Keylogger

Kwikhodron · Maj 11, 2010

No więc jak w temacie, prawdopodobnie mam keyloggera na kompie.

Nie jestem pewien czy dobrze zrobiłem wszystko z tymi logami bo się mi zbyt długie wydają.

1 log z OTL

OTL logfile created on: 2010-05-11 19:58:42 - Run 1

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\user\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 6.20 Gb Free Space | 12.70% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 205.08 Gb Total Space | 204.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Drive F: | 211.85 Gb Total Space | 118.93 Gb Free Space | 56.14% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: USER-AF6E49464E

Current User Name: user

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color="#E56717"]========== Processes (SafeList) ==========[/color]


PRC - [2010-05-11 19:47:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2010-04-07 21:08:52 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2010-04-07 21:08:30 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2010-04-03 11:19:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- F:\Firefox\firefox.exe

PRC - [2010-03-25 18:22:45 | 011,539,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe

PRC - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

PRC - [2010-01-19 01:43:57 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe

PRC - [2009-10-28 13:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

PRC - [2009-02-13 19:17:54 | 005,634,560 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

PRC - [2009-02-03 17:28:24 | 002,181,672 | ---- | M] (Gainward Co.) -- C:\Program Files\EXPERTool\TBPANEL.exe

PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe



[color="#E56717"]========== Modules (SafeList) ==========[/color]


MOD - [2010-05-11 19:47:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe

MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx



[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [On_Demand | Stopped] --  -- (PVK)

SRV - File not found [On_Demand | Stopped] --  -- (OBNOAATNZ)

SRV - [2010-04-07 21:13:20 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2010-04-07 21:08:52 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2009-10-11 23:27:07 | 003,369,044 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)



[color="#E56717"]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | Disabled | Running] --  -- (GEARAspiWDM)

DRV - [2010-04-07 21:09:48 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)

DRV - [2010-04-07 21:08:36 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010-04-07 21:05:12 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2009-11-08 21:41:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-08-17 18:31:15 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009-08-17 18:31:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009-02-19 11:26:38 | 006,307,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009-02-03 11:22:00 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-09-25 15:51:42 | 000,115,328 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008-08-05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008-07-15 11:44:30 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2008-05-09 21:33:30 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- F:\Program Files\L2\system\npkcrypt.sys -- (npkcrypt)

DRV - [2008-05-09 21:33:30 | 000,015,472 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- F:\Program Files\L2\system\npkcusb.sys -- (npkcusb)

DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows ? Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2007-04-16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2007-03-28 20:29:12 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)

DRV - [2007-03-28 20:29:10 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)

DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2006-06-01 15:15:20 | 000,509,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xnacc.sys -- (xnacc)

DRV - [2006-01-04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2004-08-15 10:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)



[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]



[color="#E56717"]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url]

IE - HKU\S-1-5-21-583907252-57989841-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color="#E56717"]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.4

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.6

FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.0.3

FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5

FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.3

FF - prefs.js..keyword.URL: ""

FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Documents%20and%20Settings/user/Ustawienia%20lokalne/Dane%20aplikacji/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4aeb06b8.pac"

FF - prefs.js..network.proxy.no_proxies_on: ""

FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: F:\Nowy folder\components

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: F:\Nowy folder\plugins

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: F:\Firefox\components [2010-04-03 15:09:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: F:\Firefox\plugins [2010-04-03 11:19:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-05-09 23:06:57 | 000,000,000 | ---D | M]


[2009-06-27 16:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions

[2010-05-11 15:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions

[2010-04-27 22:30:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010-05-01 00:20:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-04-27 22:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\cfxe@Triton

[2010-04-27 22:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\cfxHelper@Triton

[2010-03-25 20:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\chromifox@altmusictv.com

[2010-03-12 20:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\youtube2mp3@mondayx.de

[2010-05-01 00:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\YoutubeDownloader@PeterOlayev.com

[2010-01-20 11:30:44 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\searchplugins\askcom.xml

[2009-07-14 18:50:01 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\searchplugins\mozilla-add-ons.xml

[2009-10-24 21:14:58 | 000,005,609 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\searchplugins\nonsensopedia-pl.xml

[2009-09-08 20:43:15 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml


O1 HOSTS File: ([2009-11-21 16:44:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\user\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll File not found

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()

O4 - HKU\S-1-5-21-583907252-57989841-1417001333-1004..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-583907252-57989841-1417001333-1004..\Run: [DAEMON Tools Lite] F:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-583907252-57989841-1417001333-1004..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.)

O4 - HKLM..\RunOnce: [Remove Norton Ghost]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url] (MksSkanerOnline Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-27 11:27:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-05-11 19:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\Filmiki Screeny fraps

[2010-05-10 22:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Symantec_Corporation

[2010-05-10 22:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\PC Tools

[2010-05-10 22:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools

[2010-05-10 22:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Threat Expert

[2010-05-10 22:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\GHISLER

[2010-05-10 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Symantec

[2010-05-10 21:32:17 | 000,128,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WimFltr.sys

[2010-05-10 21:32:16 | 000,014,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\vproeventmonitor.sys

[2010-05-10 21:32:14 | 000,037,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\v2imount.sys

[2010-05-10 21:32:11 | 000,131,944 | ---- | C] (StorageCraft) -- C:\WINDOWS\System32\drivers\symsnap.sys

[2010-05-10 21:31:22 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll

[2010-05-10 21:31:15 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR71.DLL

[2010-05-10 21:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2010-05-10 21:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Symantec

[2010-05-10 20:41:08 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010-05-10 19:43:58 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll

[2010-05-10 19:43:58 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll

[2010-05-10 19:43:58 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll

[2010-05-10 19:32:27 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys

[2010-05-10 19:32:19 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys

[2010-05-10 19:32:19 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys

[2010-05-10 19:32:03 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

[2010-05-10 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2010-05-10 19:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2010-05-10 18:15:34 | 000,000,000 | ---D | C] -- C:\totalcmd

[2010-05-10 17:26:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-05-09 23:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET

[2010-05-09 23:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\ESET

[2010-05-09 23:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage

[2010-05-09 23:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010-05-09 23:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2010-05-09 21:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Malwarebytes

[2010-05-09 21:59:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-05-09 21:59:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-05-09 21:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-05-09 21:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-05-09 19:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-05-09 18:48:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010-05-04 22:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline

[2010-05-02 18:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Moje pliki Bitwy o Śródziemie? II

[2010-05-01 23:27:47 | 000,000,000 | ---D | C] -- C:\data

[2010-05-01 21:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\Battle Painters

[2010-05-01 20:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache

[2010-05-01 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\3DO

[2010-05-01 13:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Paradox Entertainment

[2010-04-26 20:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE

[2010-04-26 18:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Fallout3

[2010-04-26 18:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Fallout3

[2010-04-26 18:29:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive

[2010-04-18 18:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\AMAI2.54SE

[2010-04-12 18:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\skypePM

[2010-04-12 14:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Skype

[2010-04-12 14:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010-04-12 14:54:39 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010-04-12 14:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


[color="#E56717"]========== Files - Modified Within 30 Days ==========[/color]


[2010-05-11 16:17:36 | 000,118,530 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\procesy.JPG

[2010-05-11 16:12:49 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT

[2010-05-11 16:05:06 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\HijackThis.lnk

[2010-05-11 15:41:55 | 000,018,402 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\kikij.jpg

[2010-05-11 15:26:49 | 001,087,700 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-05-11 15:26:49 | 000,490,614 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-05-11 15:26:49 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-05-11 15:26:49 | 000,083,864 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-05-11 15:26:49 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-05-11 15:26:09 | 000,211,754 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010-05-11 15:26:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-05-11 15:26:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-05-10 22:45:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-05-10 21:59:45 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-05-10 20:44:25 | 002,643,670 | -H-- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-05-10 19:32:11 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk

[2010-05-10 18:15:37 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Total Commander.lnk

[2010-05-10 18:02:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-05-10 17:23:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-05-10 17:18:41 | 003,685,394 | R--- | M] () -- C:\Documents and Settings\user\Pulpit\ComboFix.exe

[2010-05-09 22:49:38 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010-05-09 21:59:06 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-05-09 19:24:59 | 000,256,861 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\kopalnia drewna.JPG

[2010-05-09 18:39:29 | 000,234,482 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\....jk.jk.JPG

[2010-05-09 12:38:52 | 000,034,251 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\1265218475_by_TankDisuzu_500.jpg

[2010-05-07 23:05:53 | 000,002,761 | ---- | M] () -- C:\Documents and Settings\user\.recently-used.xbel

[2010-05-07 20:05:47 | 000,258,985 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\grzegorz brzeczyszczywiekicz.JPG

[2010-05-07 19:44:18 | 000,212,079 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\maslo123.JPG

[2010-05-07 19:38:04 | 000,219,329 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\mama.JPG

[2010-05-07 18:44:36 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\[beeep].bmp

[2010-05-07 00:16:07 | 000,044,905 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\imgOpeth1.jpg

[2010-05-05 22:53:50 | 000,002,639 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\rslogo.gif

[2010-05-04 21:26:15 | 010,887,168 | ---- | M] () -- C:\WINDOWS\System32\python-2.4.msi

[2010-05-02 18:52:53 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Bitwa o Śródziemie? II.lnk

[2010-05-01 23:27:56 | 000,786,676 | ---- | M] () -- C:\lotra.sec

[2010-05-01 23:26:42 | 001,747,604 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\acevil06_f01.mp3

[2010-05-01 19:22:51 | 000,001,006 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Heroes of Might and Magic III - Złota Edycja.lnk

[2010-05-01 14:33:46 | 039,799,739 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\allinon1.zip

[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-04-26 22:32:57 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Fallout 3.lnk

[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2010-04-25 00:03:05 | 000,019,723 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Kosz_na_smieci_PlastTeam_1340.jpg

[2010-04-24 20:36:57 | 000,053,316 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\strach-na-wroble-d.jpg

[2010-04-23 23:26:11 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2010-04-23 21:52:04 | 000,058,833 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\ciemny-las1.jpg

[2010-04-19 19:20:25 | 000,032,353 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\user_image.php.gif

[2010-04-14 23:57:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-04-14 23:10:57 | 000,323,806 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\dżonson.bmp

[2010-04-14 20:14:41 | 000,034,855 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\1271268525_by_pepee_500.jpg

[2010-04-12 18:34:04 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010-04-12 15:43:02 | 000,013,888 | ---- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-04-12 14:40:38 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


[color="#E56717"]========== Files Created - No Company Name ==========[/color]


[2010-05-11 16:17:36 | 000,118,530 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\procesy.JPG

[2010-05-11 16:05:06 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\HijackThis.lnk

[2010-05-11 15:41:54 | 000,018,402 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\kikij.jpg

[2010-05-10 22:45:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-05-10 19:43:59 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll

[2010-05-10 19:43:58 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip

[2010-05-10 19:43:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml

[2010-05-10 19:43:58 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml

[2010-05-10 19:43:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip

[2010-05-10 19:32:27 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat

[2010-05-10 19:32:20 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat

[2010-05-10 19:32:19 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat

[2010-05-10 19:32:11 | 000,001,655 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk

[2010-05-10 19:32:04 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat

[2010-05-10 18:15:37 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Total Commander.lnk

[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF

[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF

[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF

[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF

[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF

[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF

[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF

[2010-05-09 21:59:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-05-09 19:24:59 | 000,256,861 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\kopalnia drewna.JPG

[2010-05-09 18:39:29 | 000,234,482 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\....jk.jk.JPG

[2010-05-09 12:38:52 | 000,034,251 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\1265218475_by_TankDisuzu_500.jpg

[2010-05-07 23:05:53 | 000,002,761 | ---- | C] () -- C:\Documents and Settings\user\.recently-used.xbel

[2010-05-07 20:05:47 | 000,258,985 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\grzegorz brzeczyszczywiekicz.JPG

[2010-05-07 19:43:51 | 000,212,079 | ---- | C] () -- C:\Documents and Settings\user\Moje dokumenty\maslo123.JPG

[2010-05-07 19:37:37 | 000,219,329 | ---- | C] () -- C:\Documents and Settings\user\Moje dokumenty\mama.JPG

[2010-05-07 18:44:35 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\[beeep].bmp

[2010-05-07 00:16:06 | 000,044,905 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\imgOpeth1.jpg

[2010-05-05 22:53:50 | 000,002,639 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\rslogo.gif

[2010-05-04 21:24:44 | 010,887,168 | ---- | C] () -- C:\WINDOWS\System32\python-2.4.msi

[2010-05-02 18:52:53 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Bitwa o Śródziemie? II.lnk

[2010-05-01 23:27:56 | 000,786,676 | ---- | C] () -- C:\lotra.sec

[2010-05-01 23:26:42 | 001,747,604 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\acevil06_f01.mp3

[2010-05-01 19:23:35 | 039,799,739 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\allinon1.zip

[2010-05-01 19:22:51 | 000,001,006 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Heroes of Might and Magic III - Złota Edycja.lnk

[2010-04-26 22:32:57 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Fallout 3.lnk

[2010-04-25 00:03:05 | 000,019,723 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Kosz_na_smieci_PlastTeam_1340.jpg

[2010-04-24 20:36:57 | 000,053,316 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\strach-na-wroble-d.jpg

[2010-04-23 21:52:03 | 000,058,833 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\ciemny-las1.jpg

[2010-04-19 19:20:25 | 000,032,353 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\user_image.php.gif

[2010-04-14 23:10:41 | 000,323,806 | ---- | C] () -- C:\Documents and Settings\user\Moje dokumenty\dżonson.bmp

[2010-04-14 20:14:41 | 000,034,855 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\1271268525_by_pepee_500.jpg

[2010-04-14 20:12:29 | 000,826,092 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\AMAI2.54SE.rar

[2010-04-12 18:34:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010-04-12 14:54:40 | 000,002,267 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2010-04-10 18:57:25 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2009-12-28 19:13:03 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-12-28 19:12:43 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2009-11-06 18:30:23 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-10-09 20:32:46 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009-07-02 15:26:44 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2009-06-29 15:12:48 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009-06-29 15:12:48 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009-06-27 11:41:04 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009-06-27 11:41:04 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009-06-27 11:41:03 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009-06-27 11:41:03 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009-06-27 11:32:38 | 000,043,616 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009-06-27 11:32:14 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009-06-27 11:31:58 | 000,036,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009-06-27 11:31:58 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009-02-19 11:26:38 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009-02-19 11:26:38 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009-02-19 11:26:38 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009-02-19 11:26:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009-02-19 11:26:38 | 000,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini

[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2007-08-23 18:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll


[color="#E56717"]========== LOP Check ==========[/color]


[2009-10-31 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy

[2009-11-08 21:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2010-05-09 23:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2010-04-26 18:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fallout3

[2010-03-25 18:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2010-04-15 20:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2010-03-06 00:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games

[2009-08-10 21:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution

[2009-11-13 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony

[2009-11-07 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit

[2009-08-17 18:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tages

[2010-05-11 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2009-09-14 16:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinZipSE

[2010-03-12 00:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Audacity

[2010-01-17 22:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\BitTorrent

[2009-10-09 20:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools Lite

[2009-08-17 15:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\DBV

[2010-03-24 20:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\fofix

[2010-03-25 18:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu 10

[2010-05-10 22:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\GHISLER

[2009-12-26 23:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\gtk-2.0

[2010-05-02 19:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Moje pliki Bitwy o Śródziemie? II

[2010-04-15 10:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Nowe Gadu-Gadu

[2009-08-08 22:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\OpenFM

[2009-11-13 21:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Publish Providers

[2009-08-10 22:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\RTPlayer

[2010-04-06 22:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Sony

[2009-11-23 21:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Sony Creative Software

[2009-11-13 19:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Sony Setup

[2010-02-28 01:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\TS3Client

[2009-10-30 18:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Tunebite

[2009-08-17 18:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Ubisoft

[2009-06-29 15:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\XRay Engine


[color="#E56717"]========== Purity Check ==========[/color]




[color="#E56717"]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D74B6CF5

< End of report >

i 2 log z OTL:



OTL Extras logfile created on: 2010-05-11 19:58:42 - Run 1

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\user\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 6.20 Gb Free Space | 12.70% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 205.08 Gb Total Space | 204.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Drive F: | 211.85 Gb Total Space | 118.93 Gb Free Space | 56.14% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: USER-AF6E49464E

Current User Name: user

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]


[HKEY_USERS\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- F:\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "F:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"F:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe" = F:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI) -- ()

"F:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe" = F:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV) -- ()

"F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()

"F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()

"F:\Program Files\Counter-Strike\hl.exe" = F:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"F:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = F:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- (Related Designs)

"F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Strona ANNO 1404 -- ()

"F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Benchmark.exe" = F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Benchmark.exe:*:Enabled:Program testowy Anno 1404 -- ()

"F:\Program Files\Team17\Worms World Party\wwp.exe" = F:\Program Files\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party -- File not found

"F:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = F:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty? 4 - Modern Warfare -- ()

"F:\Program Files\Starcraft\StarCraft.exe" = F:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)

"F:\Program Files\Electronic Arts\Bitwa o Śródziemie II\game.dat" = F:\Program Files\Electronic Arts\Bitwa o Śródziemie II\game.dat:*:Enabled:Bitwa o Śródziemie? II -- (Electronic Arts Inc.)

"F:\Program Files\Electronic Arts\Bitwa o Śródziemie II\patchget.dat" = F:\Program Files\Electronic Arts\Bitwa o Śródziemie II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)

"F:\Program Files\BitTorrent\bittorrent.exe" = F:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe" = C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:Teamspeak RC2 -- File not found

"F:\Program Files\Aspyr\Guitar Hero III\GH3.exe" = F:\Program Files\Aspyr\Guitar Hero III\GH3.exe:*:Enabled:Guitar Hero III -- (Aspyr Media, Inc.)

"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)

"F:\Program Files\L2\system\l2.exe" = F:\Program Files\L2\system\l2.exe:*:Enabled:l2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III

"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III

"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Bitwa o Śródziemie? II

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404

"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones

"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5

"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0

"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon

"{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II Złota Edycja

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{758A4269-70E5-4B11-B419-F692882408A9}" = Gothic

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85DCB3AA-90D3-444B-880C-C72951252E55}" = ESET NOD32 Antivirus

"{8B743AA0-53B2-11D2-808A-00600895FB43}" = Heroes of Might and Magic III - Złota Edycja

"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish

"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE

"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C1697B05-A03B-4E73-9436-698F04BFBB91}" = Anno 1404

"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype? 4.2

"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX

"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty? 4 - Modern Warfare

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin Edycja Rozszerzona

"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl

"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)

"BitTorrent" = BitTorrent

"Browser Defender_is1" = Browser Defender 2.0.6.15

"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam

"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.01

"EXPERTool_is1" = EXPERTool 7.2

"FormatFactory" = FormatFactory 2.15

"Fraps" = Fraps (remove only)

"G2MeshesAndTexturesPack0.2b" = G2MeshesAndTexturesPack

"Heroes III The Shadow of Death" = Heroes of Might and Magic? III The Shadow of Death

"HijackThis" = HijackThis 2.0.2

"Hopmon PL" = Hopmon PL

"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty? 4 - Modern Warfare

"Intelligent Ball [DP]" = Inteligentna piłka

"IVONA - syntezator mowy, wersja rehabilitacyjna" = IVONA - syntezator mowy, wersja rehabilitacyjna

"Kangurek KAO" = Kangurek KAO

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Nowe Gadu-Gadu" = Nowe Gadu-Gadu

"NVIDIA Drivers" = NVIDIA Drivers

"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky [v1.0008]

"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl

"SkanerOnline" = Skaner on-line mks_vir

"Spyware Doctor" = Spyware Doctor 7.0

"Starcraft" = Starcraft

"SystemRequirementsLab" = System Requirements Lab

"Totalcmd" = Total Commander (Remove or Repair)

"Tunatic" = Tunatic

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"WinGimp-2.0_is1" = GIMP 2.6.6

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"World of Goo/PL-Polish_is1" = World of Goo

"Worms World Party" = Worms World Party (remove only)

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========


[HKEY_USERS\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Warcraft III" = Warcraft III: wszystkie elementy

"Winamp Detect" = Detektor Winampa

========== Last 10 Event Log Errors ==========


[ Application Events ]

Error - 2009-11-26 14:00:10 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-26 14:00:11 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-26 14:01:30 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-26 14:05:52 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-26 14:07:38 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-26 14:08:13 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-26 14:12:41 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-30 10:51:55 | Computer Name = USER-AF6E49464E | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd winamp.exe, wersja 5.5.5.2435, moduł powodujący

 błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x0001b21a.


Error - 2009-12-01 16:11:15 | Computer Name = USER-AF6E49464E | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł

 powodujący błąd avisplitter.ax, wersja 1.3.1290.0, adres błędu 0x00023918.


Error - 2009-12-06 18:39:22 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3593, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


[ System Events ]

Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126


Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126


Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126


Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126


Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126


Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126


Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126


Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126


Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126


Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

 błąd:   %%126



< End of report >

I log z Malwarebytes Anti-malware:



Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org


Wersja bazy: 4084


Windows 5.1.2600 Dodatek Service Pack 3

Internet Explorer 6.0.2900.5512


2010-05-11 20:31:23

mbam-log-2010-05-11 (20-31-23).txt


Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|H:\|)

Przeskanowano obiektów: 200048

Upłynęło: 18 minut(y), 22 sekund(y)


Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 0

Zainfekowanych folderów: 0

Zainfekowanych plików: 2


Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)


Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)


Zainfekowane informacje rejestru systemowego:

(Nie znaleziono zagrożeń)


Zainfekowanych folderów:

(Nie znaleziono zagrożeń)


Zainfekowanych plików:

C:\System Volume Information\_restore{BD9CCE11-8170-4668-9902-FD1E04EE9DDD}\RP299\A0088580.exe (Trojan.Agent.CK) -> No action taken.

F:\System Volume Information\_restore{BD9CCE11-8170-4668-9902-FD1E04EE9DDD}\RP299\A0088468.dll (Malware.Packer) -> No action taken.

Sevard · Maj 11, 2010

W samym systemie nic nie widać, zaktualizuj Internet Explorera do najnowszej wersji (nawet jeśli go nie używasz). Daj jeszcze log z GMERa, może jakiś rootkit.

Kwikhodron · Maj 12, 2010



GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-12 19:01:01

Windows 5.1.2600 Dodatek Service Pack 3

Running: 5tkufvxz.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\kfeoqpow.sys



---- System - GMER 1.0.15 ----


SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwAssignProcessToJobObject [0xB2492610]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                     ZwCreateKey [0xB9DE6112]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                     ZwCreateProcess [0xB9DC52D6]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                     ZwCreateProcessEx [0xB9DC54C8]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwDebugActiveProcess [0xB2492C10]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                     ZwDeleteKey [0xB9DE6900]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                     ZwDeleteValueKey [0xB9DE6BB4]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwDuplicateObject [0xB2492730]

SSDT            spvt.sys                                                                                                            ZwEnumerateKey [0xB9ECDDA4]

SSDT            spvt.sys                                                                                                            ZwEnumerateValueKey [0xB9ECE132]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                     ZwOpenKey [0xB9DE4E12]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwOpenProcess [0xB24924B0]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwOpenThread [0xB2492570]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwProtectVirtualMemory [0xB24926D0]

SSDT            spvt.sys                                                                                                            ZwQueryKey [0xB9ECE20A]

SSDT            spvt.sys                                                                                                            ZwQueryValueKey [0xB9ECE08A]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                     ZwRenameKey [0xB9DE7020]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwSetContextThread [0xB2492690]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwSetInformationThread [0xB2492650]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwSetSecurityObject [0xB24927D0]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                     ZwSetValueKey [0xB9DE63D2]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwSuspendProcess [0xB2492510]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwSuspendThread [0xB2492590]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                     ZwTerminateProcess [0xB9DC4F44]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwTerminateThread [0xB24925D0]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                    ZwWriteVirtualMemory [0xB2492750]


INT 0x62        ?                                                                                                                   8A699BF8

INT 0x63        ?                                                                                                                   8A3A2BF8

INT 0x63        ?                                                                                                                   8A3A2BF8

INT 0x63        ?                                                                                                                   8A3A2BF8

INT 0x73        ?                                                                                                                   8A699BF8

INT 0x82        ?                                                                                                                   8A699BF8

INT 0x83        ?                                                                                                                   8A3A2BF8

INT 0x83        ?                                                                                                                   8A3A2BF8

INT 0x83        ?                                                                                                                   8A3A2BF8

INT 0xA4        ?                                                                                                                   8A3A2BF8

INT 0xB1        ?                                                                                                                   8A69BF00

INT 0xB1        ?                                                                                                                   8A69BF00

INT 0xB4        ?                                                                                                                   8A3A2BF8


---- Kernel code sections - GMER 1.0.15 ----


?               spvt.sys                                                                                                            Nie można odnaleźć określonego pliku. !

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB4CEC360, 0x35483F, 0xE8000020]

.text           USBPORT.SYS!DllUnload                                                                                               B4CAF8AC 5 Bytes  JMP 8A3A21D8 

.text           a0502gxc.SYS                                                                                                        B4C01386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text           a0502gxc.SYS                                                                                                        B4C013AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text           a0502gxc.SYS                                                                                                        B4C013C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}

.text           a0502gxc.SYS                                                                                                        B4C013C9 1 Byte  [2E]

.text           a0502gxc.SYS                                                                                                        B4C013C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]

.text           ...                                                                                                                 

.text           a2z0rhs9.SYS                                                                                                        B4BC8386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text           a2z0rhs9.SYS                                                                                                        B4BC83AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text           a2z0rhs9.SYS                                                                                                        B4BC83C4 3 Bytes  [00, 80, 02]

.text           a2z0rhs9.SYS                                                                                                        B4BC83C9 1 Byte  [30]

.text           a2z0rhs9.SYS                                                                                                        B4BC83C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text           ...                                                                                                                 

init            F:\Program Files\L2\system\npkcusb.sys                                                                              entry point in "init" section [0xB4B200E0]

.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xB16EB300, 0x3B6D8, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xBA450300, 0x1BEE, 0xE8000020]


---- User code sections - GMER 1.0.15 ----


.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1276] kernel32.dll!SetUnhandledExceptionFilter                  7C84495D 4 Bytes  [C2, 04, 00, 00]


---- Kernel IAT/EAT - GMER 1.0.15 ----


IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B9EB6042] spvt.sys

IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B9EB613E] spvt.sys

IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [B9EB60C0] spvt.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [B9EB6800] spvt.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [B9EB66D6] spvt.sys

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KfAcquireSpinLock]                                                CCCCCCC3

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!READ_PORT_UCHAR]                                                  CCCCCCCC

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KeGetCurrentIrql]                                                 CCCCCCCC

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KfRaiseIrql]                                                      CCCCCCCC

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KfLowerIrql]                                                      8BEC8B55

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!HalGetInterruptVector]                                            00C73445

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!HalTranslateBusAddress]                                           00000000

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KeStallExecutionProcessor]                                        830C458B

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KfReleaseSpinLock]                                                C0840CEC

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          053C0D74

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!READ_PORT_USHORT]                                                 57B80974

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         8B000000

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 56C35DE5

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[WMILIB.SYS!WmiSystemControl]                                              8D51FC4D

IAT             \SystemRoot\System32\Drivers\a0502gxc.SYS[WMILIB.SYS!WmiCompleteRequest]                                            8D52FD55

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KfLowerIrql]                                                      0E798366

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!HalTranslateBusAddress]                                           8986C636

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C9686

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CB2

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C

IAT             \SystemRoot\System32\Drivers\a2z0rhs9.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E


---- Devices - GMER 1.0.15 ----


Device          \FileSystem\Ntfs \Ntfs                                                                                              8A6981F8


AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              eamon.sys (Amon monitor/ESET)


Device          \Driver\PCI_PNP3858 \Device\00000043                                                                                spvt.sys

Device          \Driver\PCI_PNP3858 \Device\00000044                                                                                spvt.sys

Device          \Driver\usbohci \Device\USBPDO-0                                                                                    8A3A01F8

Device          \Driver\usbohci \Device\USBPDO-1                                                                                    8A3A01F8

Device          \Driver\usbohci \Device\USBPDO-2                                                                                    8A3A01F8

Device          \Driver\usbehci \Device\USBPDO-3                                                                                    8A39E500

Device          \Driver\usbohci \Device\USBPDO-4                                                                                    8A3A01F8


AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           epfwtdir.sys (ESET Antivirus Network Redirector/ESET)


Device          \Driver\usbohci \Device\USBPDO-5                                                                                    8A3A01F8

Device          \Driver\usbehci \Device\USBPDO-6                                                                                    8A39E500

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A70C1F8

Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A70C1F8

Device          \Driver\Cdrom \Device\CdRom0                                                                                        8A3511F8

Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                              8A70C1F8

Device          \Driver\Cdrom \Device\CdRom1                                                                                        8A3511F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7                                                                         [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12                                                                        [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\sptd \Device\4048891358                                                                                     spvt.sys

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             89F96500

Device          \Driver\NetBT \Device\NetBT_Tcpip_{B41D5340-9ABB-4D2C-8E82-7183E8122202}                                            89F96500

Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    89F96500

Device          \Driver\sptd \Device\4048735108                                                                                     spvt.sys

Device          \Driver\usbohci \Device\USBFDO-0                                                                                    8A3A01F8

Device          \Driver\usbohci \Device\USBFDO-1                                                                                    8A3A01F8

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   8A1131F8

Device          \Driver\usbehci \Device\USBFDO-2                                                                                    8A39E500

Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         8A1131F8

Device          \Driver\usbohci \Device\USBFDO-3                                                                                    8A3A01F8

Device          \Driver\Ftdisk \Device\FtControl                                                                                    8A70C1F8

Device          \Driver\usbohci \Device\USBFDO-4                                                                                    8A3A01F8

Device          \Driver\usbehci \Device\USBFDO-5                                                                                    8A39E500

Device          \Driver\usbohci \Device\USBFDO-6                                                                                    8A3A01F8

Device          \Driver\a0502gxc \Device\Scsi\a0502gxc1                                                                             8A2F31F8

Device          \Driver\a2z0rhs9 \Device\Scsi\a2z0rhs91Port4Path0Target0Lun0                                                        8A1561F8

Device          \Driver\a2z0rhs9 \Device\Scsi\a2z0rhs91                                                                             8A1561F8

Device          \FileSystem\Cdfs \Cdfs                                                                                              89F0D500


---- Registry - GMER 1.0.15 ----


Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  2

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                 C:\Program Files\Alcohol Soft\Alcohol 120\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x77 0xD7 0x64 0x19 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                           

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x20 0xD1 0x12 0xB1 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 F:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x76 0x3D 0xEC 0x92 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xF9 0x60 0x0A 0x4D ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                     C:\Program Files\Alcohol Soft\Alcohol 120\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     1

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x77 0xD7 0x64 0x19 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x20 0xD1 0x12 0xB1 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     F:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x76 0x3D 0xEC 0x92 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xF9 0x60 0x0A 0x4D ...

Sevard · Maj 13, 2010

No tak, zapomniałem, że masz Daemon Tools przy pisaniu poprzedniej odpowiedzi. Usuń Daemons Tools oraz wszystkie inne programy emulujące napędy, jakie masz, a następnie odinstaluj sterownik spdt za pomocą programu z tej strony.

Następnie wykonaj nowy log z GMERa.

Kwikhodron · Maj 13, 2010

Teraz wszystko dobrze?



GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-13 20:16:51

Windows 5.1.2600 Dodatek Service Pack 3

Running: 5tkufvxz.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\kfeoqpow.sys



---- System - GMER 1.0.15 ----


SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwAssignProcessToJobObject [0xB2840610]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                       ZwCreateKey [0xB9DE6112]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                       ZwCreateProcess [0xB9DC52D6]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                       ZwCreateProcessEx [0xB9DC54C8]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwDebugActiveProcess [0xB2840C10]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                       ZwDeleteKey [0xB9DE6900]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                       ZwDeleteValueKey [0xB9DE6BB4]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwDuplicateObject [0xB2840730]

SSDT            spjr.sys                                                                                              ZwEnumerateKey [0xB9ECDDA4]

SSDT            spjr.sys                                                                                              ZwEnumerateValueKey [0xB9ECE132]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                       ZwOpenKey [0xB9DE4E12]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwOpenProcess [0xB28404B0]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwOpenThread [0xB2840570]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwProtectVirtualMemory [0xB28406D0]

SSDT            spjr.sys                                                                                              ZwQueryKey [0xB9ECE20A]

SSDT            spjr.sys                                                                                              ZwQueryValueKey [0xB9ECE08A]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                       ZwRenameKey [0xB9DE7020]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwSetContextThread [0xB2840690]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwSetInformationThread [0xB2840650]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwSetSecurityObject [0xB28407D0]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                       ZwSetValueKey [0xB9DE63D2]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwSuspendProcess [0xB2840510]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwSuspendThread [0xB2840590]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                       ZwTerminateProcess [0xB9DC4F44]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwTerminateThread [0xB28405D0]

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                      ZwWriteVirtualMemory [0xB2840750]


INT 0x62        ?                                                                                                     8A699BF8

INT 0x63        ?                                                                                                     8A421F00

INT 0x63        ?                                                                                                     8A421F00

INT 0x63        ?                                                                                                     8A421F00

INT 0x73        ?                                                                                                     8A699BF8

INT 0x82        ?                                                                                                     8A699BF8

INT 0x83        ?                                                                                                     8A421F00

INT 0x83        ?                                                                                                     8A421F00

INT 0x83        ?                                                                                                     8A421F00

INT 0x83        ?                                                                                                     8A421F00

INT 0xA4        ?                                                                                                     8A421F00

INT 0xB4        ?                                                                                                     8A421F00


---- Kernel code sections - GMER 1.0.15 ----


?               spjr.sys                                                                                              Nie można odnaleźć określonego pliku. !

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                              section is writeable [0xB502A360, 0x35483F, 0xE8000020]

.text           USBPORT.SYS!DllUnload                                                                                 B4FED8AC 5 Bytes  JMP 8A4214E0 

init            F:\Program Files\L2\system\npkcusb.sys                                                                entry point in "init" section [0xB4ECE0E0]

.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                section is writeable [0xB19A1300, 0x3B6D8, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                section is writeable [0xBA3A0300, 0x1BEE, 0xE8000020]


---- User code sections - GMER 1.0.15 ----


.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1480] kernel32.dll!SetUnhandledExceptionFilter    7C84495D 4 Bytes  [C2, 04, 00, 00]

.text           F:\Firefox\firefox.exe[2136] ntdll.dll!LdrLoadDll                                                     7C9163C3 5 Bytes  JMP 004013F0 F:\Firefox\firefox.exe (Firefox/Mozilla Corporation)


---- Kernel IAT/EAT - GMER 1.0.15 ----


IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                    [B9EB6042] spjr.sys

IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                            [B9EB613E] spjr.sys

IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                   [B9EB60C0] spjr.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                           [B9EB6800] spjr.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                   [B9EB66D6] spjr.sys


---- Devices - GMER 1.0.15 ----


Device          \FileSystem\Ntfs \Ntfs                                                                                8A6981F8


AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                eamon.sys (Amon monitor/ESET)


Device          \FileSystem\Udfs \UdfsCdRom                                                                           8A04D500

Device          \FileSystem\Udfs \UdfsDisk                                                                            8A04D500

Device          \Driver\usbohci \Device\USBPDO-0                                                                      8A415500

Device          \Driver\usbohci \Device\USBPDO-1                                                                      8A415500

Device          \Driver\usbohci \Device\USBPDO-2                                                                      8A415500

Device          \Driver\usbehci \Device\USBPDO-3                                                                      8A40F500

Device          \Driver\usbohci \Device\USBPDO-4                                                                      8A415500


AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                             epfwtdir.sys (ESET Antivirus Network Redirector/ESET)


Device          \Driver\usbohci \Device\USBPDO-5                                                                      8A415500

Device          \Driver\usbehci \Device\USBPDO-6                                                                      8A40F500

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                8A70C1F8

Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                8A70C1F8

Device          \Driver\Cdrom \Device\CdRom0                                                                          8A3C31F8

Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                8A70C1F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                    [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort1                                                                    [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort2                                                                    [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7                                                           [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort3                                                                    [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12                                                          [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                               896171F8

Device          \Driver\NetBT \Device\NetBT_Tcpip_{B41D5340-9ABB-4D2C-8E82-7183E8122202}                              896171F8

Device          \Driver\NetBT \Device\NetbiosSmb                                                                      896171F8

Device          \Driver\usbohci \Device\USBFDO-0                                                                      8A415500

Device          \Driver\usbohci \Device\USBFDO-1                                                                      8A415500

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                     896091F8

Device          \Driver\usbehci \Device\USBFDO-2                                                                      8A40F500

Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                           896091F8

Device          \Driver\usbohci \Device\USBFDO-3                                                                      8A415500

Device          \Driver\usbohci \Device\USBFDO-4                                                                      8A415500

Device          \Driver\Ftdisk \Device\FtControl                                                                      8A70C1F8

Device          \Driver\usbehci \Device\USBFDO-5                                                                      8A40F500

Device          \Driver\usbohci \Device\USBFDO-6                                                                      8A415500


---- Registry - GMER 1.0.15 ----


Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                    771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                    285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                    2

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                   1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                0x84 0x5A 0x48 0xBD ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0x6A 0x1C 0xB7 0xA0 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                   0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                       1

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                    0x84 0x5A 0x48 0xBD ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0x6A 0x1C 0xB7 0xA0 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                       0xD4 0xC3 0x97 0x02 ...


---- EOF - GMER 1.0.15 ----

Sevard · Maj 13, 2010

Nie, jeszcze coś zostało. Ale wzorzec nazwy jest zgodny z nazewnictwem dla sterowników spdt, więc to raczej nic groźnego, ale pewności nie mam. Użyj programu Sophos Anti-Rootkit, wykonaj skan i wklej screena, na którym będzie widać wyniki.

Kwikhodron · Maj 14, 2010

O taki screen chodziło?

Sevard · Maj 14, 2010

Tak, o ten. To już mam pewność, że to Daemon Tools. Nie widzę więc nic groźnego.

Zaloguj się

Zarchiwizowany

Keylogger

Polecane posty

Kwikhodron

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

Kwikhodron

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

Kwikhodron

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

Kwikhodron

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

Kto przegląda 0 użytkowników

CD-Action

Przeglądaj

Aktywność