Próba otwarcia pliku "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
w trybie tylko do odczytu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020):
"Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny
proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8).

Error - 2010-05-16 12:07:30 | Computer Name = DZIDKI | Source = ESENT | ID = 455
Description = wuaueng.dll (1420) SUS20ClientDataStore: Wystąpił błąd -1032 (0xfffffbf8)
podczas otwierania pliku dziennika C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2010-05-16 12:07:40 | Computer Name = DZIDKI | Source = ESENT | ID = 489
Description = wuauclt (1420) Próba otwarcia pliku "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
w trybie tylko do odczytu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020):
"Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny
proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8).

Error - 2010-05-16 12:07:40 | Computer Name = DZIDKI | Source = ESENT | ID = 455
Description = wuaueng.dll (1420) SUS20ClientDataStore: Wystąpił błąd -1032 (0xfffffbf8)
podczas otwierania pliku dziennika C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2010-05-18 15:59:45 | Computer Name = DZIDKI | Source = MsiInstaller | ID = 11904
Description = Produkt: SolutionCenter -- Error 1904. Nie można zarejestrować modułu
C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx. HRESULT -2147220473. Skontaktuj
się z personelem pomocy technicznej.

[ System Events ]
Error - 2010-05-16 16:08:15 | Computer Name = DZIDKI | Source = Service Control Manager | ID = 7034
Description = Usługa NMSAccessU niespodziewanie zakończyła pracę. Wystąpiło to razy:
1.

Error - 2010-05-16 16:10:46 | Computer Name = DZIDKI | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
hpqddsvc z argumentami „” w celu uruchomienia serwera: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}

Error - 2010-05-16 16:45:01 | Computer Name = DZIDKI | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
hpqddsvc z argumentami „” w celu uruchomienia serwera: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}

Error - 2010-05-17 02:00:18 | Computer Name = DZIDKI | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
hpqddsvc z argumentami „” w celu uruchomienia serwera: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}

Error - 2010-05-18 14:44:52 | Computer Name = DZIDKI | Source = Service Control Manager | ID = 7034
Description = Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-05-18 14:44:53 | Computer Name = DZIDKI | Source = Service Control Manager | ID = 7034
Description = Usługa NMSAccessU niespodziewanie zakończyła pracę. Wystąpiło to razy:
1.

Error - 2010-05-18 14:44:53 | Computer Name = DZIDKI | Source = Service Control Manager | ID = 7034
Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-05-18 16:06:02 | Computer Name = DZIDKI | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2010-05-18 16:17:26 | Computer Name = DZIDKI | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2010-05-18 16:21:48 | Computer Name = DZIDKI | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.


< End of report >
  • 0
<

Advertisement


#26
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Congratulations, your computer appears clean :)

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
-- Step 2 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#27
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: Another Win32:Rootkit-gen [Rtk] [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured