Log z malwarebytes bo otl nie chce zrobić logów

Dla specjalistów Bezpieczeństwo
#1

Witam wrzucam log z malwarebytes z pełnego scanu przerwanego ponieważ otl nie może zrobić logów ponieważ po skanowaniu wyskakuje komunikat nie można odnaleźć pliku czy utworzyć? klikam tak i nic się nie dzieje tylko pokazuje się pusty plik tekstowy

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org


Wersja bazy: v2012.09.26.02


Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Izabella :: IZA [administrator]


2012-09-26 08:26:22

mbam-log-2012-09-26 (08-26-22).txt


Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)

Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM

Odznaczone opcje skanowania: P2P

Przeskanowano obiektów: 89992

Upłynęło: 19 minut(y), 24 sekund(y) [anulowane]


Wykrytych procesów w pamięci: 1

C:\Program Files\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> 224 -> Usuń po ponownym uruchomieniu.


Wykrytych modułów w pamięci: 0

(Nie znaleziono zagrożeń)


Wykrytych kluczy rejestru: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.


Wykrytych wartości rejestru: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Data: C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.


Wykryte wpisy rejestru systemowego: 0

(Nie znaleziono zagrożeń)


wykrytych folderów: 0

(Nie znaleziono zagrożeń)


Wykrytych plików: 5

C:\Program Files\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Usuń po ponownym uruchomieniu.

C:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.

C:\Program Files\RelevantKnowledge\rlls64.dll (PUP.Adware.RelevantKnowledge) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.

C:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.

C:\Program Files\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.


(zakończone)

pomocy a tu log z szybkiego skanu nie przerwanego:)

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org


Wersja bazy: v2012.09.26.02


Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Izabella :: IZA [administrator]


2012-09-26 09:10:07

mbam-log-2012-09-26 (09-17-30).txt


Typ skanowania: Szybkie skanowanie

Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM

Odznaczone opcje skanowania: P2P

Przeskanowano obiektów: 216865

Upłynęło: 4 minut(y), 34 sekund(y)


Wykrytych procesów w pamięci: 0

(Nie znaleziono zagrożeń)


Wykrytych modułów w pamięci: 0

(Nie znaleziono zagrożeń)


Wykrytych kluczy rejestru: 0

(Nie znaleziono zagrożeń)


Wykrytych wartości rejestru: 0

(Nie znaleziono zagrożeń)


Wykryte wpisy rejestru systemowego: 0

(Nie znaleziono zagrożeń)


wykrytych folderów: 2

C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Nie wykonano akcji.

C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge (PUP.Spyware.MarketScore) -> Nie wykonano akcji.


Wykrytych plików: 9

C:\RECYCLER\S-1-5-21-507921405-1897051121-1417001333-1004\Dc53.dll (PUP.Adware.RelevantKnowledge) -> Nie wykonano akcji.

C:\Program Files\RelevantKnowledge\ncncf.dat (PUP.Spyware.MarketScore) -> Nie wykonano akcji.

C:\Program Files\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Nie wykonano akcji.

C:\Program Files\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Nie wykonano akcji.

C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Nie wykonano akcji.

C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Nie wykonano akcji.

C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Nie wykonano akcji.

C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Nie wykonano akcji.

C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Nie wykonano akcji.


(zakończone)

wszystkie te infekcje usunąłem co dalej? po uruchomieniu komputera zrobiłem szybki skan malwarebytes i nic nie znalazł czy już wszystko ok jest z moim komputerem? teraz jestem w trakcie pełnego skanu… dlaczego otl nie może zrobić logów? pomóżcie bo nie wiem co robić ok po usunięciu malwarebytes wszystkich zagrożeń udało się OTLowi zrobić logi po skanowaniu przedstawiam wam je

OTL logfile created on: 2012-09-26 10:06:30 - Run 2

OTL by OldTimer - Version 3.2.68.0 Folder = C:\Documents and Settings\Izabella\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 77,02% Memory free

3,84 Gb Paging File | 3,53 Gb Available in Paging File | 92,02% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 116,44 Gb Total Space | 49,00 Gb Free Space | 42,08% Space Free | Partition Type: NTFS

Drive D: | 116,44 Gb Total Space | 66,74 Gb Free Space | 57,32% Space Free | Partition Type: NTFS


Computer Name: IZA | User Name: Izabella | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-09-26 08:39:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Izabella\Pulpit\OTL.exe

PRC - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2010-02-09 17:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe

PRC - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe

PRC - [2009-12-07 01:19:00 | 001,590,216 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\WinVNC.exe

PRC - [2009-09-11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009-09-11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-01-31 14:03:42 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

PRC - [2007-06-01 11:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007-06-01 11:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2009-02-27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll



[color=#E56717]========== Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012-09-26 08:48:46 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-09-21 13:20:11 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)

SRV - [2009-12-07 01:19:00 | 001,590,216 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service)

SRV - [2009-09-11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2009-09-11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\Izabella\USTAWI~1\Temp\5728.sys -- (5728)

DRV - [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012-01-05 11:34:04 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utq3ntyy.sys -- (utq3ntyy)

DRV - [2011-11-14 09:46:13 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)

DRV - [2010-09-03 14:25:06 | 000,016,376 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2009-09-11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)

DRV - [2009-09-11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2009-09-11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2007-09-19 15:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007-09-19 11:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-507921405-1897051121-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

IE - HKU\S-1-5-21-507921405-1897051121-1417001333-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-507921405-1897051121-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-507921405-1897051121-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-1897051121-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:296


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 296

FF - user.js - File not found


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-26 08:48:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-13 16:11:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-09-03 14:47:44 | 000,000,000 | ---D | M]


[2010-09-06 08:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabella\Dane aplikacji\Mozilla\Extensions

[2010-09-06 08:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabella\Dane aplikacji\Mozilla\Firefox\Profiles\j71spj5u.default\extensions

[2012-09-26 08:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011-02-04 14:55:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2012-09-26 08:48:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-11-10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012-09-26 08:48:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-09-26 08:48:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012-09-26 08:48:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012-09-26 08:48:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012-09-26 08:48:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-09-26 08:48:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2012-01-02 11:50:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKU\S-1-5-21-507921405-1897051121-1417001333-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-507921405-1897051121-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-507921405-1897051121-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-507921405-1897051121-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-507921405-1897051121-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab (SignActivX Control)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D42741C2-E0CA-46D6-B8E7-73120F07AC35}: NameServer = 10.2.12.246

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Izabella\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Izabella\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-09-03 12:47:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-09-26 08:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012-09-26 08:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla

[2012-09-26 08:39:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Izabella\Pulpit\OTL.exe

[2012-09-26 08:20:18 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Izabella\Pulpit\mbam-setup-1.65.0.1400.exe

[2012-09-18 09:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabella\Dane aplikacji\screenrecorder

[2012-09-18 09:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Cute Screen Recorder Free Version

[2012-09-18 09:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cute Screen Recorder

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-09-26 10:05:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-09-26 09:20:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012-09-26 08:39:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Izabella\Pulpit\OTL.exe

[2012-09-26 08:20:44 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-09-26 08:20:28 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Izabella\Pulpit\mbam-setup-1.65.0.1400.exe

[2012-09-26 08:11:39 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\Izabella\Pulpit\Skrót do SPRZEDAŻ DZIENNA - 2 0 1 2.lnk

[2012-09-26 07:50:18 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\Izabella\Pulpit\ZAMÓWIONKA.lnk

[2012-09-26 07:45:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-09-21 13:20:11 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012-09-21 13:20:11 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012-09-18 09:50:14 | 000,000,149 | ---- | M] () -- C:\Documents and Settings\Izabella\default.pls

[2012-09-18 09:47:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012-09-18 09:46:30 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Cute Screen Recorder Free Version.lnk

[2012-09-17 10:08:41 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Izabella\Pulpit\Skrót do Zamówienia produk.- Iwona na K62-hermar.lnk

[2012-09-14 07:44:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Izabella\Pulpit\Fakturowanie.lnk

[2012-09-13 03:01:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012-09-10 13:07:05 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Izabella\Pulpit\Skrót do DokFIKSZestawienia.lnk

[2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012-09-07 09:28:55 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Izabella\Pulpit\Realizacja zamówień.lnk

[2012-08-28 20:48:44 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2012-08-28 17:18:53 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

[2012-08-28 17:18:52 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll

[2012-08-28 17:18:51 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll

[2012-08-28 17:18:51 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll

[2012-08-28 17:18:51 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll

[2012-08-28 17:18:50 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll

[2012-08-28 17:18:50 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll

[2012-08-28 17:18:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll

[2012-08-28 17:18:49 | 006,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2012-08-28 17:18:45 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2012-08-28 17:18:45 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2012-08-28 17:18:45 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2012-08-28 17:18:45 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2012-08-28 17:18:44 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2012-08-28 17:18:44 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl

[2012-08-28 17:18:44 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll

[2012-08-28 17:18:44 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll

[2012-08-28 17:18:44 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll

[2012-08-28 17:18:44 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2012-08-28 17:18:44 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll

[2012-08-28 17:18:43 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2012-08-28 17:18:43 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll

[2012-08-28 17:18:43 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll

[2012-08-28 17:18:41 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2012-08-28 17:18:40 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2012-08-28 17:18:40 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll

[2012-08-28 14:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe

[2012-08-28 14:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe

[2012-08-28 14:07:32 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-09-26 08:20:44 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-09-18 09:46:30 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Cute Screen Recorder Free Version.lnk

[2012-08-03 12:45:01 | 000,105,354 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp

[2012-08-03 12:45:01 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp

[2012-08-03 12:06:13 | 000,105,354 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

[2012-08-03 12:06:13 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

[2012-02-15 07:28:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012-02-01 14:50:04 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT

[2012-01-05 11:34:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utq3ntyy.sys

[2011-11-10 11:15:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7030.DAT

[2011-04-09 07:21:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2011-02-09 12:56:56 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Izabella\default.pls

[2011-01-28 09:14:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010-10-13 15:03:29 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010-09-22 14:36:59 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Izabella\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


[color=#E56717]========== ZeroAccess Check ==========[/color]



[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2010-06-24 14:12:34 | 001,509,888 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-15 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both


[color=#E56717]========== LOP Check ==========[/color]


[2010-09-03 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2011-01-26 11:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe

[2010-09-06 08:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft

[2012-01-02 09:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabella\Dane aplikacji\LimeRunner

[2011-04-07 14:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabella\Dane aplikacji\MacroBASE

[2010-09-06 14:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabella\Dane aplikacji\ScanSoft

[2012-09-18 10:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabella\Dane aplikacji\screenrecorder


[color=#E56717]========== Purity Check ==========[/color]




< End of report >

OTL Extras logfile created on: 2012-09-26 10:06:31 - Run 2

OTL by OldTimer - Version 3.2.68.0 Folder = C:\Documents and Settings\Izabella\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 77,02% Memory free

3,84 Gb Paging File | 3,53 Gb Available in Paging File | 92,02% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 116,44 Gb Total Space | 49,00 Gb Free Space | 42,08% Space Free | Partition Type: NTFS

Drive D: | 116,44 Gb Total Space | 66,74 Gb Free Space | 57,32% Space Free | Partition Type: NTFS


Computer Name: IZA | User Name: Izabella | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*


[HKEY_USERS\S-1-5-21-507921405-1897051121-1417001333-1004\SOFTWARE\Classes\]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[color=#E56717]========== System Restore Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2


[color=#E56717]========== Firewall Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner

"5900:TCP" = 5900:TCP:*:Enabled:vnc5900

"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

"24162:TCP" = 24162:TCP:LocalSubNet:Enabled:Emule

"9910:UDP" = 9910:UDP:LocalSubNet:Enabled:Emule

"20284:TCP" = 20284:TCP:LocalSubNet:Enabled:AresXZ


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Brother\Brmfl07b\FAXRX.exe" = C:\Program Files\Brother\Brmfl07b\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries Ltd.)

"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)

"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Documents and Settings\Izabella\Dane aplikacji\A446B\AB781.exe" = C:\Documents and Settings\Izabella\Dane aplikacji\A446B\AB781.exe:*:Disabled:AB781

"C:\Program Files\6BA94\lvvm.exe" = C:\Program Files\6BA94\lvvm.exe:*:Disabled:lvvm

"C:\Documents and Settings\Izabella\Ustawienia lokalne\Temp\7zS4207\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Izabella\Ustawienia lokalne\Temp\7zS4207\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS -- (Hewlett-Packard)

"C:\Documents and Settings\Izabella\Ustawienia lokalne\Temp\7zS4316\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Izabella\Ustawienia lokalne\Temp\7zS4316\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{1A6A6531-08FC-47AD-BAC4-C41497E71045}" = Nero 7 Essentials

"{1F5A8225-A37D-4274-A402-2C7A8401AE2E}" = Macrologic - komponenty MacroCRview

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite

"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & Officejet 5.3.B Corporate Edition

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A7B12EE-49F5-4019-8EA1-4BA4C41132E5}" = ESET NOD32 Antivirus

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite DCP-J515W

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0015-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_PROHYBRIDR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_PROHYBRIDR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_PROHYBRIDR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish

"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C549017A-FFAB-4679-9112-26E83DD82DB5}" = Enterprise

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{FA0E44BC-3731-42D5-BA98-E99DD5D70A83}" = ScanSoft PaperPort 11

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Cute Screen Recorder Free Version_is1" = Cute Screen Recorder Free Version 1.7.0.0

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"Macrologic Xpertis jTerm 2011+ (11.22)_is1" = Macrologic Xpertis jTerm 2011+ (11.22)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.65.0.1400

"Mozilla Firefox 12.0 (x86 pl)" = Mozilla Firefox 12.0 (x86 pl)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PROHYBRIDR" = 2007 Microsoft Office system

"SkanerOnline" = Skaner on-line mks_vir

"Ultravnc2_is1" = UltraVNC 1.0.8.2

"Windows Media Format Runtime" = Windows Media Format Runtime


[color=#E56717]========== Last 20 Event Log Errors ==========[/color]


[Application Events]

Error - 2012-09-25 02:11:30 | Computer Name = IZA | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/25 08:11:30.534]: [00000400]: GetDeviceIpAddress:

 GetAddressByName [BRN008077DE380F] Error  


Error - 2012-09-25 02:12:07 | Computer Name = IZA | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/25 08:12:07.503]: [00000400]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[10.2.12.92]  


Error - 2012-09-25 02:12:07 | Computer Name = IZA | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/25 08:12:07.565]: [00000400]: GetDeviceIpAddress:

 GetAddressByName [BRN008077DE380F] Error  


Error - 2012-09-25 02:12:37 | Computer Name = IZA | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/25 08:12:37.596]: [00000400]: GetDeviceIpAddress:

 GetAddressByName [BRN008077DE380F] Error  


Error - 2012-09-25 02:13:16 | Computer Name = IZA | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/25 08:13:16.503]: [00000400]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[10.2.12.92]  


Error - 2012-09-25 02:13:16 | Computer Name = IZA | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/25 08:13:16.565]: [00000400]: GetDeviceIpAddress:

 GetAddressByName [BRN008077DE380F] Error  


Error - 2012-09-25 02:13:46 | Computer Name = IZA | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/25 08:13:46.596]: [00000400]: GetDeviceIpAddress:

 GetAddressByName [BRN008077DE380F] Error  


Error - 2012-09-25 02:14:25 | Computer Name = IZA | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/25 08:14:25.503]: [00000400]: SendSKeySettingToDevice::

 Snmp Load Error[-1] To[10.2.12.92]  


Error - 2012-09-25 02:14:25 | Computer Name = IZA | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/25 08:14:25.565]: [00000400]: GetDeviceIpAddress:

 GetAddressByName [BRN008077DE380F] Error  


Error - 2012-09-26 02:18:59 | Computer Name = IZA | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca DokFIKSZestawienia.exe, wersja 2012.9.24.0,

 moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


[OSession Events]

Error - 2010-09-06 02:38:21 | Computer Name = IZA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1886

 seconds with 120 seconds of active time. This session ended with a crash.


Error - 2010-10-23 06:06:52 | Computer Name = IZA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18286

 seconds with 1440 seconds of active time. This session ended with a crash.


Error - 2011-01-03 05:52:21 | Computer Name = IZA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 695

 seconds with 420 seconds of active time. This session ended with a crash.


Error - 2011-01-10 09:27:53 | Computer Name = IZA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26877

 seconds with 7140 seconds of active time. This session ended with a crash.


Error - 2011-05-10 01:03:01 | Computer Name = IZA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8

 seconds with 0 seconds of active time. This session ended with a crash.


Error - 2011-08-10 07:33:23 | Computer Name = IZA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 733

 seconds with 540 seconds of active time. This session ended with a crash.


Error - 2011-11-24 02:24:59 | Computer Name = IZA | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 49

 seconds with 0 seconds of active time. This session ended with a crash.


[System Events]

Error - 2012-09-24 01:53:33 | Computer Name = IZA | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi 5728 z powodu następującego błędu: %%2


Error - 2012-09-25 01:27:02 | Computer Name = IZA | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi 5728 z powodu następującego błędu: %%2


Error - 2012-09-25 01:38:25 | Computer Name = IZA | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi 5728 z powodu następującego błędu: %%2


Error - 2012-09-25 02:28:36 | Computer Name = IZA | Source = NetBT | ID = 4321

Description = Nie można zarejestrować nazwy „HERMAR :1d” w interfejsie o

 adresie IP 10.2.12.22. Komputer o adresie IP 10.2.12.98 nie zezwolił na przejęcie

 tej nazwy przez ten komputer.


Error - 2012-09-26 01:45:36 | Computer Name = IZA | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi 5728 z powodu następującego błędu: %%2


Error - 2012-09-26 02:22:31 | Computer Name = IZA | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi 5728 z powodu następującego błędu: %%2


Error - 2012-09-26 02:24:46 | Computer Name = IZA | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi 5728 z powodu następującego błędu: %%2


Error - 2012-09-26 02:48:02 | Computer Name = IZA | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi 5728 z powodu następującego błędu: %%2


Error - 2012-09-26 03:22:17 | Computer Name = IZA | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi 5728 z powodu następującego błędu: %%2


Error - 2012-09-26 04:05:21 | Computer Name = IZA | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi 5728 z powodu następującego błędu: %%2



< End of report >

i jak teraz sytuacja wygląda? czysty już jest komputer czy coś jeszcze mam robić?