Vsmon.exe (log)

**Posty:** 42 · przez **kris&art** 19 Lis 2011, 22:06

Po uruchomieniu komputera co chwile wyskakuje informacja, że jest problem z validation C:\WINDOWS\System32\ZoneLabs\vsmon.exe. System Win Xp. Byl robiony scan Avira, spybot SD, stinger, czyszczenie CCleaner.

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:00:18, on 2011-11-19 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe D:\Programy\Emsisoft Anti-Malware\a2service.exe C:\Program Files\Przyspiesz Komputer\PCSUService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RunDll32.exe D:\Programy\pdvd\PowerDVD\PDVDServ.exe D:\Programy\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe D:\Programy\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\My\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2233703 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 86.127.71.45 L2authd.lineage2.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\JavaSE\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programy\JavaSE\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [AVG7_CC] D:\Programy\AVG\avgcc.exe /STARTUP O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd O4 - HKLM\..\Run: [RemoteControl] D:\Programy\pdvd\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "D:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [UVS11 Preload] D:\Programy\VideoStudio\uvPL.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files\Przyspiesz Komputer\PCSpeedUp.lnk O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Programy\AVG\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Word\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\Word\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O20 - Winlogon Notify: mdhcp32 - C:\WINDOWS\SYSTEM32\mdhcp32.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - D:\Programy\Emsisoft Anti-Malware\a2service.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - D:\Programy\Avira\AntiVir Desktop\avguard.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - D:\Programy\AVG\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - D:\Programy\AVG\avgupsvc.exe (file missing) O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - D:\Programy\AVG\avgemc.exe (file missing) O23 - Service: Dragon Age: Początek - Aktualizator zawartości (DAUpdaterSvc) - Unknown owner - D:\Gry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing) O23 - Service: NBService - Nero AG - D:\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files\Przyspiesz Komputer\PCSUService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6400 bytes

**Posty:** 12734 · przez **Mikou@j** 19 Lis 2011, 22:08

Przeczytaj uważnie i zastosuj obowiazkowe-zasady-wstawiania-logow-wazne-vt117887.html
- 2 logi z otl
- log z gmera

**Posty:** 42 · przez **kris&art** 19 Lis 2011, 23:04

gmer log:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-19 21:58:02 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\00000070 ST3250310AS rev.3.AAC Running: zmiolfnf.exe; Driver: C:\DOCUME~1\My\USTAWI~1\Temp\fxtdqpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0x9EE0A930] SSDT BA6B315E ZwCreateKey SSDT BA6B3154 ZwCreateThread SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0x9EE0AF20] SSDT BA6B3163 ZwDeleteKey SSDT BA6B316D ZwDeleteValueKey SSDT sptd.sys ZwEnumerateKey [0xB9F08698] SSDT sptd.sys ZwEnumerateValueKey [0xB9F08A26] SSDT BA6B3172 ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0x9EE0AD70] SSDT sptd.sys ZwOpenKey [0xB9ED4F80] SSDT BA6B3140 ZwOpenProcess SSDT BA6B3145 ZwOpenThread SSDT sptd.sys ZwQueryKey [0xB9F08AFE] SSDT sptd.sys ZwQueryValueKey [0xB9F0897E] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0x9EE17250] SSDT BA6B317C ZwReplaceKey SSDT BA6B3177 ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0x9EE0B120] SSDT BA6B3168 ZwSetValueKey INT 0x63 ? 8A208F00 INT 0x73 ? 8A393CB8 INT 0x83 ? 8A393CB8 INT 0xB1 ? 8A1ADCB8 INT 0xB1 ? 8A1ADCB8 INT 0xB4 ? 8A208F00 ---- Kernel code sections - GMER 1.0.15 ---- .text sptd.sys B9E98000 28 Bytes [30, 68, 6E, 80, A6, BB, 6E, ...] .text sptd.sys B9E9801D 3 Bytes [69, 6E, 80] .text sptd.sys B9E98024 104 Bytes [7A, 52, 53, 80, 68, B9, 54, ...] .text sptd.sys B9E9808D 103 Bytes [06, 50, 80, 66, A1, 4F, 80, ...] .text sptd.sys B9E980F5 36 Bytes [95, 53, 80, 55, BA, 53, 80, ...] .text ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F441AA] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? srescan.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload B94EB8AC 5 Bytes JMP 8A208410 .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F42000, 0x238387, 0xE8000020] PAGE armvb4c4.SYS AB168800 32 Bytes [03, 57, 8B, 7D, 08, 89, 75, ...] PAGE armvb4c4.SYS AB168822 7 Bytes [00, 85, C0, 0F, 84, F6, 03] PAGE armvb4c4.SYS AB16882A 15 Bytes [00, 80, FA, AD, 75, 0A, 80, ...] PAGE armvb4c4.SYS AB16883A 98 Bytes [80, FA, A3, 75, 12, 8A, 53, ...] PAGE armvb4c4.SYS AB16889D 87 Bytes [00, EB, 04, 83, 65, F4, 00, ...] PAGE ... .text alez4qx3.SYS AB118306 50 Bytes [00, 00, 00, 24, 03, 00, F0, ...] .text alez4qx3.SYS AB118339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text alez4qx3.SYS AB118351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text alez4qx3.SYS AB1183A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text alez4qx3.SYS AB1183B4 34 Bytes [40, 00, 00, C8, 50, 41, 47, ...] .text ... .text ipsec.sys 9EEE2300 108 Bytes [90, 90, 90, 90, 90, 90, 90, ...] .text ipsec.sys 9EEE236D 108 Bytes [B9, 48, 1C, EF, 9E, F0, 0F, ...] .text ipsec.sys 9EEE23DA 67 Bytes [C9, C2, 04, 00, B0, 01, EB, ...] .text ipsec.sys 9EEE241E 3 Bytes [85, 63, 02] {TEST [EBX+0x2], ESP} .text ipsec.sys 9EEE2423 36 Bytes [42, 8B, CA, 2B, 48, 04, F7, ...] .text ... .PAGE1 C:\WINDOWS\system32\DRIVERS\ipsec.sys unknown last section [0x9EEF0500, 0x100, 0xC0000040] ? C:\WINDOWS\system32\DRIVERS\ipsec.sys suspicious PE modification .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0x9BD8E300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB5E37300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text D:\Programy\Emsisoft Anti-Malware\a2service.exe[2028] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 00455589 D:\Programy\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E9A20E] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E9970C] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E99EEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E9970C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E998F0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E99832] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E9A0CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E99EEE] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EADF56] sptd.sys IAT \SystemRoot\System32\Drivers\armvb4c4.SYS[HAL.dll!KeGetCurrentIrql] 76D83B08 IAT \SystemRoot\System32\Drivers\armvb4c4.SYS[HAL.dll!KfAcquireSpinLock] 08458903 IAT \SystemRoot\System32\Drivers\armvb4c4.SYS[HAL.dll!KfReleaseSpinLock] 75FF016A IAT \SystemRoot\System32\Drivers\armvb4c4.SYS[HAL.dll!KfRaiseIrql] B0878DFC IAT \SystemRoot\System32\Drivers\armvb4c4.SYS[HAL.dll!KfLowerIrql] FF00000F IAT \SystemRoot\System32\Drivers\armvb4c4.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 6A0C55FF IAT \SystemRoot\System32\Drivers\alez4qx3.SYS[HAL.dll!KeGetCurrentIrql] 000000F0 IAT \SystemRoot\System32\Drivers\alez4qx3.SYS[HAL.dll!KfAcquireSpinLock] 0B5D3842 IAT \SystemRoot\System32\Drivers\alez4qx3.SYS[HAL.dll!KfReleaseSpinLock] 00E09689 IAT \SystemRoot\System32\Drivers\alez4qx3.SYS[HAL.dll!KfRaiseIrql] F98B0000 IAT \SystemRoot\System32\Drivers\alez4qx3.SYS[HAL.dll!KfLowerIrql] ABABABAB IAT \SystemRoot\System32\Drivers\alez4qx3.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 0000F186 IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [9EE12CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [9EE131C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [9EE13320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [9EE12E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [9EE12E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [9EE12CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [9EE131C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [9EE13320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [9EE12CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [9EE12E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [9EE13320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [9EE131C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KfReleaseSpinLock] 74C08524 IAT \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KfLowerIrql] 207F801F IAT \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KfRaiseIrql] FF057500 IAT \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KeGetCurrentIrql] 03EB0C77 IAT \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KfAcquireSpinLock] 501477FF IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [9EE13320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [9EE131C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [9EE12CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [9EE12E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [9EE12CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [9EE131C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [9EE13320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [9EE12CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [9EE12E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [9EE13320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [9EE131C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A3921E8 Device \FileSystem\Fastfat \FatCdrom 892F41E8 Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\usbohci \Device\USBPDO-0 8A0BE430 Device \Driver\usbehci \Device\USBPDO-1 8A1FB1E8 Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\nvata \Device\00000070 8A3931E8 Device \Driver\nvata \Device\00000071 8A3931E8 Device \Driver\Cdrom \Device\CdRom0 8A0B11E8 Device \Driver\atapi \Device\Ide\IdePort0 [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8A0B11E8 Device \Driver\Cdrom \Device\CdRom2 8A0B11E8 Device \Driver\Cdrom \Device\CdRom3 8A0B11E8 Device \Driver\Cdrom \Device\CdRom4 8A0B11E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 894C81E8 Device \Driver\USBSTOR \Device\00000084 88F23430 Device \Driver\USBSTOR \Device\00000085 88F23430 Device \Driver\NetBT \Device\NetbiosSmb 894C81E8 Device \Driver\PCI_PNP1154 \Device\0000004c sptd.sys Device \Driver\PCI_PNP1154 \Device\0000004c sptd.sys Device \Driver\PCI_PNP1154 \Device\0000004d sptd.sys Device \Driver\PCI_PNP1154 \Device\0000004d sptd.sys Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\NetBT \Device\NetBT_Tcpip_{3F4C0CCB-035A-43F1-A542-D1E532F8E4BB} 894C81E8 Device \Driver\usbohci \Device\USBFDO-0 8A0BE430 Device \Driver\usbehci \Device\USBFDO-1 8A1FB1E8 Device \Driver\nvata \Device\NvAta0 8A3931E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8937F1E8 Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\nvata \Device\NvAta1 8A3931E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8937F1E8 Device \Driver\vdrv1000 \Device\Scsi\vdrv10001Port4Path0Target1Lun0 89EE8430 Device \Driver\vdrv1000 \Device\Scsi\vdrv10001Port4Path0Target0Lun0 89EE8430 Device \Driver\alez4qx3 \Device\Scsi\alez4qx31 89EE7430 Device \Driver\vdrv1000 \Device\Scsi\vdrv10001Port4Path0Target2Lun0 89EE8430 Device \Driver\vdrv1000 \Device\Scsi\vdrv10001 89EE8430 Device \Driver\armvb4c4 \Device\Scsi\armvb4c41 8A176430 Device \Driver\armvb4c4 \Device\Scsi\armvb4c41Port6Path0Target0Lun0 8A176430 Device \Driver\alez4qx3 \Device\Scsi\alez4qx31Port5Path0Target0Lun0 89EE7430 Device \FileSystem\Fastfat \Fat 892F41E8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 893271E8 ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) AB212000-AB21B000 (36864 bytes) Module (noname) (*** hidden *** ) AB5D0000-AB5DF000 (61440 bytes) ---- Threads - GMER 1.0.15 ---- Thread System [4:396] AB2163E0 Thread System [4:400] AB2163E0 Thread System [4:404] 894F2330 Thread System [4:408] 894F2330 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\DRIVERS\vdrv1000.sys (*** hidden *** ) [SYSTEM] vdrv1000 <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x4A 0xCF 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x5D 0x85 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0x19 0x8F 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6C 0xF2 0x94 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0x0E 0x09 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x27 0x70 0x6C 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV1000.SYS Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@Group SCSI Miniport Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000@Tag 34 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\Enum Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\Enum@0 ROOT\SCSIADAPTER\0000 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\Enum@Count 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\Enum@NextInstance 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\parameters\pnpinterface Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\security Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv1000\security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet002\Services\fakci@DisplayName Server Windows Reg HKLM\SYSTEM\ControlSet002\Services\fakci@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\fakci@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\fakci@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\fakci@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\fakci@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\fakci@Description Umo?liwia u?ytkownikom zdalnym modyfikowanie ustawie? rejestru na tym komputerze. Je?li ta us?uga zostanie zatrzymana, rejestr b?d? mogli modyfikowa? tylko u?ytkownicy tego komputera. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet002\Services\fakci\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\fakci\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6C 0xF2 0x94 0x34 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0x0E 0x09 0x8B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x60 0x7C 0xA2 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\ugmdypqo@DisplayName Support Image Reg HKLM\SYSTEM\ControlSet002\Services\ugmdypqo@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\ugmdypqo@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\ugmdypqo@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\ugmdypqo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\ugmdypqo@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\ugmdypqo@Description Zapewnia chroniony magazyn dla wra?liwych danych, takich jak klucze prywatne, w celu ich ochrony przed dost?pem niepowo?anych us?ug, proces?w lub u?ytkownik?w. Reg HKLM\SYSTEM\ControlSet002\Services\ugmdypqo\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\ugmdypqo\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\ezuvtk@DisplayName Shell Security Reg HKLM\SYSTEM\ControlSet004\Services\ezuvtk@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\ezuvtk@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\ezuvtk@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\ezuvtk@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\ezuvtk@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\ezuvtk@Description Zarz?dza konfiguracj? sieci poprzez rejestracj? i aktualizacj? adres?w IP i nazw DNS. Reg HKLM\SYSTEM\ControlSet004\Services\ezuvtk\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\ezuvtk\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\fakci@DisplayName Server Windows Reg HKLM\SYSTEM\ControlSet004\Services\fakci@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\fakci@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\fakci@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\fakci@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\fakci@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\fakci@Description Umo?liwia u?ytkownikom zdalnym modyfikowanie ustawie? rejestru na tym komputerze. Je?li ta us?uga zostanie zatrzymana, rejestr b?d? mogli modyfikowa? tylko u?ytkownicy tego komputera. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet004\Services\fakci\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\fakci\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\mgwuqprn@DisplayName Image Update Reg HKLM\SYSTEM\ControlSet004\Services\mgwuqprn@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\mgwuqprn@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\mgwuqprn@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\mgwuqprn@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\mgwuqprn@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\mgwuqprn@Description Umo?liwia u?ytkownikom zdalnym modyfikowanie ustawie? rejestru na tym komputerze. Je?li ta us?uga zostanie zatrzymana, rejestr b?d? mogli modyfikowa? tylko u?ytkownicy tego komputera. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet004\Services\mgwuqprn\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\mgwuqprn\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\nkwqs@DisplayName Task System Reg HKLM\SYSTEM\ControlSet004\Services\nkwqs@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\nkwqs@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\nkwqs@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\nkwqs@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\nkwqs@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\nkwqs@Description Tworzy i zachowuje po??czenia sieciowe klient?w z serwerami zdalnymi. Je?li ta us?uga zostanie zatrzymana, po??czenia te stan? si? niedost?pne. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet004\Services\nkwqs\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\nkwqs\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\okklxeoci@DisplayName qxcqiqv Reg HKLM\SYSTEM\ControlSet004\Services\okklxeoci@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\okklxeoci@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\okklxeoci@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\okklxeoci@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\okklxeoci@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\okklxeoci@Description Zapewnia us?ugi translacji adres?w sieciowych, adresowania, rozpoznawania nazw i/lub blokowania dost?pu intruz?w wszystkim komputerom w sieci domowej lub biurowej. Reg HKLM\SYSTEM\ControlSet004\Services\okklxeoci\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\okklxeoci\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\oxcnmthq@DisplayName System Network Reg HKLM\SYSTEM\ControlSet004\Services\oxcnmthq@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\oxcnmthq@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\oxcnmthq@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\oxcnmthq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\oxcnmthq@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\oxcnmthq@Description Rozpoznaje i buforuje nazwy systemu Domain Name System (DNS). Je?li ta us?uga zostanie zatrzymana, ten komputer nie b?dzie m?g? rozpoznawa? nazw DNS ani lokalizowa? kontroler?w domen w us?udze Active Directory. Je?li ta us?uga zostanie wy??czona, wszelkie us?ugi jawnie od niej zale?ne przestan? si? uruchamia?. Reg HKLM\SYSTEM\ControlSet004\Services\oxcnmthq\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\oxcnmthq\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\pxpupxqy@DisplayName Shell Time Reg HKLM\SYSTEM\ControlSet004\Services\pxpupxqy@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\pxpupxqy@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\pxpupxqy@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\pxpupxqy@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\pxpupxqy@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\pxpupxqy@Description Przechowuje informacje o zabezpieczeniach dla kont u?ytkownik?w lokalnych. Reg HKLM\SYSTEM\ControlSet004\Services\pxpupxqy\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\pxpupxqy\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\rsmdyt@DisplayName Security Universal Reg HKLM\SYSTEM\ControlSet004\Services\rsmdyt@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\rsmdyt@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\rsmdyt@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\rsmdyt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\rsmdyt@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\rsmdyt@Description Zapewnia us?ugi translacji adres?w sieciowych, adresowania, rozpoznawania nazw i/lub blokowania dost?pu intruz?w wszystkim komputerom w sieci domowej lub biurowej. Reg HKLM\SYSTEM\ControlSet004\Services\rsmdyt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\rsmdyt\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x4A 0xCF 0x5D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x5D 0x85 0x96 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0x19 0x8F 0x13 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6C 0xF2 0x94 0x34 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0x0E 0x09 0x8B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x27 0x70 0x6C 0x89 ... Reg HKLM\SYSTEM\ControlSet004\Services\tcnfpxkdk@DisplayName Time Image Reg HKLM\SYSTEM\ControlSet004\Services\tcnfpxkdk@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\tcnfpxkdk@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\tcnfpxkdk@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\tcnfpxkdk@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\tcnfpxkdk@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\tcnfpxkdk@Description Zarz?dza konfiguracj? sieci poprzez rejestracj? i aktualizacj? adres?w IP i nazw DNS. Reg HKLM\SYSTEM\ControlSet004\Services\tcnfpxkdk\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\tcnfpxkdk\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\ugmdypqo@DisplayName Support Image Reg HKLM\SYSTEM\ControlSet004\Services\ugmdypqo@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\ugmdypqo@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\ugmdypqo@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\ugmdypqo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\ugmdypqo@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\ugmdypqo@Description Zapewnia chroniony magazyn dla wra?liwych danych, takich jak klucze prywatne, w celu ich ochrony przed dost?pem niepowo?anych us?ug, proces?w lub u?ytkownik?w. Reg HKLM\SYSTEM\ControlSet004\Services\ugmdypqo\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\ugmdypqo\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV1000.SYS Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000@Group SCSI Miniport Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000@Start 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000@Type 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000@Tag 34 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000\Enum (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000\Enum@0 ROOT\SCSIADAPTER\0000 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000\Enum@Count 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000\Enum@NextInstance 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000\parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000\parameters\pnpinterface (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000\parameters\pnpinterface@1 1 Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000\security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\vdrv1000\security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet004\Services\zjjcfzajb@DisplayName Task Microsoft Reg HKLM\SYSTEM\ControlSet004\Services\zjjcfzajb@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\zjjcfzajb@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\zjjcfzajb@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\zjjcfzajb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\zjjcfzajb@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\zjjcfzajb@Description ?ledzi zdarzenia systemowe, takie jak zdarzenia zwi?zane z logowaniem do systemu Windows, sieci? i zasilaniem. Zawiadamia o tych zdarzeniach subskrybent?w systemu zdarze? COM+. Reg HKLM\SYSTEM\ControlSet004\Services\zjjcfzajb\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\zjjcfzajb\Parameters@ServiceDll C:\WINDOWS\system32\tksleje.dll ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB4328$\2029230052 0 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\L 0 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\L\mwhmaund 75264 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\loader.tlb 23688 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\U 0 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\U\@00000001 45968 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\U\@000000c0 3072 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\U\@000000cb 3072 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\U\@000000cf 1536 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\U\@80000000 23040 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\U\@800000c0 32768 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\U\@800000cb 24064 bytes File C:\WINDOWS\$NtUninstallKB4328$\2029230052\U\@800000cf 31744 bytes File C:\WINDOWS\$NtUninstallKB4328$\2158267456 0 bytes ---- EOF - GMER 1.0.15 ----

OTL1:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-11-19 21:15:05 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\My\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 75,87% Memory free 3,85 Gb Paging File | 3,48 Gb Available in Paging File | 90,48% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 2,45 Gb Free Space | 12,54% Space Free | Partition Type: NTFS Drive D: | 106,67 Gb Total Space | 28,31 Gb Free Space | 26,54% Space Free | Partition Type: NTFS Drive E: | 106,67 Gb Total Space | 16,57 Gb Free Space | 15,54% Space Free | Partition Type: NTFS Drive J: | 7,44 Gb Total Space | 6,76 Gb Free Space | 90,81% Space Free | Partition Type: FAT32 Computer Name: GRART | User Name: My | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-11-19 21:12:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My\Pulpit\OTL.exe PRC - [2011-07-20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe PRC - [2010-11-11 09:49:44 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Programy\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-07-28 14:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Emsisoft Anti-Malware\a2service.exe PRC - [2009-03-05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-02-10 23:07:32 | 000,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2004-11-02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- D:\Programy\pdvd\PowerDVD\PDVDServ.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-11-19 17:39:13 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\mdhcp32.dll MOD - [2011-07-20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe MOD - [2010-07-15 16:53:52 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll MOD - [2010-07-15 16:53:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll MOD - [2010-07-15 16:53:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2010-07-15 16:51:58 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll MOD - [2010-07-14 20:45:59 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll MOD - [2010-07-14 20:45:52 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll MOD - [2010-07-14 20:45:42 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll MOD - [2010-07-14 20:45:18 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2010-07-14 20:45:08 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2010-05-27 11:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010-04-16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2010-03-16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll MOD - [2008-04-14 21:50:40 | 000,246,784 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (DAUpdaterSvc) SRV - File not found [Auto | Stopped] -- -- (AVGEMS) SRV - File not found [Auto | Stopped] -- -- (Avg7UpdSvc) SRV - File not found [Auto | Stopped] -- -- (Avg7Alrt) SRV - File not found [Auto | Stopped] -- -- (AntiVirService) SRV - [2011-07-20 13:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe -- (PCSUService) SRV - [2011-01-06 20:41:06 | 004,192,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2010-07-28 14:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2008-07-09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2007-06-29 18:16:56 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programy\Nero 7\Nero BackItUp\NBService.exe -- (NBService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-11-19 20:23:49 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011-09-21 18:32:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2011-09-21 18:32:42 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011-06-28 18:25:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011-06-28 18:25:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-08-25 14:15:18 | 000,071,008 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- D:\Programy\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2010-05-27 18:37:06 | 004,830,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010-05-21 08:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vdrv1000.sys -- (vdrv1000) DRV - [2010-03-10 16:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HH10Help.sys -- (HH10Help.sys) DRV - [2009-05-11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Programy\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009-05-11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008-11-15 18:24:39 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean) DRV - [2008-11-15 18:24:39 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi) DRV - [2008-11-15 18:24:33 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP) DRV - [2008-11-15 18:24:33 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW) DRV - [2008-11-15 18:24:31 | 000,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core) DRV - [2008-07-09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2008-02-27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan) DRV - [2007-07-19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2007-07-10 02:42:32 | 001,310,720 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (c65013264) DRV - [2007-02-11 00:55:50 | 000,013,824 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007-01-24 18:46:50 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2006-07-01 23:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-04-25 01:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006-04-15 04:09:06 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-04-15 04:09:04 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2233703 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programy\JavaSE\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\Programy\JavaSE\lib\deploy\jqs\ff [2008-11-18 18:10:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Programy\Mozilla\components [2011-11-11 14:31:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Programy\Mozilla\plugins [2011-07-08 16:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\My\Dane aplikacji\Mozilla\Extensions [2008-11-18 17:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\My\Dane aplikacji\Mozilla\Firefox\Profiles\q91sb9n0.default\extensions [2008-11-18 17:58:19 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\My\Dane aplikacji\Mozilla\Firefox\Profiles\q91sb9n0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2008-11-18 18:10:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAMY\JAVASE\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2010-06-11 05:04:02 | 000,000,857 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 86.127.71.45 L2authd.lineage2.com O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\JavaSE\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programy\JavaSE\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVG7_CC] D:\Programy\AVG\avgcc.exe /STARTUP File not found O4 - HKLM..\Run: [avgnt] D:\Programy\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl] D:\Programy\pdvd\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UVS11 Preload] D:\Programy\VideoStudio\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files\Przyspiesz Komputer\PCSpeedUp.lnk () O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = D:\Programy\Word\Office10\OSA.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Programy\Word\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll ( ) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\PrxerNsp.dll File not found O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} http://www.eska.pl/streamplayers/OggX.ocx (OggX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F4C0CCB-035A-43F1-A542-D1E532F8E4BB}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\78f397e4\X) -C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\78f397e4\X () O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - C:\WINDOWS\System32\mdhcp32.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-15 17:15:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3cc37ac3-b337-11dd-a81d-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{3cc37ac3-b337-11dd-a81d-806d6172696f}\Shell\AutoRun\command - "" = F:\Bin\Assetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\WINDOWS\System32\ [2011-11-19 21:12:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\My\Pulpit\OTL.exe [2011-11-19 20:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Moje dokumenty\PCSpeedUp [2011-11-19 20:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Przyspiesz Komputer [2011-11-19 20:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Przyspiesz Komputer [2011-11-19 20:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight [2011-11-19 20:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011-11-19 20:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Dane aplikacji\OpenCandy [2011-11-19 20:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite [2011-11-19 20:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011-11-19 20:05:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\My\Recent [2011-11-19 19:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe [2011-11-19 18:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\Macromedia [2011-11-19 17:39:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\78f397e4 [2011-11-19 16:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\Skyrim [2011-11-19 16:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TES V Skyrim [2011-11-11 09:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011-11-11 09:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2011-11-07 18:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011-11-07 18:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple [2011-10-26 19:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\THE SHIELD Soundtrack - Music From The Streets - The Shield OST [2011-10-26 19:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\Tantric - 2008 - The End Begins [2011-10-26 19:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\Tantric - 2004 - After We Go [2011-10-26 19:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\Tantric - 2001 - Tantric [2011-10-26 19:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\RECORD [2011-10-23 20:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\K-Lite Codec Pack [2011-10-23 20:14:31 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2009-04-01 18:49:00 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\PrxerNsp.dll [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\WINDOWS\System32\ [2011-11-19 21:13:24 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\zmiolfnf.exe [2011-11-19 21:12:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My\Pulpit\OTL.exe [2011-11-19 20:59:42 | 000,296,655 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll [2011-11-19 20:58:25 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat [2011-11-19 20:58:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-11-19 20:26:18 | 053,051,424 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2011-11-19 20:26:18 | 000,623,948 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2011-11-19 20:25:02 | 000,002,011 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\Przyspiesz Komputer.lnk [2011-11-19 20:23:52 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2011-11-19 17:39:13 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\mdhcp32.dll [2011-11-19 16:17:12 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\TES V Skyrim.lnk [2011-11-18 18:01:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-11-18 18:00:59 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-11-17 18:30:23 | 004,447,700 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\zdjecia.zip [2011-11-17 18:03:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-11-12 07:44:03 | 000,166,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-11-10 06:35:46 | 000,082,288 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\SuperWoman_Wallpaper__yvt2.jpg [2011-11-07 18:26:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-11-03 19:05:46 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\urlopy 2012.bmp [2011-11-02 17:22:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011-10-30 06:46:28 | 000,499,510 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-10-30 06:46:28 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-10-30 06:46:28 | 000,088,816 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-10-30 06:46:28 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-11-19 21:13:22 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\zmiolfnf.exe [2011-11-19 20:25:02 | 000,002,011 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\Przyspiesz Komputer.lnk [2011-11-19 17:39:18 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\crt.dat [2011-11-19 17:39:16 | 000,296,655 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll [2011-11-19 17:39:13 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\mdhcp32.dll [2011-11-19 16:17:12 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\TES V Skyrim.lnk [2011-11-17 18:33:59 | 004,447,700 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\zdjecia.zip [2011-11-10 06:35:46 | 000,082,288 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\SuperWoman_Wallpaper__yvt2.jpg [2011-11-03 19:15:05 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\urlopy 2012.bmp [2011-10-26 19:10:20 | 003,336,192 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\Tantric - Fall Down.mp3 [2011-10-26 19:10:19 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\pmp_usb.ini [2011-10-23 20:14:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-10-23 20:14:33 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2011-10-23 20:14:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-10-23 20:14:29 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-10-23 20:14:20 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-09-21 18:32:42 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2011-09-21 18:32:42 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2011-05-28 09:21:00 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-10-09 15:15:56 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2010-04-29 16:01:46 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2010-04-29 16:01:46 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2010-04-29 16:01:46 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2010-04-29 16:01:46 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2010-04-29 16:01:46 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2010-04-29 16:01:46 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2010-03-22 17:27:43 | 053,051,424 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010-03-22 17:25:26 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2010-03-19 20:29:39 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-01-09 17:24:13 | 000,000,079 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009-11-08 15:10:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2009-11-08 12:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin [2009-06-10 18:51:08 | 000,001,134 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2009-06-05 22:58:16 | 000,012,377 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-05-08 16:39:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-04-29 22:20:30 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009-04-01 18:49:41 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\My\Dane aplikacji\Current.prx [2008-12-20 17:37:16 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-12-15 21:25:47 | 000,064,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2008-12-05 22:30:00 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2008-11-26 18:24:25 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-11-17 17:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008-11-15 20:57:30 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2008-11-15 20:48:11 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2008-11-15 20:48:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2008-11-15 20:48:09 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2008-11-15 20:48:09 | 000,203,336 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2008-11-15 20:34:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008-11-15 20:27:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2008-11-15 19:00:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\C6501rm.dll [2008-11-15 19:00:52 | 000,000,162 | ---- | C] () -- C:\WINDOWS\C6501.ini.cfl [2008-11-15 18:50:18 | 000,004,571 | R--- | C] () -- C:\WINDOWS\C6501.ini.cfg [2008-11-15 18:50:07 | 000,000,326 | R--- | C] () -- C:\WINDOWS\c6501.ini [2008-11-15 18:40:50 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008-11-15 18:40:25 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-11-15 18:17:54 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2008-11-15 18:05:42 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008-11-15 18:03:00 | 000,166,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008-11-15 17:17:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008-11-15 17:13:05 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008-10-28 16:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-07-30 18:00:51 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe [2007-07-20 03:19:32 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2007-07-20 03:19:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2004-08-03 23:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002-03-17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL [2001-10-26 19:15:16 | 000,499,510 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 19:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 19:15:16 | 000,088,816 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 19:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-08-23 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-18 00:30:24 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-18 00:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-18 00:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-18 00:30:22 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-18 00:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-07-22 01:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-22 01:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-22 01:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1997-12-19 00:03:38 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B606BA34 < End of report >

OTL2:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-11-19 21:19:29 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\My\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,74% Memory free 3,85 Gb Paging File | 3,46 Gb Available in Paging File | 89,86% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 2,45 Gb Free Space | 12,54% Space Free | Partition Type: NTFS Drive D: | 106,67 Gb Total Space | 28,31 Gb Free Space | 26,54% Space Free | Partition Type: NTFS Drive E: | 106,67 Gb Total Space | 16,57 Gb Free Space | 15,54% Space Free | Partition Type: NTFS Drive J: | 7,44 Gb Total Space | 6,76 Gb Free Space | 90,81% Space Free | Partition Type: FAT32 Computer Name: GRART | User Name: My | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-11-19 21:12:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My\Pulpit\OTL.exe PRC - [2011-07-20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe PRC - [2010-11-11 09:49:44 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Programy\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-07-28 14:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) -- D:\Programy\Emsisoft Anti-Malware\a2service.exe PRC - [2009-03-05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-02-10 23:07:32 | 000,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2004-11-02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- D:\Programy\pdvd\PowerDVD\PDVDServ.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-11-19 17:39:13 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\mdhcp32.dll MOD - [2011-07-20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe MOD - [2010-07-15 16:53:52 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll MOD - [2010-07-15 16:53:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll MOD - [2010-07-15 16:53:04 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2010-07-15 16:51:58 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll MOD - [2010-07-14 20:45:59 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll MOD - [2010-07-14 20:45:52 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll MOD - [2010-07-14 20:45:42 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll MOD - [2010-07-14 20:45:18 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2010-07-14 20:45:08 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2010-05-27 11:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010-04-16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2010-03-16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll MOD - [2008-04-14 21:50:40 | 000,246,784 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (zjjcfzajb) SRV - File not found [Auto | Stopped] -- -- (ugmdypqo) SRV - File not found [Auto | Stopped] -- -- (tcnfpxkdk) SRV - File not found [Auto | Stopped] -- -- (rsmdyt) SRV - File not found [Auto | Stopped] -- -- (pxpupxqy) SRV - File not found [Auto | Stopped] -- -- (oxcnmthq) SRV - File not found [Auto | Stopped] -- -- (okklxeoci) SRV - File not found [Auto | Stopped] -- -- (nkwqs) SRV - File not found [Auto | Stopped] -- -- (mgwuqprn) SRV - File not found [Auto | Stopped] -- -- (fakci) SRV - File not found [Auto | Stopped] -- -- (ezuvtk) SRV - File not found [On_Demand | Stopped] -- -- (DAUpdaterSvc) SRV - File not found [Auto | Stopped] -- -- (AVGEMS) SRV - File not found [Auto | Stopped] -- -- (Avg7UpdSvc) SRV - File not found [Auto | Stopped] -- -- (Avg7Alrt) SRV - File not found [Auto | Stopped] -- -- (AntiVirService) SRV - [2011-07-20 13:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe -- (PCSUService) SRV - [2011-01-06 20:41:06 | 004,192,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2010-07-28 14:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\Programy\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2008-07-09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2007-06-29 18:16:56 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programy\Nero 7\Nero BackItUp\NBService.exe -- (NBService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-11-19 20:23:49 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011-09-21 18:32:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2011-09-21 18:32:42 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011-06-28 18:25:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011-06-28 18:25:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-08-25 14:15:18 | 000,071,008 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- D:\Programy\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2010-05-27 18:37:06 | 004,830,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010-05-21 08:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vdrv1000.sys -- (vdrv1000) DRV - [2010-03-10 16:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HH10Help.sys -- (HH10Help.sys) DRV - [2009-05-11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Programy\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009-05-11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008-11-15 18:24:39 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean) DRV - [2008-11-15 18:24:39 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi) DRV - [2008-11-15 18:24:33 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP) DRV - [2008-11-15 18:24:33 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW) DRV - [2008-11-15 18:24:31 | 000,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core) DRV - [2008-07-09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2008-02-27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan) DRV - [2007-07-19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2007-07-10 02:42:32 | 001,310,720 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (c65013264) DRV - [2007-02-11 00:55:50 | 000,013,824 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007-01-24 18:46:50 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2006-07-01 23:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-04-25 01:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006-04-15 04:09:06 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-04-15 04:09:04 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2233703 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programy\JavaSE\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\Programy\JavaSE\lib\deploy\jqs\ff [2008-11-18 18:10:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Programy\Mozilla\components [2011-11-11 14:31:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Programy\Mozilla\plugins [2011-07-08 16:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\My\Dane aplikacji\Mozilla\Extensions [2008-11-18 17:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\My\Dane aplikacji\Mozilla\Firefox\Profiles\q91sb9n0.default\extensions [2008-11-18 17:58:19 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\My\Dane aplikacji\Mozilla\Firefox\Profiles\q91sb9n0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2008-11-18 18:10:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAMY\JAVASE\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2010-06-11 05:04:02 | 000,000,857 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 86.127.71.45 L2authd.lineage2.com O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\JavaSE\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programy\JavaSE\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVG7_CC] D:\Programy\AVG\avgcc.exe /STARTUP File not found O4 - HKLM..\Run: [avgnt] D:\Programy\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl] D:\Programy\pdvd\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UVS11 Preload] D:\Programy\VideoStudio\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files\Przyspiesz Komputer\PCSpeedUp.lnk () O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = D:\Programy\Word\Office10\OSA.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Programy\Word\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll ( ) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\PrxerNsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\PrxerNsp.dll File not found O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} http://www.eska.pl/streamplayers/OggX.ocx (OggX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F4C0CCB-035A-43F1-A542-D1E532F8E4BB}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\78f397e4\X) -C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\78f397e4\X () O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - C:\WINDOWS\System32\mdhcp32.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-15 17:15:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3cc37ac3-b337-11dd-a81d-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{3cc37ac3-b337-11dd-a81d-806d6172696f}\Shell\AutoRun\command - "" = F:\Bin\Assetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\WINDOWS\System32\ [2011-11-19 21:12:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\My\Pulpit\OTL.exe [2011-11-19 20:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Moje dokumenty\PCSpeedUp [2011-11-19 20:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Przyspiesz Komputer [2011-11-19 20:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Przyspiesz Komputer [2011-11-19 20:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight [2011-11-19 20:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011-11-19 20:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Dane aplikacji\OpenCandy [2011-11-19 20:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite [2011-11-19 20:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011-11-19 20:05:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\My\Recent [2011-11-19 19:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe [2011-11-19 18:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\Macromedia [2011-11-19 17:39:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\78f397e4 [2011-11-19 16:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\Skyrim [2011-11-19 16:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TES V Skyrim [2011-11-11 09:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011-11-11 09:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2011-11-07 18:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011-11-07 18:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple [2011-10-26 19:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\THE SHIELD Soundtrack - Music From The Streets - The Shield OST [2011-10-26 19:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\Tantric - 2008 - The End Begins [2011-10-26 19:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\Tantric - 2004 - After We Go [2011-10-26 19:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\Tantric - 2001 - Tantric [2011-10-26 19:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My\Pulpit\RECORD [2011-10-23 20:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\K-Lite Codec Pack [2011-10-23 20:14:31 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2009-04-01 18:49:00 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\PrxerNsp.dll [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\WINDOWS\System32\ [2011-11-19 21:13:24 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\zmiolfnf.exe [2011-11-19 21:12:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My\Pulpit\OTL.exe [2011-11-19 20:59:42 | 000,296,655 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll [2011-11-19 20:58:25 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat [2011-11-19 20:58:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-11-19 20:26:18 | 053,051,424 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2011-11-19 20:26:18 | 000,623,948 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2011-11-19 20:25:02 | 000,002,011 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\Przyspiesz Komputer.lnk [2011-11-19 20:23:52 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2011-11-19 17:39:13 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\mdhcp32.dll [2011-11-19 16:17:12 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\TES V Skyrim.lnk [2011-11-18 18:01:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-11-18 18:00:59 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-11-17 18:30:23 | 004,447,700 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\zdjecia.zip [2011-11-17 18:03:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-11-12 07:44:03 | 000,166,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-11-10 06:35:46 | 000,082,288 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\SuperWoman_Wallpaper__yvt2.jpg [2011-11-07 18:26:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-11-03 19:05:46 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\My\Pulpit\urlopy 2012.bmp [2011-11-02 17:22:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011-10-30 06:46:28 | 000,499,510 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-10-30 06:46:28 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-10-30 06:46:28 | 000,088,816 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-10-30 06:46:28 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-11-19 21:13:22 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\zmiolfnf.exe [2011-11-19 20:25:02 | 000,002,011 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\Przyspiesz Komputer.lnk [2011-11-19 17:39:18 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\crt.dat [2011-11-19 17:39:16 | 000,296,655 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll [2011-11-19 17:39:13 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\mdhcp32.dll [2011-11-19 16:17:12 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\TES V Skyrim.lnk [2011-11-17 18:33:59 | 004,447,700 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\zdjecia.zip [2011-11-10 06:35:46 | 000,082,288 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\SuperWoman_Wallpaper__yvt2.jpg [2011-11-03 19:15:05 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\urlopy 2012.bmp [2011-10-26 19:10:20 | 003,336,192 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\Tantric - Fall Down.mp3 [2011-10-26 19:10:19 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\My\Pulpit\pmp_usb.ini [2011-10-23 20:14:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-10-23 20:14:33 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2011-10-23 20:14:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-10-23 20:14:29 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-10-23 20:14:20 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-09-21 18:32:42 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2011-09-21 18:32:42 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2011-05-28 09:21:00 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-10-09 15:15:56 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2010-04-29 16:01:46 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2010-04-29 16:01:46 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2010-04-29 16:01:46 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2010-04-29 16:01:46 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2010-04-29 16:01:46 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2010-04-29 16:01:46 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2010-03-22 17:27:43 | 053,051,424 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010-03-22 17:25:26 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2010-03-19 20:29:39 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-01-09 17:24:13 | 000,000,079 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009-11-08 15:10:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2009-11-08 12:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin [2009-06-10 18:51:08 | 000,001,134 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2009-06-05 22:58:16 | 000,012,377 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-05-08 16:39:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-04-29 22:20:30 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009-04-01 18:49:41 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\My\Dane aplikacji\Current.prx [2008-12-20 17:37:16 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-12-15 21:25:47 | 000,064,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2008-12-05 22:30:00 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2008-11-26 18:24:25 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\My\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-11-17 17:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008-11-15 20:57:30 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2008-11-15 20:48:11 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2008-11-15 20:48:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2008-11-15 20:48:09 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2008-11-15 20:48:09 | 000,203,336 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2008-11-15 20:34:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008-11-15 20:27:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2008-11-15 19:00:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\C6501rm.dll [2008-11-15 19:00:52 | 000,000,162 | ---- | C] () -- C:\WINDOWS\C6501.ini.cfl [2008-11-15 18:50:18 | 000,004,571 | R--- | C] () -- C:\WINDOWS\C6501.ini.cfg [2008-11-15 18:50:07 | 000,000,326 | R--- | C] () -- C:\WINDOWS\c6501.ini [2008-11-15 18:40:50 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008-11-15 18:40:25 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-11-15 18:17:54 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2008-11-15 18:05:42 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008-11-15 18:03:00 | 000,166,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008-11-15 17:17:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008-11-15 17:13:05 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008-10-28 16:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-07-30 18:00:51 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe [2007-07-20 03:19:32 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2007-07-20 03:19:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2004-08-03 23:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002-03-17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL [2001-10-26 19:15:16 | 000,499,510 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 19:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 19:15:16 | 000,088,816 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 19:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-08-23 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-18 00:30:24 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-18 00:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-18 00:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-18 00:30:22 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-18 00:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-07-22 01:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-22 01:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-22 01:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1997-12-19 00:03:38 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll [color=#E56717]========== LOP Check ==========[/color] [2011-09-19 18:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\architekt3d [2009-05-09 06:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\avg7 [2010-07-15 18:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BioWare [2011-11-19 20:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011-05-22 18:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Divinity 2 [2010-07-15 17:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-09-07 19:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2008-11-15 18:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft [2010-04-29 16:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo [2008-11-15 18:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2009-06-05 22:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Drivers HeadQuarters [2010-05-02 17:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-04-29 16:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems [2011-09-19 18:32:10 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\My\Dane aplikacji\.# [2009-05-08 20:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\AVG7 [2011-03-01 21:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\BESTplayer [2011-11-05 22:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\BitTorrent [2009-12-24 13:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\CursorArts [2008-12-20 17:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\DAEMON Tools [2011-11-19 20:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\DAEMON Tools Lite [2008-12-20 17:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\DAEMON Tools Pro [2011-04-17 16:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\DNA [2008-11-21 16:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\Gadu-Gadu [2010-09-07 21:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\Gadu-Gadu 10 [2011-11-19 20:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\OpenCandy [2009-10-03 06:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\Opera [2011-09-19 18:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\pl.murator.PrzymierzalniaMebleILampy [2010-05-20 16:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\TS3Client [2010-04-29 16:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\My\Dane aplikacji\Ulead Systems [2011-02-17 15:05:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\My\Dane aplikacji\Virtual CD v10 [2011-11-02 17:22:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B606BA34 < End of report >

**Posty:** 18165 · przez **wojtas** 21 Lis 2011, 23:21

jest infekcja w stanie czynnym
poczytaj i zastosuj się do tego, odinstaluj Daemon Tools i inne tego typu programy, zrób reset kompa

DRV - [2011-11-19 20:23:49 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011-09-21 18:32:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011-09-21 18:32:42 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

wykonaj skan: Kaspersky TDSSKiller, jeśli coś znajdzie dajesz Skip.

dopiero po tych zabiegach daj loga z Combofixa

P.S logi z OTL nie miały być dwa takie same.. miał być ten co dałeś + extras.txt

( czyt w przyklejonym )

**Posty:** 42 · przez **kris&art** 22 Lis 2011, 14:07

Dzięki za odpowiedź:). Jednak wczoraj zrobiłem format dysku, zainstalowałem system i podstawowe programy. Nie było jeszcze połączenia z internetem jako, że zmagam się z routerem><. Na razie zainstalowałem Antivira Kaspersky trial na 30 dni.

Czy format usunął ww. infekcję, czy też jak "ustawię" komputer dać loga z Combofixa?

**Posty:** 18165 · przez **wojtas** 22 Lis 2011, 17:21

Format powinien załatwić sprawę, jednak był w ogóle nie potrzebny, jeśli chcesz dla pewności możesz puścić log

Vsmon.exe (log)

Vsmon.exe (log)

Vsmon.exe (log)

Vsmon.exe (log)

Vsmon.exe (log)

Vsmon.exe (log)

Vsmon.exe (log)

Kto jest na forum