Rozwiązany: Problem z panelem sterowania i nie tylko

DominikGAMERS · Lipiec 27, 2010

Mój problem polega na braku możliwość otworzenia czegokolwiek w panelu sterowania, wyskakuje błąd "C:\WINDOWS\system32\rundll32.exe nie jest prawidłową aplikacją systemu Win32" Problem pojawił się po przeskanowani windowsa i wykryciu kilku wirusów (niestety usunąłem wszystko z kwarantanny ) PROSZĘ o pomoc w rozwiązaniu tego problemu.

Sevard · Lipiec 27, 2010

Jakim programem antywirusowym robiłeś skan?

Przeskanuj kompa programem Malwarebytes' Anti-Malware i wrzuć loga na forum. Poza tym daj logi z OTL (skan odpal na domyślnych ustawieniach) i GMERa.

DominikGAMERS · Lipiec 28, 2010

Wczoraj zainstalowałem 2 antywirusy są to: Emsisoft Anti-Malware 5.0 i Avira AntiVir Personal, robię właśnie skan tymi antywirusami.

a-squared Anti-Malware - wersja %S 5.0

Ost. aktualizacja: 2010-07-28 08:51:50

Ustawienia skanu:

Typ skanu: Gruntowny skan

Obiekty: Pamięć, Ślady, Ciastka, C:\, E:\

Skan archiw: Włącz

Heurestyka: Wyłącz

Skan reklam: Włącz

Skan wystartował: 2010-07-28 08:57:18

C:\System Volume Information\_restore{BA97B912-C519-4A2F-BA29-6C00B4035335}\RP906\A0341090.exe Wykryto: Worm.Win32.Qvod.ajq!A2

Przeskanowano

Pliki: 141107

Ślady: 685980

Ciastka: 0

Procesy: 31

Wykryte

Pliki: 1

Ślady: 0

Ciastka: 0

Procesy: 0

Klucze rejestru: 0

Koniec skanu: 2010-07-28 10:19:39

Skan trwał: 1:22:21

C:\System Volume Information\_restore{BA97B912-C519-4A2F-BA29-6C00B4035335}\RP906\A0341090.exe Poddany kwarantannie Worm.Win32.Qvod.ajq!A2

Poddany kwarantannie

Pliki: 1

Ślady: 0

Ciastka: 0

Raport antywirusa, po usunięciu wirusa (czyt. poddaniu kwarantannie ) problem dalej jest.

Prawdopodobnie problem tkwi w uszkodzeniu owego pliku czyli rundll.exe dlatego użyję konsoli odzyskiwania, czyli

Start/Wszystkie programy/Akcesoria/Wiersz poleceń.

Przed tym trzeba włożyć płytę od windowsa XP najlepiej z Serwis-packiem 2.

A teraz w wierszu należy wpisać expand f:\i386\rundll32.ex_ c\windows\system32\rundll32.exe

Zaraz napisze czy działa ...

Dalej nic pisze mi że nie może otworzyć rundll32 w wierszu poleceń :mad:

Sevard · Lipiec 28, 2010

Przeskanuj kompa programem Malwarebytes' Anti-Malware i wrzuć loga na forum. Poza tym daj logi z OTL (skan odpal na domyślnych ustawieniach) i GMERa.

DominikGAMERS · Lipiec 28, 2010

OTL Extras logfile created on: 2010-07-28 19:26:14 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 73,58 Gb Free Space | 75,35% Space Free | Partition Type: NTFS

Drive D: | 7,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive E: | 135,22 Gb Total Space | 55,54 Gb Free Space | 41,07% Space Free | Partition Type: NTFS

Drive F: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SUPER-KOMPUTER

Current User Name: Adin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"E:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe" = E:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Gra -- (BioWare)

"E:\Program Files\Mass Effect 2\MassEffect2Launcher.exe" = E:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Program startowy -- (BioWare)

"E:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = E:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company? 2 -- File not found

"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found

"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found

"E:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe" = E:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor? MP Beta -- File not found

"E:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe" = E:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge? -- (EA Digital Illusions CE AB)

"E:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = E:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)

"E:\Program Files\Steam\Steam.exe" = E:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"E:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = E:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- File not found

"E:\Program Files\Ubisoft\Prince of Persia Zapomniane Piaski\Prince of Persia.exe" = E:\Program Files\Ubisoft\Prince of Persia Zapomniane Piaski\Prince of Persia.exe:*:Enabled:Prince of Persia Zapomniane Piaski -- ()

"E:\Program Files\Ubisoft\Prince of Persia Zapomniane Piaski\GameSettings.exe" = E:\Program Files\Ubisoft\Prince of Persia Zapomniane Piaski\GameSettings.exe:*:Enabled:Prince of Persia Zapomniane Piaski Settings -- (Ubisoft)

"E:\Program Files\Ubisoft\Prince of Persia Zapomniane Piaski\gu.exe" = E:\Program Files\Ubisoft\Prince of Persia Zapomniane Piaski\gu.exe:*:Enabled:Prince of Persia Zapomniane Piaski Update -- (Ubisoft)

"E:\Program Files\Ubisoft\Prince of Persia Zapomniane Piaski\UPlayBrowser.exe" = E:\Program Files\Ubisoft\Prince of Persia Zapomniane Piaski\UPlayBrowser.exe:*:Enabled:Prince of Persia Zapomniane Piaski UPlay -- (Ubisoft Entertainment)

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)

"E:\Program Files\Activision\Quantum of Solace\JB_LiveEngine_s.exe" = E:\Program Files\Activision\Quantum of Solace\JB_LiveEngine_s.exe:*:Enabled:Quantum of Solace -- (Activision Inc.)

"E:\Program Files\Activision\Transformers - Wojna o Cybertron\Binaries\TWFC.exe" = E:\Program Files\Activision\Transformers - Wojna o Cybertron\Binaries\TWFC.exe:*:Enabled:Transformers - Wojna o Cybertron -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)

"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision?

"{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2

"{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0

"{31CB0D80-1866-462A-9455-88614410971F}" = Driver: Parallel Lines

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)

"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick

"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones

"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum

"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX

"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5BBC0864-D5FC-4A5E-8346-5450B9B57EEE}" = Speech 5.1 English Engines

"{6A3E5F76-7DD4-4F59-9CD6-B0159622B353}" = Double Vibration steering wheel

"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon

"{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II Złota Edycja

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73F9192E-A60B-47BA-809A-AE07AF507EA7}" = S.T.A.L.K.E.R. - Shadow of Chernobyl

"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine?2 Sandbox2

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E640C51-DB83-485B-8E3F-280BFD7D61C1}" = TP-LINK Wireless Client Utility

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish

"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge?

"{B4A3B14A-1C4B-47B9-A5B5-BF429237D568}" = muveeNow 2.1

"{BA10FB0C-1DD6-4194-BECC-727252E9415C}" = DiskMagik

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Activision?

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt

"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia? Zapomniane Piaski

"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"125;_is1" = DAO

"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner (remove only)

"Device Control" = Device Control

"DVD Shrink_is1" = DVD Shrink 3.2

"EAXSet" = Creative EAX Settings

"Ekspert CD_is1" = Ekspert CD

"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0

"FarCry_is1" = Far Cry

"Gainward" = EXPERTool

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers - Wojna o Cybertron

"InstallShield_{6A3E5F76-7DD4-4F59-9CD6-B0159622B353}" = Double Vibration steering wheel

"InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Quantum of Solace

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6." = Mozilla Firefox (3.6.

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Niezbędnik CD_is1" = Niezbędnik CD

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"Seven Remix XP" = Seven Remix XP 2.1

"SPEAKER" = Creative Speaker Settings

"VLC media player" = VLC media player 0.9.8a

"VP3 Codec for Video for Windows" = VP3 Codec for Video for Windows

"WinCleanerMemOptimizer_is1" = WinCleaner Memory Optimizer Version 5.2

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = Archiwizator WinRAR

"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Professional V4.3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"World of Goo/PL-Polish_is1" = World of Goo

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2010-07-24 07:41:57 | Computer Name = SUPER-KOMPUTER | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd gothic2.exe, wersja 2.6.0.0, moduł powodujący

błąd gothic2.exe, wersja 2.6.0.0, adres błędu 0x002c374c.

Error - 2010-07-24 09:19:51 | Computer Name = SUPER-KOMPUTER | Source = Ci | ID = 4124

Description = Indeks zawartości na c:\system volume information\catalog.wci jest

uszkodzony. Zamknij i ponownie uruchom Usługę indeksowania (cisvc).

Error - 2010-07-24 09:19:51 | Computer Name = SUPER-KOMPUTER | Source = Ci | ID = 4126

Description = Czyszczenie uszkodzonych metadanych indeksu zawartości na c:\system

volume information\catalog.wci. Indeks zostanie automatycznie przywrócony przez

ponowne przefiltrowanie wszystkich dokumentów.

Error - 2010-07-25 11:52:41 | Computer Name = SUPER-KOMPUTER | Source = Ci | ID = 4124

Description = Indeks zawartości na c:\system volume information\catalog.wci jest

uszkodzony. Zamknij i ponownie uruchom Usługę indeksowania (cisvc).

Error - 2010-07-25 11:52:41 | Computer Name = SUPER-KOMPUTER | Source = Ci | ID = 4126

Description = Czyszczenie uszkodzonych metadanych indeksu zawartości na c:\system

volume information\catalog.wci. Indeks zostanie automatycznie przywrócony przez

ponowne przefiltrowanie wszystkich dokumentów.

Error - 2010-07-27 07:15:08 | Computer Name = SUPER-KOMPUTER | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,

wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2010-07-27 07:15:08 | Computer Name = SUPER-KOMPUTER | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,

wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2010-07-27 09:29:05 | Computer Name = SUPER-KOMPUTER | Source = MsiInstaller | ID = 1013

Description = Produkt: NVIDIA PhysX -- Installation terminated

Error - 2010-07-28 04:34:37 | Computer Name = SUPER-KOMPUTER | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,

wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2010-07-28 04:34:37 | Computer Name = SUPER-KOMPUTER | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,

wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

bieżącego zegara systemowego lub sygnatury czasowej.

[ System Events ]

Error - 2010-07-27 06:57:05 | Computer Name = SUPER-KOMPUTER | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: SuperMounter

Error - 2010-07-27 07:11:17 | Computer Name = SUPER-KOMPUTER | Source = SideBySide | ID = 16842784

Description = Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT; ostatni błąd:

Odnośny zestaw nie jest zainstalowany w tym systemie.

Error - 2010-07-27 07:11:17 | Computer Name = SUPER-KOMPUTER | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.CRT. Odpowiedni

komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .

Error - 2010-07-27 07:11:17 | Computer Name = SUPER-KOMPUTER | Source = SideBySide | ID = 16842811

Description = Generate Activation Context nie powiodło się dla C:\DOCUME~1\Adin\USTAWI~1\Temp\RarSFX0\redist.dll.

Odpowiedni

komunikat o błędzie: Operacja ukończona pomyślnie. .

Error - 2010-07-27 08:34:55 | Computer Name = SUPER-KOMPUTER | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: SuperMounter

Error - 2010-07-27 10:51:10 | Computer Name = SUPER-KOMPUTER | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: SuperMounter

Error - 2010-07-27 13:07:16 | Computer Name = SUPER-KOMPUTER | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: SuperMounter

Error - 2010-07-27 15:06:48 | Computer Name = SUPER-KOMPUTER | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: SuperMounter

Error - 2010-07-28 02:50:00 | Computer Name = SUPER-KOMPUTER | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: SuperMounter

Error - 2010-07-28 09:32:14 | Computer Name = SUPER-KOMPUTER | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: SuperMounter

< End of report >

i

OTL logfile created on: 2010-07-28 19:26:14 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 73,58 Gb Free Space | 75,35% Space Free | Partition Type: NTFS

Drive D: | 7,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive E: | 135,22 Gb Total Space | 55,54 Gb Free Space | 41,07% Space Free | Partition Type: NTFS

Drive F: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: me

Current User Name: Adin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-07-28 19:25:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\OTL.exe

PRC - [2010-07-27 11:46:27 | 001,935,120 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe

PRC - [2010-07-27 11:46:14 | 003,630,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

PRC - [2010-07-25 15:50:16 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010-07-25 15:50:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010-04-01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010-03-02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008-04-14 22:51:18 | 001,542,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-01-29 05:20:27 | 002,177,576 | ---- | M] (Gainward Co.) -- C:\WINDOWS\TBPanel.exe

PRC - [2007-12-14 02:34:52 | 000,415,768 | ---- | M] (RoseCity Software) -- C:\Program Files\DiskMagik\DiskMgkS.exe

========== Modules (SafeList) ==========

MOD - [2010-07-28 19:25:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\OTL.exe

MOD - [2010-05-09 18:50:02 | 000,212,896 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll

MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010-07-27 11:46:27 | 001,935,120 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)

SRV - [2010-04-01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2007-12-14 02:34:52 | 000,415,768 | ---- | M] (RoseCity Software) [Auto | Running] -- C:\Program Files\DiskMagik\DiskMgkS.exe -- (DiskMgkS)

SRV - [2006-05-11 18:40:06 | 000,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem02.exe -- (sfrem02) FrontLine Drivers Auto Removal (v2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Adin\USTAWI~1\Temp\nsysaudm.sys -- (nsysaudm)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010-07-27 11:45:34 | 000,071,008 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)

DRV - [2010-06-14 23:10:00 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2010-06-03 22:50:54 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-05-15 12:37:26 | 000,039,576 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)

DRV - [2010-05-05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)

DRV - [2010-04-04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2010-03-29 21:11:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010-03-01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010-02-16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009-08-14 10:10:12 | 001,668,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)

DRV - [2009-05-11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009-01-09 15:50:01 | 000,016,512 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ? Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007-06-29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007-06-15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)

DRV - [2007-05-31 09:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007-03-16 04:11:38 | 000,012,256 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2007-03-16 04:11:38 | 000,012,256 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2006-07-05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)

DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2005-10-13 15:46:08 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)

DRV - [2005-09-29 19:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV - [2005-08-10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2005-01-10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2005-01-10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2004-10-28 13:08:37 | 000,019,840 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV - [2004-09-29 22:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)

DRV - [2004-09-03 19:23:10 | 000,115,680 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004-09-03 19:19:07 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2004-07-19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.pl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.pl/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-27 12:59:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-25 15:50:20 | 000,000,000 | ---D | M]

[2009-03-07 22:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adin\Dane aplikacji\Mozilla\Extensions

[2010-07-27 20:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adin\Dane aplikacji\Mozilla\Firefox\Profiles\uq20kh7q.default\extensions

[2009-12-26 12:17:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adin\Dane aplikacji\Mozilla\Firefox\Profiles\uq20kh7q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-06-27 20:35:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-06-26 09:59:22 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-06-26 09:59:22 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-06-26 09:59:22 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-06-26 09:59:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-06-26 09:59:22 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-06-26 09:59:22 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-04-12 18:11:30 | 000,303,128 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 10447 more lines...

O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Gainward] C:\WINDOWS\TBPanel.exe (Gainward Co.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()

O4 - HKLM..\Run: [Vistadrv] C:\Program Files\Vista Drive Status\vsdrv.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 89.228.6.21

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Adin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-07-30 18:28:07 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008-07-16 02:51:45 | 000,000,139 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2010-02-23 11:19:35 | 001,747,800 | R--- | M] () - F:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2008-01-28 20:26:18 | 000,000,049 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{725f86a5-63d4-11dd-b6db-001404327956}\Shell - "" = AutoRun

O33 - MountPoints2\{725f86a5-63d4-11dd-b6db-001404327956}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2010-02-23 11:19:35 | 001,747,800 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-07-28 16:57:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Adin\Recent

[2010-07-28 11:34:14 | 000,000,000 | ---D | C] -- C:\users

[2010-07-27 15:29:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\DEA314C409294250BC9298E4C105F28D.TMP

[2010-07-27 13:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Dane aplikacji\Avira

[2010-07-27 13:18:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2010-07-27 13:14:00 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010-07-27 13:13:54 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010-07-27 13:13:54 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010-07-27 13:13:54 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010-07-27 13:13:53 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010-07-27 13:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010-07-27 13:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira

[2010-07-27 11:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Moje dokumenty\Anti-Malware

[2010-07-27 11:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware

[2010-07-26 21:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Ustawienia lokalne\Dane aplikacji\storage

[2010-07-25 17:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinCleaner Memory Optimizer

[2010-07-25 16:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Moje dokumenty\Nowy folder

[2010-07-22 20:56:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Adin\Pulpit\Gry Beczki

[2010-07-16 15:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Dane aplikacji\InstallShield

[2010-07-15 19:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Moje dokumenty\gothic3

[2010-07-12 17:58:52 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2010-07-12 14:36:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

[2010-07-10 20:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Moje dokumenty\Eidos

[2010-07-10 20:41:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\6833245EDD86479A882A8360D62C8194.TMP

[2010-07-10 20:39:32 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\WINDOWS\System32\drivers\AmdLLD.sys

[2010-07-09 11:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Moje dokumenty\EA Games

[2010-07-07 20:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Dane aplikacji\WB Games

[2010-07-05 12:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Moje dokumenty\Medal of Honor MP Beta

[2010-07-03 19:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adin\Ustawienia lokalne\Dane aplikacji\Electronic_Arts_Inc

[2010-07-03 19:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts

[2010-06-29 21:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\BitDefender

[2010-06-29 21:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-07-28 19:26:24 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI

[2010-07-28 15:31:50 | 000,276,448 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010-07-28 15:31:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-07-28 15:28:48 | 016,252,928 | ---- | M] () -- C:\Documents and Settings\Adin\NTUSER.DAT

[2010-07-28 15:28:48 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Adin\ntuser.ini

[2010-07-27 21:06:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-07-27 19:50:32 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\Adin\Pulpit\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk

[2010-07-27 15:29:09 | 000,001,038 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Transformers - Wojna o Cybertron.lnk

[2010-07-27 14:29:55 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Quantum of Solace.lnk

[2010-07-27 13:14:43 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk

[2010-07-27 12:55:16 | 000,017,412 | ---- | M] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100727_125512.reg

[2010-07-27 11:36:05 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Emsisoft Anti-Malware.lnk

[2010-07-27 10:55:43 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv

[2010-07-26 20:53:24 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia? Zapomniane Piaski.lnk

[2010-07-25 17:21:41 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Adin\Pulpit\WinCleaner Memory Optimizer.lnk

[2010-07-25 12:22:00 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Adin\Dane aplikacjiprivacy.xml

[2010-07-24 13:26:20 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100724_132618.reg

[2010-07-23 19:20:15 | 003,741,466 | -H-- | M] () -- C:\Documents and Settings\Adin\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-07-22 20:54:56 | 000,036,178 | ---- | M] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100722_205453.reg

[2010-07-22 20:45:27 | 000,000,209 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010-07-19 19:33:45 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Adin\Dane aplikacjiProductTweaks.xml

[2010-07-19 14:34:54 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\Adin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-18 20:33:41 | 003,414,528 | ---- | M] (Karol Winnicki) -- C:\Documents and Settings\Adin\Pulpit\BESTplayer.exe

[2010-07-17 23:36:58 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gothic II Złota Edycja.lnk

[2010-07-16 15:21:12 | 000,000,922 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Driver Parallel Lines.lnk

[2010-07-15 22:16:34 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk

[2010-07-15 16:52:38 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gothic III.lnk

[2010-07-15 14:35:38 | 000,005,320 | ---- | M] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100715_143534.reg

[2010-07-12 17:58:53 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2010-07-12 17:27:22 | 000,021,190 | ---- | M] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100712_172719.reg

[2010-07-10 20:39:44 | 000,000,237 | RHS- | M] () -- C:\boot.ini

[2010-07-10 20:39:21 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Batman Arkham Asylum.lnk

[2010-07-09 11:54:47 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mirror's Edge?.lnk

[2010-07-05 10:37:35 | 000,000,025 | ---- | M] () -- C:\Documents and Settings\Adin\Dane aplikacji\bdfvconp.ini

[2010-07-03 22:49:29 | 000,002,138 | ---- | M] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100703_224926.reg

[2010-06-30 16:34:05 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Adin\Dane aplikacjiuser_gensett.xml

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\wsbl.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_unmip.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_histprot.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_summ.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_spoof.sig

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_sign.slf

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_fuzzy.sig

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_black.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat

[2010-06-30 12:00:17 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml

[2010-06-29 23:02:11 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\asdict.dat

[2010-06-29 23:02:11 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\aspdict-en.dat

[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-27 19:50:32 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\Adin\Pulpit\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk

[2010-07-27 15:29:09 | 000,001,038 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Transformers - Wojna o Cybertron.lnk

[2010-07-27 14:29:55 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Quantum of Solace.lnk

[2010-07-27 13:14:43 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk

[2010-07-27 12:55:13 | 000,017,412 | ---- | C] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100727_125512.reg

[2010-07-27 11:36:05 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Emsisoft Anti-Malware.lnk

[2010-07-26 20:53:24 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia? Zapomniane Piaski.lnk

[2010-07-25 17:21:41 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Adin\Pulpit\WinCleaner Memory Optimizer.lnk

[2010-07-24 13:26:19 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100724_132618.reg

[2010-07-22 20:54:55 | 000,036,178 | ---- | C] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100722_205453.reg

[2010-07-17 23:36:58 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gothic II Złota Edycja.lnk

[2010-07-16 15:21:12 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Driver Parallel Lines.lnk

[2010-07-15 22:11:15 | 000,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk

[2010-07-15 16:52:38 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gothic III.lnk

[2010-07-15 14:35:37 | 000,005,320 | ---- | C] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100715_143534.reg

[2010-07-12 17:27:21 | 000,021,190 | ---- | C] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100712_172719.reg

[2010-07-10 20:39:21 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Batman Arkham Asylum.lnk

[2010-07-09 11:54:47 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mirror's Edge?.lnk

[2010-07-05 10:37:35 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Adin\Dane aplikacji\bdfvconp.ini

[2010-07-03 22:49:28 | 000,002,138 | ---- | C] () -- C:\Documents and Settings\Adin\Moje dokumenty\cc_20100703_224926.reg

[2010-06-30 16:34:06 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Adin\Dane aplikacjiProductTweaks.xml

[2010-06-30 16:34:05 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Adin\Dane aplikacjiuser_gensett.xml

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_spoof.sig

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_sign.slf

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_fuzzy.sig

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat

[2010-06-30 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat

[2010-06-30 12:00:17 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml

[2010-06-29 23:02:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat

[2010-06-29 23:02:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat

[2010-06-29 21:36:34 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Adin\Dane aplikacjiprivacy.xml

[2010-06-29 21:34:09 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\ashttpstats.csv

[2010-05-12 09:03:44 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-05-12 09:03:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010-05-12 09:03:43 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-05-12 09:03:43 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010-05-12 09:03:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010-05-12 09:03:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010-03-24 21:15:09 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009-12-23 14:24:53 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini

[2009-12-23 14:24:53 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009-08-13 15:13:57 | 000,000,177 | ---- | C] () -- C:\WINDOWS\Encyklopedia.INI

[2009-05-21 06:24:48 | 000,001,817 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009-04-25 12:39:55 | 000,000,056 | ---- | C] () -- C:\WINDOWS\sub.ini

[2009-02-26 23:07:41 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2009-02-25 15:25:23 | 000,000,081 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini

[2008-11-29 14:19:46 | 000,001,277 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI

[2008-11-15 22:49:31 | 000,000,689 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2008-11-06 23:32:53 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2008-10-28 21:49:11 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008-10-24 17:41:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008-09-21 11:48:51 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Spiderman.INI

[2008-08-28 17:02:41 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-08-28 17:02:41 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-08-16 21:39:10 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008-08-06 18:24:48 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008-08-05 11:31:06 | 000,000,209 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008-08-04 16:39:07 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini

[2008-08-02 16:21:55 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2008-07-30 21:02:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008-07-30 18:30:57 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI

[2008-07-30 18:24:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\TBPanelExt.dll

[2008-07-30 18:24:56 | 000,012,285 | ---- | C] () -- C:\WINDOWS\Cadx3.ini

[2008-07-30 18:24:56 | 000,006,942 | ---- | C] () -- C:\WINDOWS\cadx2.ini

[2008-07-30 18:24:56 | 000,005,120 | ---- | C] () -- C:\WINDOWS\TBManage.dll

[2006-03-17 17:11:56 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll

[2005-09-01 16:20:46 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll

[2003-10-02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:CEBB831AD1FDCA7C

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:364682BC

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6CC69D3C

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:61435A52

< End of report >

To skan z OTL

Czy mogę wgrać Malwarebytes Anti-Malware, jeśli mam wgrany Emsisoft Anti-Malware i Avire ???

Sevard · Lipiec 28, 2010

Tak, można ten program zainstalować obok posiadanego oprogramowania antywirusowego.

Daj jeszcze log z GMERa. Z tego co widzę coś nie poszło przy odinstalowaniu Super Mountera, ale to nie powinno być problemem.

Wrzuć do napędu płytę z Windowsem, otwórz wiersz poleceń (Start > Uruchom ... i tam wpisz cmd) i w nim wpisz komednę

sfc /scannow

ta komenda sprawdzi pliki systemowe i spróbuje naprawić wszelkie znalezione błędy.

Sprawdź też jakie wirusy zostały wykryte podczas wcześniejszych skanów i wymień je na forum.

DominikGAMERS · Lipiec 29, 2010

A czy system podczas naprawiania plików może zniwelować działanie pewnego moda zmieniającego wygląd Windowsa ?

Skan tymi programami wrzucę za 3-4 godziny.

Sevard · Lipiec 29, 2010

Ten mod może być niestety przyczyną aczkolwiek trudno mi powiedzieć dokładniej, bo go nie używałem. sfc może tego moda zmodyfikować, lub nie, zależy jak on jest zbudowany. Jako, że go nie znam, to nie będę wyrokował.

DominikGAMERS · Lipiec 29, 2010

No i kolejny problem uruchamiam GMERa i NIC pokazuje się okno na 2 s. a potem znika, Firefox nie uruchamia się dopiero za którymś razem, nie mogę zrobić pełnego skanowania Avirą ten sam problem co z GMERem ... :wallbash:

No zamknąłem dziwny proces ( a właściwie dwa ) pod nazwą rundll32 i działa GMER...

Sevard · Lipiec 29, 2010

Spróbuj użyć GMERa w trybie awaryjnym, jeśli i to nic nie da, to zamiast niego użyj programu RootRepeal.

I nadal czekam na log z Malwarebytes'.

DominikGAMERS · Lipiec 29, 2010

GMER działa tylko albo się zawiesza, albo się nie uruchamia ...

Zaraz zeskanuje to dam log ...

DominikGAMERS · Lipiec 29, 2010

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-07-29 17:02:57

Windows 5.0.2195

Running: 929g8y7f.exe; Driver: C:\DOCUME~1\Adin\USTAWI~1\Temp\awldykog.sys

---- System - GMER 1.0.15 ----

SSDT B879D29E ZwCreateKey

SSDT B879D294 ZwCreateThread

SSDT B879D2A3 ZwDeleteKey

SSDT B879D2AD ZwDeleteValueKey

SSDT spzy.sys ZwEnumerateKey [0xB7EC5CA4]

SSDT spzy.sys ZwEnumerateValueKey [0xB7EC6032]

SSDT B879D2B2 ZwLoadKey

SSDT spzy.sys ZwOpenKey [0xB7EA70C0]

SSDT B879D280 ZwOpenProcess

SSDT B879D285 ZwOpenThread

SSDT spzy.sys ZwQueryKey [0xB7EC610A]

SSDT spzy.sys ZwQueryValueKey [0xB7EC5F8A]

SSDT B879D2BC ZwReplaceKey

SSDT B879D2B7 ZwRestoreKey

SSDT B879D2A8 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

? spzy.sys Nie można odnaleźć określonego pliku. !

.sfreloc˙˙˙˙sfsync03unknown last section [0xB80F5000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xB80F5000, 0xA20, 0x40000040]

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB2880380, 0x566445, 0xE8000020]

.text USBPORT.SYS!DllUnload B283D8AC 5 Bytes JMP 89ADB4E0

.text axgjc5l1.SYS B25F4386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]

.text axgjc5l1.SYS B25F43AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

.text axgjc5l1.SYS B25F43C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}

.text axgjc5l1.SYS B25F43C9 1 Byte [30]

.text axgjc5l1.SYS B25F43C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text ...

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAF5F1300, 0x3B6D8, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83D8300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\ctfmon.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[252] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\ctfmon.exe[252] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[252] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\ctfmon.exe[252] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[252] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\ctfmon.exe[252] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[252] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\WINDOWS\system32\ctfmon.exe[252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A50001

.text C:\WINDOWS\system32\ctfmon.exe[252] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\WINDOWS\system32\ctfmon.exe[252] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\WINDOWS\system32\ctfmon.exe[252] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[252] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\WINDOWS\system32\ctfmon.exe[252] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\WINDOWS\system32\ctfmon.exe[252] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[252] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\ctfmon.exe[252] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\WINDOWS\system32\ctfmon.exe[252] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\WINDOWS\system32\ctfmon.exe[252] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[340] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00455589 C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH)

.text C:\WINDOWS\TBPanel.exe[1532] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\TBPanel.exe[1532] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\TBPanel.exe[1532] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\WINDOWS\TBPanel.exe[1532] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\TBPanel.exe[1532] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\WINDOWS\TBPanel.exe[1532] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\TBPanel.exe[1532] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\WINDOWS\TBPanel.exe[1532] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\TBPanel.exe[1532] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\WINDOWS\TBPanel.exe[1532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001

.text C:\WINDOWS\TBPanel.exe[1532] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\WINDOWS\TBPanel.exe[1532] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\WINDOWS\TBPanel.exe[1532] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\WINDOWS\TBPanel.exe[1532] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\TBPanel.exe[1532] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\WINDOWS\TBPanel.exe[1532] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\WINDOWS\TBPanel.exe[1532] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\WINDOWS\TBPanel.exe[1532] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\WINDOWS\TBPanel.exe[1532] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\WINDOWS\TBPanel.exe[1532] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [7A, 71] {JP 0x73}

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [80, 71]

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [7D, 71] {JGE 0x73}

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [83, 71]

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00455EB5 C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Background Guard/Emsi Software GmbH)

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 7189001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 7186001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 718C001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 7192001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 718F001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] USER32.dll!SendInput + 4 7E37F144 2 Bytes [98, 71]

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 7195001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 719E001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 719B001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] WS2_32.dll!WSALookupServiceBeginW 71A535EF 6 Bytes JMP 71A1001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] WS2_32.dll!connect 71A54A07 6 Bytes JMP 71AE001E

.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[1744] WS2_32.dll!listen 71A58CD3 6 Bytes JMP 71A8001E

.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\WINDOWS\Explorer.EXE[1956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001

.text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\WINDOWS\Explorer.EXE[1956] WS2_32.dll!WSALookupServiceBeginW 00FC35EF 6 Bytes JMP 717F0F5A

.text C:\WINDOWS\Explorer.EXE[1956] WS2_32.dll!connect 00FC4A07 6 Bytes JMP 71850F5A

.text C:\WINDOWS\Explorer.EXE[1956] WS2_32.dll!listen 00FC8CD3 6 Bytes JMP 71820F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1988] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2396] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00960001

.text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\WINDOWS\system32\wscntfy.exe[2396] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\WINDOWS\system32\wscntfy.exe[2396] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 719A0F5A

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 71A00F5A

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719D0F5A

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A5, 71]

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A30F5A

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AC0F5A

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A90F5A

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 71970F5A

.text C:\Documents and Settings\Adin\Pulpit\Folder Pobieranych plików\929g8y7f.exe[3992] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 71940F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b7EA8042] spzy.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b7EA813E] spzy.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b7EA80C0] spzy.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b7EA8800] spzy.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b7EA86D6] spzy.sys

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!KeGetCurrentIrql] 9E880000

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!KfRaiseIrql] 00001CA9

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!KfLowerIrql] 0E798366

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!HalGetInterruptVector] 74AAB000

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!HalTranslateBusAddress] 8186C636

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[WMILIB.SYS!WmiSystemControl] 8800001C

IAT \SystemRoot\System32\Drivers\axgjc5l1.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- EOF - GMER 1.0.15 ----

to tylko część tego co mi wynalaz bo zaciął się na jakimś pliku ( winlog chyba ) nie zaciął a raczej zatrzymał.

Chyba pozostało mi jedno: reinstal Windowsa XP ... :wacko:

No muszę jeszcze wgrać ten antywirus co podałeś wyżej, choć WĄTPIĘ by coś zaradził ...

Sevard · Lipiec 29, 2010

Log i tak by się na nic nie zdał, bo widzę, że jest zainstalowane oprogramowanie emulujące napędy, które przed generowaniem logów z GMERa trzeba usunąć. Generalnie nie widzę, żeby szalało coś bardzo groźnego, ale nie mam wszystkich potrzebnych informacji. Reinstalka raczej nie będzie konieczna.

Od jutra rana do wtorku nie będzie mnie na forum, więc i tak niewiele pomogę w najlbliższym czasie. Tu masz krótką listę porządnych stron, na których można znaleźć pomoc. Generalnie polecam strony anglojęzyczne.

DominikGAMERS · Sierpień 19, 2010

Problem rozwiązał się po wywaleniu antywirusa i wgraniu Comodo Internet Security :laugh: Proszę więc o zamknięcie tematu :cool:

org · Sierpień 19, 2010

Problem rozwiązany, więc temat zamykam.

W razie potrzeby otwarcia tematu, proszę o kontakt przez PW.

Zaloguj się

Zarchiwizowany

Rozwiązany: Problem z panelem sterowania i nie tylko

Polecane posty

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Kto przegląda 0 użytkowników