[Combofix]

xQQ · 14 Listopada 2010

Podczas uruchamiania CF wyskakuje error "Instalacja nie powiodła się" i nic się nie dzieje. Jak to rozwiązać?

panyapa · 14 Listopada 2010

http://forum.pclab.pl/topic/612561-Standardowe-instrukcje-po-zainfekowaniu-systemu/

narazie zrób skan otl

xQQ · 14 Listopada 2010

OTL.TXT

OTL logfile created on: 2010-11-14 21:39:46 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = G:\Documents and Settings\Administrator\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 8,79 Gb Total Space | 3,50 Gb Free Space | 39,79% Space Free | Partition Type: FAT32
Drive E: | 57,48 Gb Total Space | 10,44 Gb Free Space | 18,16% Space Free | Partition Type: NTFS
Drive G: | 8,24 Gb Total Space | 0,51 Gb Free Space | 6,19% Space Free | Partition Type: FAT32
Drive J: | 465,76 Gb Total Space | 373,92 Gb Free Space | 80,28% Space Free | Partition Type: NTFS

Computer Name: JA-4A0D0F2168B9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-11-14 21:38:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Administrator\Pulpit\OTL.exe
PRC - [2010-11-08 09:01:36 | 000,151,432 | ---- | M] (COMODO) -- G:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2010-11-03 17:19:38 | 001,754,624 | ---- | M] (K2T.eu, Kaworu) -- G:\Program Files\K2T\WTW\wtw.exe
PRC - [2010-10-28 20:47:36 | 000,912,344 | ---- | M] (Mozilla Corporation) -- G:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-09-10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- E:\comodo\zainstalowane\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009-10-23 19:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- E:\defrag\DkService.exe
PRC - [2007-07-13 22:42:04 | 000,974,848 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\explorer.exe
PRC - [2005-02-15 16:10:16 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- G:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-11-14 21:38:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Administrator\Pulpit\OTL.exe
MOD - [2010-09-10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- G:\WINDOWS\system32\guard32.dll
MOD - [2006-08-25 08:51:14 | 001,054,208 | R--- | M] (Microsoft Corporation) -- G:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- G:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-11-08 09:01:36 | 000,151,432 | ---- | M] (COMODO) [Auto | Running] -- G:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2010-09-26 21:50:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-09-10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- E:\comodo\zainstalowane\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009-10-23 19:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- E:\defrag\DkService.exe -- (Diskeeper)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- G:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\WINDOWS\System32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\WINDOWS\System32\drivers\P17xfi.sys -- (P17xfi)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2010-09-14 18:09:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- G:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-09-10 23:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- G:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-09-10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- G:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010-09-10 23:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010-09-10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- G:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010-07-10 00:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-10-21 01:04:34 | 000,045,232 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- G:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009-08-22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- G:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2007-07-28 01:15:52 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- G:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2006-08-07 19:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005-07-07 10:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005-05-09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005-01-10 12:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005-01-10 12:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004-08-03 21:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Sterownik audio USB (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1292428093-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-1292428093-861567501-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1292428093-861567501-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1
FF - prefs.js..network.proxy.backup.ftp: "flyproxy.com"
FF - prefs.js..network.proxy.backup.ftp_port: 10
FF - prefs.js..network.proxy.backup.gopher: "flyproxy.com"
FF - prefs.js..network.proxy.backup.gopher_port: 10
FF - prefs.js..network.proxy.backup.socks: "flyproxy.com"
FF - prefs.js..network.proxy.backup.socks_port: 10
FF - prefs.js..network.proxy.backup.ssl: "flyproxy.com"
FF - prefs.js..network.proxy.backup.ssl_port: 10
FF - prefs.js..network.proxy.ftp: "flyproxy.com"
FF - prefs.js..network.proxy.gopher: "flyproxy.com"
FF - prefs.js..network.proxy.http: "flyproxy.com"
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "flyproxy.com"
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "flyproxy.com"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010-09-12 10:32:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010-09-12 10:32:08 | 000,000,000 | ---D | M]

[2010-09-12 10:35:36 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2010-09-12 10:35:36 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\pdq2a1ma.default\extensions
[2010-10-17 22:47:50 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\pdq2a1ma.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2010-11-12 01:33:08 | 000,000,000 | ---D | M] (Adblock Plus) -- G:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\pdq2a1ma.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-09-18 18:07:20 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\pdq2a1ma.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010-09-12 10:32:08 | 000,000,000 | ---D | M] -- G:\Program Files\Mozilla Firefox\extensions
[2010-11-04 21:11:30 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-11-14 11:17:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-10-07 22:20:58 | 000,002,767 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-10-07 22:20:58 | 000,001,406 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-10-07 22:20:58 | 000,000,917 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-10-07 22:20:58 | 000,000,858 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-10-07 22:20:58 | 000,001,183 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-10-07 22:20:58 | 000,001,683 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - G:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - G:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - G:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [COMODO Internet Security] E:\comodo\zainstalowane\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTSysVol] G:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] G:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] G:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
O4 - HKU\S-1-5-21-1292428093-861567501-682003330-500..\Run: [DAEMON Tools Lite] G:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - G:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.34.49 212.76.34.50
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: G:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-09-15 15:19:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-11-14 21:38:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- G:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2010-11-14 11:21:19 | 000,000,000 | RH-D | C] -- G:\Documents and Settings\Administrator\Recent
[2010-11-14 01:16:40 | 000,000,000 | ---D | C] -- G:\32788R22FWJFW
[2010-11-14 01:14:36 | 000,000,000 | ---D | C] -- G:\32788R22FWJFW.1.tmp
[2010-11-14 01:13:48 | 000,000,000 | ---D | C] -- G:\32788R22FWJFW.0.tmp
[2010-11-13 15:16:23 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Pulpit\Super Simple Wallhack v2.8
[2010-11-12 21:13:58 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Dokumenty\COMODO
[2010-11-12 21:13:46 | 000,000,000 | -H-D | C] -- G:\VritualRoot
[2010-11-12 21:08:58 | 000,045,232 | ---- | C] (Diskeeper Corporation) -- G:\WINDOWS\System32\drivers\DKRtWrt.sys
[2010-11-12 21:08:49 | 000,000,000 | ---D | C] -- G:\Program Files\Windows Home Server
[2010-11-12 21:08:49 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Diskeeper Corporation
[2010-11-12 21:08:49 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
[2010-11-12 20:56:52 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Dane aplikacji\Comodo
[2010-11-12 20:56:47 | 000,000,000 | ---D | C] -- G:\Program Files\COMODO
[2010-11-12 20:56:46 | 001,060,864 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\mfc71.dll
[2010-11-07 14:50:49 | 000,000,000 | ---D | C] -- G:\Program Files\NAPI-PROJEKT
[2010-11-05 10:09:36 | 000,000,000 | -HSD | C] -- G:\FOUND.003
[2010-11-04 21:37:29 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Dane aplikacji\TeamViewer
[2010-11-04 21:12:26 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Dane aplikacji\skypePM
[2010-11-04 21:11:23 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Skype
[2010-11-04 21:11:22 | 000,000,000 | R--D | C] -- G:\Program Files\Skype
[2010-11-04 21:11:22 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Dane aplikacji\Skype
[2010-11-04 21:11:17 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Dane aplikacji\Skype
[2010-11-01 17:52:02 | 000,000,000 | ---D | C] -- G:\Program Files\IK Multimedia
[2010-11-01 17:51:55 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
[2010-11-01 17:51:22 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Pulpit\Nowy folder
[2010-10-31 22:33:49 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Pulpit\GITAROWE SYFY
[2010-10-30 01:53:39 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Dane aplikacji\Sun
[2010-10-30 01:53:24 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\deployJava1.dll
[2010-10-28 23:00:50 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Pulpit\tapety
[2010-10-27 19:57:14 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- G:\WINDOWS\Updreg.EXE
[2010-10-27 19:57:02 | 000,133,632 | R--- | C] (Creative Technology Limited) -- G:\WINDOWS\System32\CtDvInst.dll
[2010-10-26 16:20:27 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Pulpit\Ju
[2010-10-23 18:24:42 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Pulpit\win
[2010-10-23 17:55:57 | 000,030,592 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\drivers\rndismpx.sys
[2010-10-23 17:55:51 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft ActiveSync
[2010-10-23 16:37:12 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Moje dokumenty\Odebrane Pliki
[2010-10-21 09:28:45 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Dane aplikacji\Ashampoo
[2010-10-21 08:42:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2010-10-21 08:42:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ashampoo
[2010-10-21 08:19:58 | 000,000,000 | ---D | C] -- G:\Program Files\Ashampoo
[2002-04-10 19:41:06 | 000,065,536 | R--- | C] ( ) -- G:\WINDOWS\System32\A3d.dll
[6 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[4 G:\Documents and Settings\Administrator\*.tmp files -> G:\Documents and Settings\Administrator\*.tmp -> ]
[203 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]
[2 G:\*.tmp files -> G:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-11-14 21:40:02 | 000,170,336 | ---- | M] () -- G:\WINDOWS\System32\drivers\sfi.dat
[2010-11-14 21:38:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2010-11-14 20:44:00 | 000,795,453 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\4fe43c4e515d.gif
[2010-11-14 11:43:42 | 000,003,200 | ---- | M] () -- G:\WINDOWS\System32\settingsbkup.sfm
[2010-11-14 11:43:42 | 000,003,200 | ---- | M] () -- G:\WINDOWS\System32\settings.sfm
[2010-11-14 11:29:34 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2010-11-14 11:17:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\deployJava1.dll
[2010-11-14 01:16:28 | 003,702,826 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
[2010-11-13 22:36:14 | 000,002,031 | ---- | M] () -- G:\Documents and Settings\All Users\Pulpit\Diskeeper 2010.lnk
[2010-11-12 22:30:00 | 000,065,661 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\kotjc.jpg
[2010-11-12 20:57:38 | 000,001,583 | ---- | M] () -- G:\Documents and Settings\All Users\Pulpit\COMODO Internet Security.lnk
[2010-11-12 20:56:48 | 001,060,864 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\mfc71.dll
[2010-11-11 18:32:12 | 000,233,816 | ---- | M] () -- G:\WINDOWS\System32\nvdrsdb1.bin
[2010-11-11 18:32:12 | 000,233,816 | ---- | M] () -- G:\WINDOWS\System32\nvdrsdb0.bin
[2010-11-11 18:32:12 | 000,000,001 | ---- | M] () -- G:\WINDOWS\System32\nvdrssel.bin
[2010-11-10 22:28:10 | 000,000,460 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\Counter-Strike 1.6.lnk
[2010-11-09 20:37:58 | 000,000,055 | ---- | M] () -- G:\WINDOWS\SQ.INI
[2010-11-09 20:29:00 | 000,000,176 | ---- | M] () -- G:\WINDOWS\System32\w3data.vss
[2010-11-09 20:29:00 | 000,000,176 | ---- | M] () -- G:\WINDOWS\System32\msvcsv60.dll
[2010-11-09 20:29:00 | 000,000,176 | ---- | M] () -- G:\WINDOWS\msocreg32.dat
[2010-11-09 19:29:34 | 000,417,322 | ---- | M] () -- G:\WINDOWS\System32\perfh015.dat
[2010-11-09 19:29:34 | 000,362,154 | ---- | M] () -- G:\WINDOWS\System32\perfh009.dat
[2010-11-09 19:29:34 | 000,059,852 | ---- | M] () -- G:\WINDOWS\System32\perfc015.dat
[2010-11-09 19:29:34 | 000,046,760 | ---- | M] () -- G:\WINDOWS\System32\perfc009.dat
[2010-11-08 21:59:22 | 000,002,184 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2010-11-07 19:28:26 | 001,221,226 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\c30967e4c97e.gif
[2010-11-07 14:11:44 | 015,474,299 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\Lona i Webber -Miej watpliwosc-.MP4
[2010-11-07 14:11:24 | 011,547,628 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\Łona -Nie ufajcie Jarząbkowi-.MP4
[2010-11-07 14:10:12 | 005,021,886 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\Łona - rozmowa z Bogiem.MP4
[2010-11-07 14:09:00 | 008,578,798 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\Łona-nie słuchać przed 2050.MP4
[2010-11-05 20:25:12 | 000,002,267 | ---- | M] () -- G:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-11-04 21:12:30 | 000,000,056 | -H-- | M] () -- G:\WINDOWS\System32\ezsidmv.dat
[2010-11-03 18:29:42 | 000,246,896 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\a.m3u
[2010-11-01 20:39:52 | 009,300,918 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd.cpr
[2010-11-01 20:39:52 | 001,065,420 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd.csh
[2010-11-01 20:39:28 | 009,601,920 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\QWERTYpaka2.mp3
[2010-11-01 19:41:12 | 009,299,431 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd.bak
[2010-11-01 19:26:10 | 008,333,938 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-02.bak
[2010-11-01 19:11:08 | 007,088,708 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-03.bak
[2010-11-01 18:56:06 | 006,807,466 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-04.bak
[2010-11-01 18:41:02 | 007,363,761 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-05.bak
[2010-11-01 18:23:30 | 000,899,375 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\nowe.cpr
[2010-11-01 01:01:18 | 006,939,730 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-06.bak
[2010-11-01 00:45:16 | 005,619,793 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-07.bak
[2010-11-01 00:30:14 | 001,919,262 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-08.bak
[2010-10-31 23:22:46 | 000,729,175 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-09.bak
[2010-10-31 21:02:58 | 009,601,920 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\QWERTY.mp3
[2010-10-31 20:59:30 | 000,698,373 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-10.bak
[2010-10-31 10:29:42 | 001,391,256 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2010-10-30 13:02:18 | 000,070,246 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\must_not_fap.jpg
[2010-10-27 23:24:40 | 003,241,920 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\NOWE.mp3
[2010-10-27 23:13:38 | 000,361,748 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\nowe.bak
[2010-10-27 19:57:38 | 000,001,844 | ---- | M] () -- G:\Documents and Settings\All Users\Pulpit\Creative Product Registration.lnk
[2010-10-27 19:46:34 | 000,000,347 | ---- | M] () -- G:\WINDOWS\CTWave32.INI
[2010-10-27 18:22:38 | 001,196,054 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\algorytmy.pdf
[2010-10-27 18:22:32 | 000,193,995 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\turbopascal.pdf
[2010-10-24 15:33:38 | 000,000,943 | RH-- | M] () -- G:\WINDOWS\ctfile.rfc
[2010-10-24 15:33:14 | 000,413,696 | ---- | M] (Creative Labs) -- G:\WINDOWS\System32\wrap_oal.dll
[2010-10-24 15:33:14 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- G:\WINDOWS\System32\OpenAL32.dll
[2010-10-23 20:55:44 | 005,322,240 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\demo4.mp3
[2010-10-23 18:55:42 | 000,002,528 | ---- | M] () -- G:\Documents and Settings\Administrator\Dane aplikacji\$_hpcst$.hpc
[2010-10-22 01:07:54 | 000,017,671 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\Bez tytułu 1.odt
[2010-10-21 21:34:14 | 000,156,546 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\aa.png
[2010-10-21 21:22:32 | 000,013,572 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\20298913824cbf26caa7ff0.gif
[2010-10-21 08:42:44 | 000,000,770 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\Ashampoo Burning Studio 2010.lnk
[2010-10-18 22:13:50 | 000,383,409 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\121506h.jpg.png
[2010-10-18 22:13:44 | 000,128,107 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\vy5nv6.jpg.png
[2010-10-18 20:35:32 | 000,006,320 | ---- | M] () -- G:\Documents and Settings\Administrator\Pulpit\xQ.jpg.png
[2010-10-16 21:23:16 | 000,001,633 | ---- | M] () -- G:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[6 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[4 G:\Documents and Settings\Administrator\*.tmp files -> G:\Documents and Settings\Administrator\*.tmp -> ]
[203 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]
[2 G:\*.tmp files -> G:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-11-14 20:43:57 | 000,795,453 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\4fe43c4e515d.gif
[2010-11-14 00:47:32 | 003,702,826 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
[2010-11-12 22:29:58 | 000,065,661 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\kotjc.jpg
[2010-11-12 21:13:10 | 000,170,336 | ---- | C] () -- G:\WINDOWS\System32\drivers\sfi.dat
[2010-11-12 21:09:07 | 000,002,031 | ---- | C] () -- G:\Documents and Settings\All Users\Pulpit\Diskeeper 2010.lnk
[2010-11-12 20:57:37 | 000,001,583 | ---- | C] () -- G:\Documents and Settings\All Users\Pulpit\COMODO Internet Security.lnk
[2010-11-10 22:28:08 | 000,000,460 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\Counter-Strike 1.6.lnk
[2010-11-09 20:29:35 | 000,000,055 | ---- | C] () -- G:\WINDOWS\SQ.INI
[2010-11-07 19:28:24 | 001,221,226 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\c30967e4c97e.gif
[2010-11-07 14:09:51 | 011,547,628 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\Łona -Nie ufajcie Jarząbkowi-.MP4
[2010-11-07 14:09:30 | 015,474,299 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\Lona i Webber -Miej watpliwosc-.MP4
[2010-11-07 14:08:10 | 005,021,886 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\Łona - rozmowa z Bogiem.MP4
[2010-11-07 14:06:49 | 008,578,798 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\Łona-nie słuchać przed 2050.MP4
[2010-11-04 21:12:29 | 000,000,056 | -H-- | C] () -- G:\WINDOWS\System32\ezsidmv.dat
[2010-11-04 21:11:24 | 000,002,267 | ---- | C] () -- G:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-11-01 19:43:44 | 009,601,920 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\QWERTYpaka2.mp3
[2010-11-01 17:53:07 | 000,000,176 | ---- | C] () -- G:\WINDOWS\System32\w3data.vss
[2010-11-01 17:53:07 | 000,000,176 | ---- | C] () -- G:\WINDOWS\System32\msvcsv60.dll
[2010-11-01 17:53:07 | 000,000,176 | ---- | C] () -- G:\WINDOWS\msocreg32.dat
[2010-10-31 20:59:41 | 009,601,920 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\QWERTY.mp3
[2010-10-31 13:48:03 | 009,299,431 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd.bak
[2010-10-31 13:48:03 | 008,333,938 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-02.bak
[2010-10-31 13:48:03 | 007,363,761 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-05.bak
[2010-10-31 13:48:03 | 007,088,708 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-03.bak
[2010-10-31 13:48:03 | 006,939,730 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-06.bak
[2010-10-31 13:48:03 | 006,807,466 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-04.bak
[2010-10-31 13:48:03 | 005,619,793 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-07.bak
[2010-10-31 13:48:03 | 001,919,262 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-08.bak
[2010-10-31 13:48:03 | 000,729,175 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-09.bak
[2010-10-31 13:48:03 | 000,698,373 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd-10.bak
[2010-10-31 13:33:02 | 001,065,420 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd.csh
[2010-10-31 13:33:01 | 009,300,918 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\asdasdasdasdasdasdasdasdasdasdasd.cpr
[2010-10-30 13:02:16 | 000,070,246 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\must_not_fap.jpg
[2010-10-27 23:13:35 | 000,361,748 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\nowe.bak
[2010-10-27 22:54:13 | 003,241,920 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\NOWE.mp3
[2010-10-27 22:13:35 | 000,899,375 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\nowe.cpr
[2010-10-27 19:57:36 | 000,001,844 | ---- | C] () -- G:\Documents and Settings\All Users\Pulpit\Creative Product Registration.lnk
[2010-10-27 19:56:56 | 000,005,627 | R--- | C] () -- G:\WINDOWS\System32\Ludap17.ini
[2010-10-27 19:56:56 | 000,000,039 | R--- | C] () -- G:\WINDOWS\System32\ctzapxx.ini
[2010-10-27 19:56:54 | 007,572,224 | ---- | C] () -- G:\WINDOWS\System32\CT8MGM.SF2
[2010-10-27 19:56:52 | 004,174,814 | ---- | C] () -- G:\WINDOWS\System32\CT4MGM.SF2
[2010-10-27 19:56:52 | 002,167,684 | R--- | C] () -- G:\WINDOWS\System32\ct2mgm.sf2
[2010-10-27 18:22:37 | 001,196,054 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\algorytmy.pdf
[2010-10-27 18:22:31 | 000,193,995 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\turbopascal.pdf
[2010-10-23 20:54:23 | 005,322,240 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\demo4.mp3
[2010-10-23 17:56:41 | 000,002,528 | ---- | C] () -- G:\Documents and Settings\Administrator\Dane aplikacji\$_hpcst$.hpc
[2010-10-22 01:07:53 | 000,017,671 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\Bez tytułu 1.odt
[2010-10-21 21:34:11 | 000,156,546 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\aa.png
[2010-10-21 21:22:31 | 000,013,572 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\20298913824cbf26caa7ff0.gif
[2010-10-21 08:42:43 | 000,000,770 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\Ashampoo Burning Studio 2010.lnk
[2010-10-18 22:13:48 | 000,383,409 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\121506h.jpg.png
[2010-10-18 22:13:43 | 000,128,107 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\vy5nv6.jpg.png
[2010-10-18 20:35:31 | 000,006,320 | ---- | C] () -- G:\Documents and Settings\Administrator\Pulpit\xQ.jpg.png
[2010-10-16 21:23:14 | 000,001,633 | ---- | C] () -- G:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-09-25 14:25:13 | 000,008,219 | ---- | C] () -- G:\WINDOWS\sfsyn.ini
[2010-09-24 23:52:04 | 000,027,440 | ---- | C] () -- G:\WINDOWS\System32\drivers\secdrv.sys
[2010-09-22 22:04:56 | 000,000,781 | ---- | C] () -- G:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2010-09-22 18:05:34 | 000,000,347 | ---- | C] () -- G:\WINDOWS\CTWave32.INI
[2010-09-22 18:05:26 | 000,000,029 | ---- | C] () -- G:\WINDOWS\sfbm.INI
[2010-09-14 18:52:42 | 000,021,840 | ---- | C] () -- G:\WINDOWS\System32\SIntfNT.dll
[2010-09-14 18:52:42 | 000,017,212 | ---- | C] () -- G:\WINDOWS\System32\SIntf32.dll
[2010-09-14 18:52:42 | 000,012,067 | ---- | C] () -- G:\WINDOWS\System32\SIntf16.dll
[2010-09-14 18:09:12 | 000,691,696 | ---- | C] () -- G:\WINDOWS\System32\drivers\sptd.sys
[2010-09-12 13:46:59 | 000,165,376 | ---- | C] () -- G:\WINDOWS\System32\unrar.dll
[2010-09-12 13:46:59 | 000,000,038 | ---- | C] () -- G:\WINDOWS\avisplitter.ini
[2010-09-12 13:46:56 | 000,134,144 | ---- | C] () -- G:\WINDOWS\System32\xvidvfw.dll
[2010-09-12 13:46:56 | 000,108,032 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll
[2010-09-12 10:35:00 | 000,000,138 | ---- | C] () -- G:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2010-09-12 10:32:53 | 000,033,576 | ---- | C] () -- G:\WINDOWS\System32\BCGPOleAcc.dll
[2010-09-12 10:20:19 | 000,004,293 | ---- | C] () -- G:\WINDOWS\ODBCINST.INI
[2008-02-05 13:28:20 | 000,000,051 | ---- | C] () -- G:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\setup.txt
[2005-05-03 13:38:42 | 000,064,512 | R--- | C] () -- G:\WINDOWS\System32\P17.dll
[2003-10-02 12:48:18 | 000,053,248 | R--- | C] () -- G:\WINDOWS\System32\P17CPI.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-09-12 14:14:20 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Dane aplikacji\Psicraft
[2010-09-14 18:08:58 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-09-19 01:56:50 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Dane aplikacji\Steinberg
[2010-10-03 20:43:20 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Dane aplikacji\FlashFXP
[2010-10-21 08:42:46 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2010-11-12 21:08:50 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
[2010-09-12 10:53:08 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\Opera
[2010-09-12 11:06:26 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\.wtw
[2010-09-12 13:45:52 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\BESTplayer
[2010-09-12 19:51:10 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\FlashFXP
[2010-09-14 13:52:10 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
[2010-09-14 18:08:58 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite
[2010-09-16 22:04:14 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\COWON
[2010-09-19 01:54:14 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\Steinberg
[2010-10-11 00:46:38 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\REAPER
[2010-10-21 09:28:46 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\Ashampoo
[2010-11-04 21:37:30 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Administrator\Dane aplikacji\TeamViewer

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

EXTRAS.TXT

OTL Extras logfile created on: 2010-11-14 21:39:46 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = G:\Documents and Settings\Administrator\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 8,79 Gb Total Space | 3,50 Gb Free Space | 39,79% Space Free | Partition Type: FAT32
Drive E: | 57,48 Gb Total Space | 10,44 Gb Free Space | 18,16% Space Free | Partition Type: NTFS
Drive G: | 8,24 Gb Total Space | 0,51 Gb Free Space | 6,19% Space Free | Partition Type: FAT32
Drive J: | 465,76 Gb Total Space | 373,92 Gb Free Space | 80,28% Space Free | Partition Type: NTFS

Computer Name: JA-4A0D0F2168B9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1292428093-861567501-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"G:\Program Files\FlashFXP\FlashFXP.exe" = G:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"G:\Program Files\Microsoft ActiveSync\rapimgr.exe" = G:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"G:\Program Files\Microsoft ActiveSync\wcescomm.exe" = G:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"G:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = G:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\Program Files\Opera\opera.exe" = G:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"G:\Program Files\K2T\WTW\wtw.exe" = G:\Program Files\K2T\WTW\wtw.exe:*:Enabled:WTW Instant Messenger -- (K2T.eu, Kaworu)
"G:\Documents and Settings\Administrator\Pulpit\UTORRENT.EXE" = G:\Documents and Settings\Administrator\Pulpit\UTORRENT.EXE:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Dane\Valve\hl.exe" = E:\Dane\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"G:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = G:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"G:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = G:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"G:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = G:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"G:\Program Files\FlashFXP\FlashFXP.exe" = G:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"G:\Program Files\Microsoft ActiveSync\rapimgr.exe" = G:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"G:\Program Files\Microsoft ActiveSync\wcescomm.exe" = G:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"G:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = G:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"E:\CSCSCSCS\hl.exe" = E:\CSCSCSCS\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"E:\CSCSCSCS\hlds.exe" = E:\CSCSCSCS\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E26E09B-6687-4A99-BD08-A9E705373029}_is1" = Vyzex Pocket POD 1.17
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D015A2F-4D85-419E-8E1D-93B0C246D491}" = Diskeeper 2010 Pro Premier
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AAA8CA88-8A22-43D1-867F-ABD7944C9815}" = Intel(R) Network Connections 14.3.0.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E4DCFD0F-7B68-4C44-B208-99027AD1AC69}" = keFIR VST plugin
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Addictive Drums" = Addictive Drums
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AP Tuner 3.06" = AP Tuner 3.06
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ASIO4ALL" = ASIO4ALL
"CCleaner" = CCleaner
"Counter-Strike 1.6" = Counter-Strike 1.6
"Diablo II" = Diablo II
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Jazz Jackrabbit 2 Secret Files" = Jazz Jackrabbit 2 Secret Files
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"Nero8110_Micro_is1" = Nero 8 Micro v8.1.1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"rayman2" = rayman2
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Unlocker" = Unlocker 1.9.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-11-04 18:36:53 | Computer Name = JA-4A0D0F2168B9 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again 
using a valid copy of the installation package 'HPProductAssistant.msi'.

Error - 2010-11-04 18:37:01 | Computer Name = JA-4A0D0F2168B9 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again 
using a valid copy of the installation package 'HPProductAssistant.msi'.

Error - 2010-11-04 18:37:10 | Computer Name = JA-4A0D0F2168B9 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again 
using a valid copy of the installation package 'HPProductAssistant.msi'.

Error - 2010-11-04 18:37:20 | Computer Name = JA-4A0D0F2168B9 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again 
using a valid copy of the installation package 'HPProductAssistant.msi'.

Error - 2010-11-04 18:37:24 | Computer Name = JA-4A0D0F2168B9 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again 
using a valid copy of the installation package 'HPProductAssistant.msi'.

Error - 2010-11-04 18:37:28 | Computer Name = JA-4A0D0F2168B9 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again 
using a valid copy of the installation package 'HPProductAssistant.msi'.

Error - 2010-11-04 18:37:31 | Computer Name = JA-4A0D0F2168B9 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again 
using a valid copy of the installation package 'HPProductAssistant.msi'.

Error - 2010-11-12 16:08:37 | Computer Name = JA-4A0D0F2168B9 | Source = MsiInstaller | ID = 11313
Description = Product: Diskeeper 2010 Pro Premier -- Error 1313.The volume F:\ is
currently unavailable.  Please select another.

Error - 2010-11-12 19:09:54 | Computer Name = JA-4A0D0F2168B9 | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR  The Diskeeper News and Information
feature was unable to contact the Diskeeper Corporation web server. Ensure this
computer has Internet access. The Error Code is 5.

Error - 2010-11-13 19:54:24 | Computer Name = JA-4A0D0F2168B9 | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR  The Diskeeper News and Information
feature was unable to contact the Diskeeper Corporation web server. Ensure this
computer has Internet access. The Error Code is 5.

[ System Events ]
Error - 2010-11-13 20:19:53 | Computer Name = JA-4A0D0F2168B9 | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

Error - 2010-11-13 20:20:17 | Computer Name = JA-4A0D0F2168B9 | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

Error - 2010-11-14 05:35:30 | Computer Name = JA-4A0D0F2168B9 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-11-14 05:36:34 | Computer Name = JA-4A0D0F2168B9 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2010-11-14 05:43:25 | Computer Name = JA-4A0D0F2168B9 | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

Error - 2010-11-14 05:43:28 | Computer Name = JA-4A0D0F2168B9 | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

Error - 2010-11-14 06:30:58 | Computer Name = JA-4A0D0F2168B9 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-11-14 06:31:17 | Computer Name = JA-4A0D0F2168B9 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2010-11-14 07:41:05 | Computer Name = JA-4A0D0F2168B9 | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

Error - 2010-11-14 07:41:09 | Computer Name = JA-4A0D0F2168B9 | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.


< End of report >

tehawanka · 14 Listopada 2010

Log wygląda OK.

xQQ · 14 Listopada 2010

Teraz wyskakuje takie coś jak w załączniku, nie ważne skąd ściągam CF.

tehawanka · 14 Listopada 2010

Jedyne pewne źródło masz tutaj:

http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

Może rzeczywiście masz wirusa lub ComboFix został uszkodzony przez działający w tle Comodo.

Przeskanuj dysk Dr.Web CureIt lub Kaspersky Virus Removal Tool

xQQ · 14 Listopada 2010

Udało się odpalić cf (zakończyłem proces comodo):

ComboFix 10-11-12.01 - Administrator 2010-11-14  23:16:57.1.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.1535.1144 [GMT 1:00]
Uruchomiony z: g:\documents and settings\Administrator\Pulpit\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\windows\settings.reg
g:\windows\system32\_002429_.tmp.dll
g:\windows\system32\_002430_.tmp.dll
g:\windows\system32\_002431_.tmp.dll
g:\windows\system32\_002432_.tmp.dll
g:\windows\system32\_002439_.tmp.dll
g:\windows\system32\_002440_.tmp.dll
g:\windows\system32\_002441_.tmp.dll
g:\windows\system32\_002443_.tmp.dll
g:\windows\system32\_002444_.tmp.dll
g:\windows\system32\_002447_.tmp.dll
g:\windows\system32\_002448_.tmp.dll
g:\windows\system32\_002451_.tmp.dll
g:\windows\system32\_002452_.tmp.dll
g:\windows\system32\_002454_.tmp.dll
g:\windows\system32\_002455_.tmp.dll
g:\windows\system32\_002457_.tmp.dll
g:\windows\system32\_002458_.tmp.dll
g:\windows\system32\_002463_.tmp.dll
g:\windows\system32\_002465_.tmp.dll
g:\windows\system32\_002467_.tmp.dll
g:\windows\system32\_002469_.tmp.dll
g:\windows\system32\_002471_.tmp.dll
g:\windows\system32\_002472_.tmp.dll
g:\windows\system32\_002475_.tmp.dll
g:\windows\system32\_002476_.tmp.dll
g:\windows\system32\_002477_.tmp.dll
g:\windows\system32\_002478_.tmp.dll
g:\windows\system32\_002479_.tmp.dll
g:\windows\system32\_002484_.tmp.dll
g:\windows\system32\Data
g:\windows\system32\msvcsv60.dll

g:\windows\system32\srsvc.dll . . . jest zainfekowany!!

.
(((((((((((((((((((((((((   Pliki utworzone od 2010-10-14 do 2010-11-14  )))))))))))))))))))))))))))))))
.

2010-11-14 22:13 . 2010-11-12 23:46	--------	d-----w-	G:\32788R22FWJFW.4.tmp
2010-11-14 21:56 . 2010-11-14 21:56	--------	d-----w-	g:\documents and settings\Administrator\DoctorWeb
2010-11-14 21:50 . 2010-11-15 02:49	--------	d-----w-	G:\32788R22FWJFW.3.tmp
2010-11-14 21:48 . 2010-11-12 23:46	--------	d-----w-	G:\32788R22FWJFW.2.tmp
2010-11-14 00:14 . 2010-11-12 23:46	--------	d-----w-	G:\32788R22FWJFW.1.tmp
2010-11-12 20:13 . 2010-11-12 20:13	--------	d-----w-	G:\VritualRoot
2010-11-12 20:13 . 2010-11-14 22:23	170336	----a-w-	g:\windows\system32\drivers\sfi.dat
2010-11-12 20:08 . 2009-10-21 00:04	45232	----a-w-	g:\windows\system32\drivers\DKRtWrt.sys
2010-11-12 20:08 . 2010-11-12 20:08	--------	d-----w-	g:\program files\Windows Home Server
2010-11-12 20:08 . 2010-11-12 20:08	--------	d-----w-	g:\program files\Common Files\Diskeeper Corporation
2010-11-12 20:08 . 2010-11-12 20:08	--------	d-----w-	g:\documents and settings\All Users\Dane aplikacji\Diskeeper Corporation
2010-11-12 19:56 . 2010-11-12 19:56	--------	d-----w-	g:\documents and settings\All Users\Dane aplikacji\Comodo
2010-11-12 19:56 . 2010-11-12 19:56	--------	d-----w-	g:\program files\COMODO
2010-11-12 19:56 . 2010-11-12 19:56	1060864	----a-w-	g:\windows\system32\mfc71.dll
2010-11-07 13:50 . 2010-11-07 13:50	--------	d-----w-	g:\program files\NAPI-PROJEKT
2010-11-05 09:09 . 2010-11-05 09:09	--------	d-----w-	G:\FOUND.003
2010-11-04 20:37 . 2010-11-04 20:37	--------	d-----w-	g:\documents and settings\Administrator\Dane aplikacji\TeamViewer
2010-11-04 20:12 . 2010-11-04 20:12	--------	d-----w-	g:\documents and settings\Administrator\Dane aplikacji\skypePM
2010-11-04 20:11 . 2010-11-04 20:11	--------	d-----w-	g:\program files\Common Files\Skype
2010-11-04 20:11 . 2010-11-04 20:11	--------	d-----w-	g:\documents and settings\Administrator\Dane aplikacji\Skype
2010-11-04 20:11 . 2010-11-04 20:11	--------	d-----r-	g:\program files\Skype
2010-11-04 20:11 . 2010-11-04 20:11	--------	d-----w-	g:\documents and settings\All Users\Dane aplikacji\Skype
2010-11-01 16:52 . 2010-11-01 16:52	--------	d-----w-	g:\program files\IK Multimedia
2010-11-01 16:51 . 2010-11-01 16:51	--------	d-----w-	g:\documents and settings\Administrator\Dane aplikacji\InstallShield
2010-10-30 00:53 . 2010-11-14 10:17	472808	----a-w-	g:\windows\system32\deployJava1.dll
2010-10-30 00:53 . 2010-11-14 10:17	472808	----a-w-	g:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-27 18:57 . 2000-05-11 00:00	90112	------w-	g:\windows\Updreg.EXE
2010-10-27 18:57 . 2005-06-27 11:37	133632	----a-r-	g:\windows\system32\CtDvInst.dll
2010-10-23 16:55 . 2005-10-21 02:47	12800	------w-	g:\windows\system32\drivers\usb8023x.sys
2010-10-23 16:55 . 2005-10-21 02:47	30592	------w-	g:\windows\system32\drivers\rndismpx.sys
2010-10-23 16:55 . 2010-10-23 16:55	--------	d-----w-	g:\program files\Microsoft ActiveSync
2010-10-21 08:28 . 2010-10-21 08:28	--------	d-----w-	g:\documents and settings\Administrator\Dane aplikacji\Ashampoo
2010-10-21 07:42 . 2010-10-21 07:42	--------	d-----w-	g:\documents and settings\All Users\Dane aplikacji\ashampoo
2010-10-21 07:42 . 2010-10-21 07:42	--------	d-----w-	g:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ashampoo
2010-10-21 07:19 . 2010-10-21 07:20	--------	d-----w-	g:\program files\Ashampoo

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 14:33 . 2010-09-15 14:48	413696	----a-w-	g:\windows\system32\wrap_oal.dll
2010-10-24 14:33 . 2003-03-27 20:24	110592	----a-w-	g:\windows\system32\OpenAL32.dll
2010-09-14 17:52 . 2010-09-14 17:52	21840	----a-w-	g:\windows\system32\SIntfNT.dll
2010-09-14 17:52 . 2010-09-14 17:52	17212	----a-w-	g:\windows\system32\SIntf32.dll
2010-09-14 17:52 . 2010-09-14 17:52	12067	----a-w-	g:\windows\system32\SIntf16.dll
2010-09-14 17:45 . 2010-09-14 17:45	2829	----a-w-	g:\windows\DIIUnin.pif
2010-09-14 17:45 . 2010-09-14 17:45	106496	----a-w-	g:\windows\DIIUnin.exe
2010-09-14 17:09 . 2010-09-14 17:09	691696	----a-w-	g:\windows\system32\drivers\sptd.sys
2010-09-12 09:29 . 2010-09-12 09:34	71680	----a-w-	g:\documents and settings\Administrator\GLB5C1.tmp
2010-09-12 09:29 . 2010-09-12 09:33	71680	----a-w-	g:\windows\system32\config\systemprofile\GLB5C1.tmp
2010-09-12 09:29 . 2010-09-12 09:29	71680	----a-w-	g:\documents and settings\Default User\GLB5C1.tmp
2010-09-10 22:41 . 2010-09-10 22:41	285480	----a-w-	g:\windows\system32\guard32.dll
2010-09-10 22:40 . 2010-09-10 22:40	91560	----a-w-	g:\windows\system32\drivers\inspect.sys
2010-09-10 22:40 . 2010-09-10 22:40	25240	----a-w-	g:\windows\system32\drivers\cmdhlp.sys
2010-09-10 22:40 . 2010-09-10 22:40	239240	----a-w-	g:\windows\system32\drivers\cmdGuard.sys
2010-09-10 22:40 . 2010-09-10 22:40	15592	----a-w-	g:\windows\system32\drivers\cmderd.sys
.

------- Sigcheck -------

[-] 2007-07-28 . 0FB6743E937C7BB248B2530A5A77ABC6 . 360576 . . [5.1.2600.2892] . . g:\windows\system32\drivers\tcpip.sys


[-] 2007-07-13 . A29DE506E89C131C0AACC86047CB1373 . 3856896 . . [7.00.6000.20591] . . g:\windows\system32\mshtml.dll

[-] 2008-09-30 . 4FBCD24AE782EEA754B473996E063A58 . 2161152 . . [5.1.2600.3093] . . g:\windows\system32\ntoskrnl.exe

[-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . g:\windows\system32\user32.dll

[-] 2007-07-13 . CE7193C5F7C01B19768E066087C1C919 . 814592 . . [7.00.6000.20583] . . g:\windows\system32\wininet.dll

[-] 2007-07-13 . 32F67215C57DF2C401BF93B7EE65987F . 974848 . . [6.00.2900.2649] . . g:\windows\explorer.exe



[-] 2007-07-27 . 89878732D5EB0C845AD2356081142F2A . 1548288 . . [5.1.2600.2180] . . g:\windows\system32\sfcfiles.dll


g:\windows\System32\wuauclt.exe ...  - brak elementu !!
g:\windows\System32\srsvc.dll ...  - brak elementu !!
g:\windows\System32\wscntfy.exe ...  - brak elementu !!
g:\windows\System32\regsvc.dll ...  - brak elementu !!
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="g:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTunerStartupDaemon"="g:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"CTSysVol"="g:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"COMODO Internet Security"="e:\comodo\zainstalowane\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-07-27 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=g:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=g:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07	932288	----a-r-	g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47	35760	----a-w-	g:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58	611712	----a-w-	g:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
2010-11-08 08:01	210648	----a-w-	g:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2005-02-15 15:10	57344	------w-	g:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 14:57	1289000	----a-w-	g:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 23:00	385024	----a-w-	g:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17	49152	----a-w-	g:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31	80896	----a-w-	g:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:24	13923432	----a-w-	g:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 15:24	110696	----a-w-	g:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 12:38	64512	----a-r-	g:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49	14940040	----a-r-	g:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00	90112	------w-	g:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Opera\\opera.exe"=
"g:\\Program Files\\K2T\\WTW\\wtw.exe"=
"g:\\Documents and Settings\\Administrator\\Pulpit\\UTORRENT.EXE"=
"e:\\Dane\\Valve\\hl.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"g:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"g:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"g:\program files\Microsoft ActiveSync\rapimgr.exe"= g:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"g:\program files\Microsoft ActiveSync\wcescomm.exe"= g:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"g:\program files\Microsoft ActiveSync\WCESMgr.exe"= g:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\CSCSCSCS\\hl.exe"=
"e:\\CSCSCSCS\\hlds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;g:\windows\system32\drivers\sptd.sys [2010-09-14 691696]
R1 cmderd;COMODO Internet Security Eradication Driver;g:\windows\system32\drivers\cmderd.sys [2010-09-10 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;g:\windows\system32\drivers\cmdGuard.sys [2010-09-10 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;g:\windows\system32\drivers\cmdhlp.sys [2010-09-10 25240]
R2 CLPSLS;COMODO livePCsupport Service;g:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2010-11-08 151432]
R3 CLEDX;Team H2O CLEDX service;g:\windows\system32\drivers\cledx.sys [2010-09-24 33792]
R3 DKRtWrt;DKRtWrt;g:\windows\system32\drivers\DKRtWrt.sys [2010-11-12 45232]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - SECLOGON

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
Tapisrv
Themes
TrkWks
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
WmdmPmSN
uploadmgr
helpsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: {1736B497-A9B2-4CC0-85A5-677DB7598683} = 156.154.70.25,156.154.71.25
FF - ProfilePath - g:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\pdq2a1ma.default\
FF - prefs.js: network.proxy.ftp - flyproxy.com
FF - prefs.js: network.proxy.gopher - flyproxy.com
FF - prefs.js: network.proxy.http - flyproxy.com
FF - prefs.js: network.proxy.socks - flyproxy.com
FF - prefs.js: network.proxy.ssl - flyproxy.com
FF - prefs.js: network.proxy.type - 1
FF - plugin: g:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

Notify-dimsntfy - (no file)
MSConfigStartUp-kX Mixer - g:\program files\kX Audio Driver\3550\kxmixer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 23:26
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose, ZwOpenFile

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(564)
g:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(2236)
g:\windows\system32\SHDOCVW.dll
g:\windows\system32\guard32.dll
g:\windows\system32\msi.dll
g:\windows\system32\ntshrui.dll
g:\windows\system32\NETSHELL.dll
g:\windows\system32\credui.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
g:\windows\system32\nvsvc32.exe
g:\program files\Bonjour\mDNSResponder.exe
e:\defrag\DkService.exe
g:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Czas ukończenia: 2010-11-14  23:27:29 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2010-11-14 22:27

Przed: 503 988 224 bajtów wolnych
Po: 495 706 112 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - FF1ED7D009FF46628F77F49E3351D3CF

Jutro przeskanuje drwebem

tehawanka · 14 Listopada 2010

Nie widać żadnej infekcji.

Przeskanuj plik tutaj:

g:\windows\system32\srsvc.dll . . . jest zainfekowany!!

Podobno brakuje plików systemowych:

g:\windows\System32\wuauclt.exe ... - brak elementu !!
g:\windows\System32\srsvc.dll ... - brak elementu !!
g:\windows\System32\wscntfy.exe ... - brak elementu !!
g:\windows\System32\regsvc.dll ... - brak elementu !!

ComboFix wskazuje, że wartość jest uszkodzona:

NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy

Wklej do systemowego notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=-
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,54,00,65,00,72,00,6d,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,\
73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,\
00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,\
6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,78,00,6d,00,6c,\
00,70,00,72,00,6f,00,76,00,00,00,77,00,73,00,63,00,73,00,76,00,63,00,00,00,\
57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00

Z menu Notatnika -> Plik -> Zapisz jako -> Zapisz jako typ: Wszystkie pliki -> Zapisz pod nazwą FIX.REG

Uruchom ten plik.

Temat został przeniesiony do archiwum

[Combofix]

Rekomendowane odpowiedzi

xQQ 2

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

panyapa 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

xQQ 2

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

tehawanka 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

xQQ 2

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

tehawanka 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

xQQ 2

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

tehawanka 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Ostatnio przeglądający 0 użytkowników

Tematy

Odpowiedzi

Aktywni użytkownicy

Przeglądaj

Aktywność