Kwikhodron
-
Zawartość
19 -
Rejestracja
-
Ostatnio
Posty napisane przez Kwikhodron
-
-
No więc, okazało się że nie ma w magazynie pewnych części, a konkretnie procka, karty graficznej, a dostawy się nie spodziewają prędko. Co więc wziąć zamiast?
-
Ok, dzięki za pomoc. Temat można zamknąć
-
-
A jaki procek wziąć, żeby było z tego samego sklepu? Bo chcę też, żeby mi go złożyli (zapomniałem o tym napisać na początku, wybaczcie.) Jest tam taka usługa, jak w morelach?
I jakie w końcu wziąć chłodzenie?
-
Planuję kupić komputer (samą skrzynkę) za max. 4000 zł, tyle że trzeba jeszcze w tej cenie kupić system Windows 7. Komputer przeznaczony do grania, nie będzie podkręcany. Dość ważne dla mnie jest, żeby nie chodził zbyt głośno i mocno nie grzał (może to być kosztem słabszego procka czy karty graficznej).
Jaki byłby najlepszy zestaw spełniający w.w. kryteria?
-
-
Teraz wszystko dobrze?
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-13 20:16:51
Windows 5.1.2600 Dodatek Service Pack 3
Running: 5tkufvxz.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\kfeoqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB2840610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9DE6112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9DC52D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9DC54C8]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB2840C10]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9DE6900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9DE6BB4]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB2840730]
SSDT spjr.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spjr.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9DE4E12]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB28404B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB2840570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB28406D0]
SSDT spjr.sys ZwQueryKey [0xB9ECE20A]
SSDT spjr.sys ZwQueryValueKey [0xB9ECE08A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9DE7020]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB2840690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB2840650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB28407D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9DE63D2]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB2840510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB2840590]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9DC4F44]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB28405D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB2840750]
INT 0x62 ? 8A699BF8
INT 0x63 ? 8A421F00
INT 0x63 ? 8A421F00
INT 0x63 ? 8A421F00
INT 0x73 ? 8A699BF8
INT 0x82 ? 8A699BF8
INT 0x83 ? 8A421F00
INT 0x83 ? 8A421F00
INT 0x83 ? 8A421F00
INT 0x83 ? 8A421F00
INT 0xA4 ? 8A421F00
INT 0xB4 ? 8A421F00
---- Kernel code sections - GMER 1.0.15 ----
? spjr.sys Nie można odnaleźć określonego pliku. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB502A360, 0x35483F, 0xE8000020]
.text USBPORT.SYS!DllUnload B4FED8AC 5 Bytes JMP 8A4214E0
init F:\Program Files\L2\system\npkcusb.sys entry point in "init" section [0xB4ECE0E0]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB19A1300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3A0300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text F:\Firefox\firefox.exe[2136] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 F:\Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spjr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spjr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spjr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spjr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spjr.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A6981F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\Udfs \UdfsCdRom 8A04D500
Device \FileSystem\Udfs \UdfsDisk 8A04D500
Device \Driver\usbohci \Device\USBPDO-0 8A415500
Device \Driver\usbohci \Device\USBPDO-1 8A415500
Device \Driver\usbohci \Device\USBPDO-2 8A415500
Device \Driver\usbehci \Device\USBPDO-3 8A40F500
Device \Driver\usbohci \Device\USBPDO-4 8A415500
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
Device \Driver\usbohci \Device\USBPDO-5 8A415500
Device \Driver\usbehci \Device\USBPDO-6 8A40F500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A70C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A70C1F8
Device \Driver\Cdrom \Device\CdRom0 8A3C31F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A70C1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 896171F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B41D5340-9ABB-4D2C-8E82-7183E8122202} 896171F8
Device \Driver\NetBT \Device\NetbiosSmb 896171F8
Device \Driver\usbohci \Device\USBFDO-0 8A415500
Device \Driver\usbohci \Device\USBFDO-1 8A415500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896091F8
Device \Driver\usbehci \Device\USBFDO-2 8A40F500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 896091F8
Device \Driver\usbohci \Device\USBFDO-3 8A415500
Device \Driver\usbohci \Device\USBFDO-4 8A415500
Device \Driver\Ftdisk \Device\FtControl 8A70C1F8
Device \Driver\usbehci \Device\USBFDO-5 8A40F500
Device \Driver\usbohci \Device\USBFDO-6 8A415500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x84 0x5A 0x48 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x1C 0xB7 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x84 0x5A 0x48 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x1C 0xB7 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
---- EOF - GMER 1.0.15 ---- -
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-12 19:01:01
Windows 5.1.2600 Dodatek Service Pack 3
Running: 5tkufvxz.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\kfeoqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB2492610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9DE6112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9DC52D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9DC54C8]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB2492C10]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9DE6900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9DE6BB4]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB2492730]
SSDT spvt.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spvt.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9DE4E12]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB24924B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB2492570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB24926D0]
SSDT spvt.sys ZwQueryKey [0xB9ECE20A]
SSDT spvt.sys ZwQueryValueKey [0xB9ECE08A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9DE7020]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB2492690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB2492650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB24927D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9DE63D2]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB2492510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB2492590]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9DC4F44]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB24925D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB2492750]
INT 0x62 ? 8A699BF8
INT 0x63 ? 8A3A2BF8
INT 0x63 ? 8A3A2BF8
INT 0x63 ? 8A3A2BF8
INT 0x73 ? 8A699BF8
INT 0x82 ? 8A699BF8
INT 0x83 ? 8A3A2BF8
INT 0x83 ? 8A3A2BF8
INT 0x83 ? 8A3A2BF8
INT 0xA4 ? 8A3A2BF8
INT 0xB1 ? 8A69BF00
INT 0xB1 ? 8A69BF00
INT 0xB4 ? 8A3A2BF8
---- Kernel code sections - GMER 1.0.15 ----
? spvt.sys Nie można odnaleźć określonego pliku. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB4CEC360, 0x35483F, 0xE8000020]
.text USBPORT.SYS!DllUnload B4CAF8AC 5 Bytes JMP 8A3A21D8
.text a0502gxc.SYS B4C01386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a0502gxc.SYS B4C013AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a0502gxc.SYS B4C013C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a0502gxc.SYS B4C013C9 1 Byte [2E]
.text a0502gxc.SYS B4C013C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
.text a2z0rhs9.SYS B4BC8386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a2z0rhs9.SYS B4BC83AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a2z0rhs9.SYS B4BC83C4 3 Bytes [00, 80, 02]
.text a2z0rhs9.SYS B4BC83C9 1 Byte [30]
.text a2z0rhs9.SYS B4BC83C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
init F:\Program Files\L2\system\npkcusb.sys entry point in "init" section [0xB4B200E0]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB16EB300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA450300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1276] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spvt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spvt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spvt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spvt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spvt.sys
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a0502gxc.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a2z0rhs9.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A6981F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \Driver\PCI_PNP3858 \Device\00000043 spvt.sys
Device \Driver\PCI_PNP3858 \Device\00000044 spvt.sys
Device \Driver\usbohci \Device\USBPDO-0 8A3A01F8
Device \Driver\usbohci \Device\USBPDO-1 8A3A01F8
Device \Driver\usbohci \Device\USBPDO-2 8A3A01F8
Device \Driver\usbehci \Device\USBPDO-3 8A39E500
Device \Driver\usbohci \Device\USBPDO-4 8A3A01F8
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
Device \Driver\usbohci \Device\USBPDO-5 8A3A01F8
Device \Driver\usbehci \Device\USBPDO-6 8A39E500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A70C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A70C1F8
Device \Driver\Cdrom \Device\CdRom0 8A3511F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A70C1F8
Device \Driver\Cdrom \Device\CdRom1 8A3511F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B9E0EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\sptd \Device\4048891358 spvt.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 89F96500
Device \Driver\NetBT \Device\NetBT_Tcpip_{B41D5340-9ABB-4D2C-8E82-7183E8122202} 89F96500
Device \Driver\NetBT \Device\NetbiosSmb 89F96500
Device \Driver\sptd \Device\4048735108 spvt.sys
Device \Driver\usbohci \Device\USBFDO-0 8A3A01F8
Device \Driver\usbohci \Device\USBFDO-1 8A3A01F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1131F8
Device \Driver\usbehci \Device\USBFDO-2 8A39E500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1131F8
Device \Driver\usbohci \Device\USBFDO-3 8A3A01F8
Device \Driver\Ftdisk \Device\FtControl 8A70C1F8
Device \Driver\usbohci \Device\USBFDO-4 8A3A01F8
Device \Driver\usbehci \Device\USBFDO-5 8A39E500
Device \Driver\usbohci \Device\USBFDO-6 8A3A01F8
Device \Driver\a0502gxc \Device\Scsi\a0502gxc1 8A2F31F8
Device \Driver\a2z0rhs9 \Device\Scsi\a2z0rhs91Port4Path0Target0Lun0 8A1561F8
Device \Driver\a2z0rhs9 \Device\Scsi\a2z0rhs91 8A1561F8
Device \FileSystem\Cdfs \Cdfs 89F0D500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x77 0xD7 0x64 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0xD1 0x12 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0x3D 0xEC 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0x60 0x0A 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x77 0xD7 0x64 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0xD1 0x12 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0x3D 0xEC 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0x60 0x0A 0x4D ... -
No więc jak w temacie, prawdopodobnie mam keyloggera na kompie.
Nie jestem pewien czy dobrze zrobiłem wszystko z tymi logami bo się mi zbyt długie wydają.
1 log z OTL
OTL logfile created on: 2010-05-11 19:58:42 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\user\Moje dokumenty\Pobieranie
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 6.20 Gb Free Space | 12.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 205.08 Gb Total Space | 204.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive F: | 211.85 Gb Total Space | 118.93 Gb Free Space | 56.14% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-AF6E49464E
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color="#E56717"]========== Processes (SafeList) ==========[/color]
PRC - [2010-05-11 19:47:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-04-07 21:08:52 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010-04-07 21:08:30 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010-04-03 11:19:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- F:\Firefox\firefox.exe
PRC - [2010-03-25 18:22:45 | 011,539,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010-01-19 01:43:57 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009-10-28 13:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-02-13 19:17:54 | 005,634,560 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009-02-03 17:28:24 | 002,181,672 | ---- | M] (Gainward Co.) -- C:\Program Files\EXPERTool\TBPANEL.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[color="#E56717"]========== Modules (SafeList) ==========[/color]
MOD - [2010-05-11 19:47:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [On_Demand | Stopped] -- -- (PVK)
SRV - File not found [On_Demand | Stopped] -- -- (OBNOAATNZ)
SRV - [2010-04-07 21:13:20 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010-04-07 21:08:52 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009-10-11 23:27:07 | 003,369,044 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
[color="#E56717"]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | Disabled | Running] -- -- (GEARAspiWDM)
DRV - [2010-04-07 21:09:48 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010-04-07 21:08:36 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010-04-07 21:05:12 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009-11-08 21:41:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-08-17 18:31:15 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-08-17 18:31:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-02-19 11:26:38 | 006,307,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-02-03 11:22:00 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-09-25 15:51:42 | 000,115,328 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008-08-05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-07-15 11:44:30 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008-05-09 21:33:30 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- F:\Program Files\L2\system\npkcrypt.sys -- (npkcrypt)
DRV - [2008-05-09 21:33:30 | 000,015,472 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- F:\Program Files\L2\system\npkcusb.sys -- (npkcusb)
DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows ? Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007-04-16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007-03-28 20:29:12 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)
DRV - [2007-03-28 20:29:10 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006-06-01 15:15:20 | 000,509,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xnacc.sys -- (xnacc)
DRV - [2006-01-04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004-08-15 10:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]
[color="#E56717"]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url]
IE - HKU\S-1-5-21-583907252-57989841-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color="#E56717"]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.6
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.0.3
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.3
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Documents%20and%20Settings/user/Ustawienia%20lokalne/Dane%20aplikacji/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4aeb06b8.pac"
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 2
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: F:\Nowy folder\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: F:\Nowy folder\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: F:\Firefox\components [2010-04-03 15:09:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: F:\Firefox\plugins [2010-04-03 11:19:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-05-09 23:06:57 | 000,000,000 | ---D | M]
[2009-06-27 16:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions
[2010-05-11 15:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions
[2010-04-27 22:30:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010-05-01 00:20:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-04-27 22:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\cfxe@Triton
[2010-04-27 22:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\cfxHelper@Triton
[2010-03-25 20:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\chromifox@altmusictv.com
[2010-03-12 20:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\youtube2mp3@mondayx.de
[2010-05-01 00:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010-01-20 11:30:44 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\searchplugins\askcom.xml
[2009-07-14 18:50:01 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\searchplugins\mozilla-add-ons.xml
[2009-10-24 21:14:58 | 000,005,609 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\searchplugins\nonsensopedia-pl.xml
[2009-09-08 20:43:15 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\g0ed6bjk.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml
O1 HOSTS File: ([2009-11-21 16:44:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\user\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKU\S-1-5-21-583907252-57989841-1417001333-1004..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-583907252-57989841-1417001333-1004..\Run: [DAEMON Tools Lite] F:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-583907252-57989841-1417001333-1004..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKLM..\RunOnce: [Remove Norton Ghost] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url] (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-27 11:27:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010-05-11 19:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\Filmiki Screeny fraps
[2010-05-10 22:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Symantec_Corporation
[2010-05-10 22:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\PC Tools
[2010-05-10 22:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools
[2010-05-10 22:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Threat Expert
[2010-05-10 22:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\GHISLER
[2010-05-10 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Symantec
[2010-05-10 21:32:17 | 000,128,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WimFltr.sys
[2010-05-10 21:32:16 | 000,014,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\vproeventmonitor.sys
[2010-05-10 21:32:14 | 000,037,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\v2imount.sys
[2010-05-10 21:32:11 | 000,131,944 | ---- | C] (StorageCraft) -- C:\WINDOWS\System32\drivers\symsnap.sys
[2010-05-10 21:31:22 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2010-05-10 21:31:15 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR71.DLL
[2010-05-10 21:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010-05-10 21:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
[2010-05-10 20:41:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010-05-10 19:43:58 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010-05-10 19:43:58 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010-05-10 19:43:58 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010-05-10 19:32:27 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010-05-10 19:32:19 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010-05-10 19:32:19 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010-05-10 19:32:03 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010-05-10 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010-05-10 19:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010-05-10 18:15:34 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010-05-10 17:26:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-05-09 23:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
[2010-05-09 23:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\ESET
[2010-05-09 23:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage
[2010-05-09 23:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-05-09 23:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-05-09 21:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Malwarebytes
[2010-05-09 21:59:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-05-09 21:59:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-05-09 21:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-05-09 21:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-05-09 19:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-05-09 18:48:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-04 22:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-05-02 18:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Moje pliki Bitwy o Śródziemie? II
[2010-05-01 23:27:47 | 000,000,000 | ---D | C] -- C:\data
[2010-05-01 21:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\Battle Painters
[2010-05-01 20:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010-05-01 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\3DO
[2010-05-01 13:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Paradox Entertainment
[2010-04-26 20:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010-04-26 18:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Fallout3
[2010-04-26 18:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Fallout3
[2010-04-26 18:29:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2010-04-18 18:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\AMAI2.54SE
[2010-04-12 18:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\skypePM
[2010-04-12 14:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Skype
[2010-04-12 14:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-04-12 14:54:39 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010-04-12 14:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color="#E56717"]========== Files - Modified Within 30 Days ==========[/color]
[2010-05-11 16:17:36 | 000,118,530 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\procesy.JPG
[2010-05-11 16:12:49 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010-05-11 16:05:06 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\HijackThis.lnk
[2010-05-11 15:41:55 | 000,018,402 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\kikij.jpg
[2010-05-11 15:26:49 | 001,087,700 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-11 15:26:49 | 000,490,614 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-11 15:26:49 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-11 15:26:49 | 000,083,864 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-11 15:26:49 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-11 15:26:09 | 000,211,754 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-05-11 15:26:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-11 15:26:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-10 22:45:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-10 21:59:45 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-10 20:44:25 | 002,643,670 | -H-- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-10 19:32:11 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk
[2010-05-10 18:15:37 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Total Commander.lnk
[2010-05-10 18:02:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-10 17:23:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-10 17:18:41 | 003,685,394 | R--- | M] () -- C:\Documents and Settings\user\Pulpit\ComboFix.exe
[2010-05-09 22:49:38 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-05-09 21:59:06 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-05-09 19:24:59 | 000,256,861 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\kopalnia drewna.JPG
[2010-05-09 18:39:29 | 000,234,482 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\....jk.jk.JPG
[2010-05-09 12:38:52 | 000,034,251 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\1265218475_by_TankDisuzu_500.jpg
[2010-05-07 23:05:53 | 000,002,761 | ---- | M] () -- C:\Documents and Settings\user\.recently-used.xbel
[2010-05-07 20:05:47 | 000,258,985 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\grzegorz brzeczyszczywiekicz.JPG
[2010-05-07 19:44:18 | 000,212,079 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\maslo123.JPG
[2010-05-07 19:38:04 | 000,219,329 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\mama.JPG
[2010-05-07 18:44:36 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\[beeep].bmp
[2010-05-07 00:16:07 | 000,044,905 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\imgOpeth1.jpg
[2010-05-05 22:53:50 | 000,002,639 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\rslogo.gif
[2010-05-04 21:26:15 | 010,887,168 | ---- | M] () -- C:\WINDOWS\System32\python-2.4.msi
[2010-05-02 18:52:53 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Bitwa o Śródziemie? II.lnk
[2010-05-01 23:27:56 | 000,786,676 | ---- | M] () -- C:\lotra.sec
[2010-05-01 23:26:42 | 001,747,604 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\acevil06_f01.mp3
[2010-05-01 19:22:51 | 000,001,006 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Heroes of Might and Magic III - Złota Edycja.lnk
[2010-05-01 14:33:46 | 039,799,739 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\allinon1.zip
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-26 22:32:57 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Fallout 3.lnk
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-04-25 00:03:05 | 000,019,723 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Kosz_na_smieci_PlastTeam_1340.jpg
[2010-04-24 20:36:57 | 000,053,316 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\strach-na-wroble-d.jpg
[2010-04-23 23:26:11 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-04-23 21:52:04 | 000,058,833 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\ciemny-las1.jpg
[2010-04-19 19:20:25 | 000,032,353 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\user_image.php.gif
[2010-04-14 23:57:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-04-14 23:10:57 | 000,323,806 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\dżonson.bmp
[2010-04-14 20:14:41 | 000,034,855 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\1271268525_by_pepee_500.jpg
[2010-04-12 18:34:04 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-04-12 15:43:02 | 000,013,888 | ---- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-04-12 14:40:38 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color="#E56717"]========== Files Created - No Company Name ==========[/color]
[2010-05-11 16:17:36 | 000,118,530 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\procesy.JPG
[2010-05-11 16:05:06 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\HijackThis.lnk
[2010-05-11 15:41:54 | 000,018,402 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\kikij.jpg
[2010-05-10 22:45:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-10 19:43:59 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010-05-10 19:43:58 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010-05-10 19:43:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010-05-10 19:43:58 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010-05-10 19:43:58 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010-05-10 19:32:27 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010-05-10 19:32:20 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010-05-10 19:32:19 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010-05-10 19:32:11 | 000,001,655 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk
[2010-05-10 19:32:04 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010-05-10 18:15:37 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Total Commander.lnk
[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010-05-10 18:15:34 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010-05-09 21:59:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-05-09 19:24:59 | 000,256,861 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\kopalnia drewna.JPG
[2010-05-09 18:39:29 | 000,234,482 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\....jk.jk.JPG
[2010-05-09 12:38:52 | 000,034,251 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\1265218475_by_TankDisuzu_500.jpg
[2010-05-07 23:05:53 | 000,002,761 | ---- | C] () -- C:\Documents and Settings\user\.recently-used.xbel
[2010-05-07 20:05:47 | 000,258,985 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\grzegorz brzeczyszczywiekicz.JPG
[2010-05-07 19:43:51 | 000,212,079 | ---- | C] () -- C:\Documents and Settings\user\Moje dokumenty\maslo123.JPG
[2010-05-07 19:37:37 | 000,219,329 | ---- | C] () -- C:\Documents and Settings\user\Moje dokumenty\mama.JPG
[2010-05-07 18:44:35 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\[beeep].bmp
[2010-05-07 00:16:06 | 000,044,905 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\imgOpeth1.jpg
[2010-05-05 22:53:50 | 000,002,639 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\rslogo.gif
[2010-05-04 21:24:44 | 010,887,168 | ---- | C] () -- C:\WINDOWS\System32\python-2.4.msi
[2010-05-02 18:52:53 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Bitwa o Śródziemie? II.lnk
[2010-05-01 23:27:56 | 000,786,676 | ---- | C] () -- C:\lotra.sec
[2010-05-01 23:26:42 | 001,747,604 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\acevil06_f01.mp3
[2010-05-01 19:23:35 | 039,799,739 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\allinon1.zip
[2010-05-01 19:22:51 | 000,001,006 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Heroes of Might and Magic III - Złota Edycja.lnk
[2010-04-26 22:32:57 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Fallout 3.lnk
[2010-04-25 00:03:05 | 000,019,723 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Kosz_na_smieci_PlastTeam_1340.jpg
[2010-04-24 20:36:57 | 000,053,316 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\strach-na-wroble-d.jpg
[2010-04-23 21:52:03 | 000,058,833 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\ciemny-las1.jpg
[2010-04-19 19:20:25 | 000,032,353 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\user_image.php.gif
[2010-04-14 23:10:41 | 000,323,806 | ---- | C] () -- C:\Documents and Settings\user\Moje dokumenty\dżonson.bmp
[2010-04-14 20:14:41 | 000,034,855 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\1271268525_by_pepee_500.jpg
[2010-04-14 20:12:29 | 000,826,092 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\AMAI2.54SE.rar
[2010-04-12 18:34:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-04-12 14:54:40 | 000,002,267 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-04-10 18:57:25 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009-12-28 19:13:03 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-12-28 19:12:43 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-11-06 18:30:23 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-10-09 20:32:46 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-07-02 15:26:44 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009-06-29 15:12:48 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-06-29 15:12:48 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-06-27 11:41:04 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009-06-27 11:41:04 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009-06-27 11:41:03 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009-06-27 11:41:03 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009-06-27 11:32:38 | 000,043,616 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009-06-27 11:32:14 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-06-27 11:31:58 | 000,036,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-06-27 11:31:58 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-02-19 11:26:38 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-02-19 11:26:38 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-02-19 11:26:38 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-02-19 11:26:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-02-19 11:26:38 | 000,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007-08-23 18:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[color="#E56717"]========== LOP Check ==========[/color]
[2009-10-31 20:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy
[2009-11-08 21:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-05-09 23:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-04-26 18:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fallout3
[2010-03-25 18:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-04-15 20:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-03-06 00:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games
[2009-08-10 21:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution
[2009-11-13 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony
[2009-11-07 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit
[2009-08-17 18:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tages
[2010-05-11 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-09-14 16:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinZipSE
[2010-03-12 00:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Audacity
[2010-01-17 22:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\BitTorrent
[2009-10-09 20:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools Lite
[2009-08-17 15:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\DBV
[2010-03-24 20:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\fofix
[2010-03-25 18:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu 10
[2010-05-10 22:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\GHISLER
[2009-12-26 23:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\gtk-2.0
[2010-05-02 19:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Moje pliki Bitwy o Śródziemie? II
[2010-04-15 10:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Nowe Gadu-Gadu
[2009-08-08 22:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\OpenFM
[2009-11-13 21:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Publish Providers
[2009-08-10 22:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\RTPlayer
[2010-04-06 22:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Sony
[2009-11-23 21:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Sony Creative Software
[2009-11-13 19:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Sony Setup
[2010-02-28 01:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\TS3Client
[2009-10-30 18:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Tunebite
[2009-08-17 18:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Ubisoft
[2009-06-29 15:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\XRay Engine
[color="#E56717"]========== Purity Check ==========[/color]
[color="#E56717"]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D74B6CF5
< End of report >i 2 log z OTL:
OTL Extras logfile created on: 2010-05-11 19:58:42 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\user\Moje dokumenty\Pobieranie
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 6.20 Gb Free Space | 12.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 205.08 Gb Total Space | 204.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive F: | 211.85 Gb Total Space | 118.93 Gb Free Space | 56.14% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-AF6E49464E
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "F:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe" = F:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI) -- ()
"F:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe" = F:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV) -- ()
"F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"F:\Program Files\Counter-Strike\hl.exe" = F:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"F:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = F:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- (Related Designs)
"F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Strona ANNO 1404 -- ()
"F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Benchmark.exe" = F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Benchmark.exe:*:Enabled:Program testowy Anno 1404 -- ()
"F:\Program Files\Team17\Worms World Party\wwp.exe" = F:\Program Files\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party -- File not found
"F:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = F:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty? 4 - Modern Warfare -- ()
"F:\Program Files\Starcraft\StarCraft.exe" = F:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"F:\Program Files\Electronic Arts\Bitwa o Śródziemie II\game.dat" = F:\Program Files\Electronic Arts\Bitwa o Śródziemie II\game.dat:*:Enabled:Bitwa o Śródziemie? II -- (Electronic Arts Inc.)
"F:\Program Files\Electronic Arts\Bitwa o Śródziemie II\patchget.dat" = F:\Program Files\Electronic Arts\Bitwa o Śródziemie II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"F:\Program Files\BitTorrent\bittorrent.exe" = F:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe" = C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:Teamspeak RC2 -- File not found
"F:\Program Files\Aspyr\Guitar Hero III\GH3.exe" = F:\Program Files\Aspyr\Guitar Hero III\GH3.exe:*:Enabled:Guitar Hero III -- (Aspyr Media, Inc.)
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)
"F:\Program Files\L2\system\l2.exe" = F:\Program Files\L2\system\l2.exe:*:Enabled:l2 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Bitwa o Śródziemie? II
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II Złota Edycja
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758A4269-70E5-4B11-B419-F692882408A9}" = Gothic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85DCB3AA-90D3-444B-880C-C72951252E55}" = ESET NOD32 Antivirus
"{8B743AA0-53B2-11D2-808A-00600895FB43}" = Heroes of Might and Magic III - Złota Edycja
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1697B05-A03B-4E73-9436-698F04BFBB91}" = Anno 1404
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype? 4.2
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty? 4 - Modern Warfare
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin Edycja Rozszerzona
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"BitTorrent" = BitTorrent
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.01
"EXPERTool_is1" = EXPERTool 7.2
"FormatFactory" = FormatFactory 2.15
"Fraps" = Fraps (remove only)
"G2MeshesAndTexturesPack0.2b" = G2MeshesAndTexturesPack
"Heroes III The Shadow of Death" = Heroes of Might and Magic? III The Shadow of Death
"HijackThis" = HijackThis 2.0.2
"Hopmon PL" = Hopmon PL
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty? 4 - Modern Warfare
"Intelligent Ball [DP]" = Inteligentna piłka
"IVONA - syntezator mowy, wersja rehabilitacyjna" = IVONA - syntezator mowy, wersja rehabilitacyjna
"Kangurek KAO" = Kangurek KAO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky [v1.0008]
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SkanerOnline" = Skaner on-line mks_vir
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"SystemRequirementsLab" = System Requirements Lab
"Totalcmd" = Total Commander (Remove or Repair)
"Tunatic" = Tunatic
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"World of Goo/PL-Polish_is1" = World of Goo
"Worms World Party" = Worms World Party (remove only)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-583907252-57989841-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: wszystkie elementy
"Winamp Detect" = Detektor Winampa
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2009-11-26 14:00:10 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-26 14:00:11 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-26 14:01:30 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-26 14:05:52 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-26 14:07:38 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-26 14:08:13 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-26 14:12:41 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca moviemk.exe, wersja 2.1.4026.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-30 10:51:55 | Computer Name = USER-AF6E49464E | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winamp.exe, wersja 5.5.5.2435, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x0001b21a.
Error - 2009-12-01 16:11:15 | Computer Name = USER-AF6E49464E | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd avisplitter.ax, wersja 1.3.1290.0, adres błędu 0x00023918.
Error - 2009-12-06 18:39:22 | Computer Name = USER-AF6E49464E | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3593, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
[ System Events ]
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
Error - 2010-05-11 10:16:09 | Computer Name = USER-AF6E49464E | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126
< End of report >I log z Malwarebytes Anti-malware:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Wersja bazy: 4084
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 6.0.2900.5512
2010-05-11 20:31:23
mbam-log-2010-05-11 (20-31-23).txt
Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|H:\|)
Przeskanowano obiektów: 200048
Upłynęło: 18 minut(y), 22 sekund(y)
Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 2
Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)
Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
C:\System Volume Information\_restore{BD9CCE11-8170-4668-9902-FD1E04EE9DDD}\RP299\A0088580.exe (Trojan.Agent.CK) -> No action taken.
F:\System Volume Information\_restore{BD9CCE11-8170-4668-9902-FD1E04EE9DDD}\RP299\A0088468.dll (Malware.Packer) -> No action taken. -
Na kompie mam chyba keyloggera. Wklejam log z hijackThis i załączam screen procesów, sam nie potrafię nic się z nich dowiedzieć.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\user\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B41D5340-9ABB-4D2C-8E82-7183E8122202}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{B41D5340-9ABB-4D2C-8E82-7183E8122202}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{B41D5340-9ABB-4D2C-8E82-7183E8122202}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OBNOAATNZ - Unknown owner - C:\DOCUME~1\user\USTAWI~1\Temp\OBNOAATNZ.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PVK - Unknown owner - C:\DOCUME~1\user\USTAWI~1\Temp\PVK.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7376 bytes
-
Pytam się Ciebie jako oprowadzającego (filmik), co na tablicy z próbnymi wydrukami robi flaga Tybetu? :o
-
PS:WIEEEEELKIE PODZIĘKOWANIA DLA ENKIEGO ZA UMIESZCZENIE MNIE NA SCREENIE W ARTYKULE O XFIRE.Jestem w dostępnych - "FeniX" to ja.Będę miał się czym chwalić przed kumplami
:D.Pochwalić się może także niejaki Dogmeat, jego post jest na reklamie forum. Wrrr, farciarze z was
-
-
Tak btw to właśnie w którymś czasopiśmie jest Marine Snapshooter
Patrz kaszanka z najnowszego numeru.
-
Capman - najlepsza Freeware'owa gierka jaką kiedykolwiek widziałem.
Coś w rodzaju Pacmana, tylko że z broniami itp.
Najfajniej gra się we dwóch na jednym kompie.
Link jakby kogoś interesowało:
-
A czy Cenega zrobi coś z tymi którzy już zainstalowali patcha? (tzn. już w ogóle gry nie można włączyć, pisze o płycie)
Bo nie uśmiecha mi się reinstall i strata save'ów... <_<
-
Dzięki, mogę bez skrupułów teraz kupić jedno CDA które mam na oku...
-
Ej mam pytanie,
zakup numeru archiwalnego jest z płytką, czy samo pismo?
Musiałem się upewnić : P
Edit: Powiedziałby ktoś, bo zwlekam juz jakiś czas,a na numerze mi zależy.
edit...:halo, nikt nigdy nie kupował archiwalnych?
Rozwiązany: Komp do 4000 zł
w Komputery i podzespoły
Napisano · Raportuj odpowiedź
A to hyper threading może się okazać przydatne w przyszłości? Jeśli tak, to mogę trochę dołożyć ponad budżet.
I mógłbyś dać linki do tych części na morelach, bo tam będę składał?