Forum komputerowe PC Town :: Zobacz temat - sprawdzenie loga z hijackthis

Forum PC Town

Strona Główna

FAQ

Szukaj

Użytkownicy

Grupy

Rejestracja

Zaloguj

Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » sprawdzenie loga z hijackthis

Poprzedni temat :: Następny temat

sprawdzenie loga z hijackthis

Autor

Wiadomość

kachna1965

Wysłany: 2009-11-27, 22:09 sprawdzenie loga z hijackthis

bardzo proszę o sprawdzenie loga Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:50:41, on 2009-11-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20661) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\INCRED~1\bin\ImApp.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.co...don=IncrediMail R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Default Registration.lnk = E:\sacred rings1\The Sacred Rings\DRC1.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5F3B52AA-E510-4C2F-A6CD-5396053F893E}: NameServer = 213.241.79.37 83.238.255.76 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Usługa Google Update (gupdate1c9b2c96266e240) (gupdate1c9b2c96266e240) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iWinTrusted - Unknown owner - C:\Program Files\iWin Games\iWinTrusted.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 8212 bytes

@Blade@

Pomógł: 8 razy

Wysłany: 2009-11-27, 22:57

Odinstaluj Winamp Toolbar, DAEMON Tools Toolbar oraz Absolutist Games Toolbar

Uruchom HijackThis

Do a system scan only

w okienku programu pokaże się log

zaznacz kratki przy podanych wpisach

klikasz Fix checked

Kod:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Podaj log z OTL (klikasz Run Scan i czekasz, aż powstanie log)

_________________

kachna1965
Gość

Wysłany: 2009-11-28, 14:50 prośba o sprawdzenie loga z OTL

proszę oto mój log z OTL skopiowany z notatnik txt, ale jeszcze jest notatnik extras txt czy to też dać do przebadania OTL logfile created on: 2009-11-28 14:18:45 - Run 1 OTL by OldTimer - Version 3.1.11.1 Folder = C:\Documents and Settings\kachna\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory \| 543,62 Mb Available Physical Memory \| 53,11% Memory free 2,40 Gb Paging File \| 2,01 Gb Available in Paging File \| 83,67% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 20,51 Gb Total Space \| 11,30 Gb Free Space \| 55,12% Space Free \| Partition Type: NTFS Drive D: \| 16,79 Gb Total Space \| 9,76 Gb Free Space \| 58,14% Space Free \| Partition Type: NTFS Drive E: \| 37,26 Gb Total Space \| 10,47 Gb Free Space \| 28,10% Space Free \| Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GADOMSKA-7763C6 Current User Name: kachna Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-11-28 14:18:18 \| 00,535,040 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\kachna\Pulpit\OTL.exe PRC - [2009-11-06 21:46:14 \| 00,908,248 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-11-04 11:14:51 \| 02,028,312 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009-08-18 09:33:09 \| 00,486,680 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009-08-18 09:33:03 \| 00,693,016 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009-08-18 09:32:41 \| 00,595,736 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009-08-18 09:32:34 \| 00,908,056 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009-08-18 09:31:28 \| 00,297,752 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009-07-25 04:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-07-25 04:23:07 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe PRC - [2009-04-23 14:51:38 \| 00,691,656 \| ---- \| M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2009-01-08 12:56:02 \| 05,853,672 \| ---- \| M] (o2.pl Sp. z o.o.) -- C:\Program Files\Tlen.pl\tlen.exe PRC - [2008-12-04 14:48:50 \| 00,068,856 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007-10-16 14:25:13 \| 01,034,752 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-04-04 15:13:42 \| 00,143,408 \| ---- \| M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe PRC - [2007-02-13 15:20:50 \| 01,205,840 \| ---- \| M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe PRC - [2004-08-04 00:44:30 \| 00,013,824 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe ========== Modules (SafeList) ========== MOD - [2009-11-28 14:18:18 \| 00,535,040 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\kachna\Pulpit\OTL.exe MOD - [2007-02-28 18:49:52 \| 00,137,192 \| ---- \| M] (Babylon Ltd.) -- C:\Program Files\IncrediMail\bin\B4ImApp.dll MOD - [2006-08-25 05:21:14 \| 01,054,208 \| R--- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (iWinTrusted) SRV - File not found -- -- (ASKUpgrade) SRV - [2009-09-21 10:45:52 \| 00,072,704 \| ---- \| M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009-08-18 09:32:34 \| 00,908,056 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009-08-18 09:31:28 \| 00,297,752 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009-07-25 04:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-06-03 12:50:46 \| 00,654,848 \| ---- \| M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-04-01 13:56:51 \| 00,133,104 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9b2c96266e240) Usługa Google Update (gupdate1c9b2c96266e240) SRV - [2009-04-01 13:54:14 \| 00,183,280 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) ========== Driver Services (SafeList) ========== DRV - [2009-08-18 09:33:07 \| 00,027,784 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009-08-18 09:33:06 \| 00,335,240 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009-06-02 18:10:51 \| 00,721,904 \| ---- \| M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-05-23 13:28:32 \| 00,278,984 \| ---- \| M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-05-05 12:30:31 \| 00,108,552 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009-04-28 21:20:06 \| 00,044,944 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2009-02-12 11:15:59 \| 00,164,992 \| ---- \| M] () -- C:\WINDOWS\system32\drivers\athsgt.sys -- (athsgt) DRV - [2009-02-12 11:15:48 \| 00,012,544 \| ---- \| M] () -- C:\WINDOWS\system32\drivers\limsgt.sys -- (limsgt) DRV - [2009-01-30 13:27:41 \| 00,011,973 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2009-01-12 10:32:43 \| 00,018,048 \| ---- \| M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008-09-24 11:29:25 \| 00,029,184 \| ---- \| M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone) DRV - [2008-09-04 06:28:22 \| 00,019,968 \| ---- \| M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008-09-04 06:27:54 \| 00,024,832 \| ---- \| M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008-09-04 06:27:28 \| 00,013,056 \| ---- \| M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007-03-08 13:34:46 \| 04,027,840 \| R--- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2007-01-04 12:48:04 \| 00,104,344 \| ---- \| M] (Analog Devices Inc.) -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2007-01-04 12:47:48 \| 00,069,656 \| ---- \| M] (Analog Deivces) -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys) DRV - [2005-11-03 15:40:07 \| 00,063,488 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005-08-10 13:44:04 \| 00,050,688 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 14:20:39 \| 00,006,656 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004-09-03 18:23:10 \| 00,115,680 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004-09-03 18:19:07 \| 00,054,368 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2004-08-04 00:08:22 \| 00,010,624 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-08-04 00:07:44 \| 00,041,088 \| ---- \| M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2004-08-03 23:31:34 \| 00,020,992 \| ---- \| M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2004-08-03 23:29:56 \| 01,897,408 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003-12-01 16:20:52 \| 00,004,832 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2001-08-17 23:00:04 \| 00,002,944 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 22:49:56 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424 FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088 FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009-11-04 11:17:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009-10-05 21:18:27 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-08 19:54:39 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-18 19:43:02 \| 00,000,000 \| ---D \| M] [2008-11-24 19:51:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Extensions [2009-11-28 14:13:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\extensions [2009-08-23 12:12:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-05-31 12:15:55 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2008-11-24 21:11:32 \| 00,000,682 \| ---- \| M] () -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\ask.xml [2009-09-15 21:04:27 \| 00,002,399 \| ---- \| M] () -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\daemon-search.xml [2009-03-12 10:39:08 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\MyStart Search.xml [2009-08-23 12:13:06 \| 00,001,201 \| ---- \| M] () -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\winamp-search.xml [2009-11-27 20:37:46 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-03-20 17:32:59 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2009-02-07 18:23:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008-11-11 08:38:54 \| 00,663,552 \| ---- \| M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2006-09-26 11:03:14 \| 00,098,304 \| ---- \| M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2009-07-15 20:00:25 \| 00,002,767 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-07-15 20:00:25 \| 00,001,406 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-07-15 20:00:25 \| 00,000,917 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-07-15 20:00:25 \| 00,000,858 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-07-15 20:00:25 \| 00,001,183 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-07-15 20:00:25 \| 00,001,683 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Absolutist Games Toolbar) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Absolutist Games Toolbar) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Absolutist Games Toolbar) - {631AC2D4-57B3-42B0-A148-DA33B462C1A3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () O4 - Startup: C:\Documents and Settings\kachna\Menu Start\Programy\Autostart\Default Registration.lnk = E:\sacred rings1\The Sacred Rings\DRC1.exe (Leader Technologies) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-24 19:19:24 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009-11-28 14:18:13 \| 00,535,040 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\kachna\Pulpit\OTL.exe [2009-11-27 21:49:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009-11-27 21:43:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\DoctorWeb [2009-11-27 19:32:03 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Orneon [2009-11-27 18:52:17 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Gamers Digital [2009-11-27 18:52:17 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gamers Digital [2009-11-26 19:41:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\ERS G-Studio [2009-11-26 18:48:33 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Jetdogs Studios [2009-11-25 19:55:35 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\MysteryOfEarl [2009-11-25 15:09:21 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Moje dokumenty\JoWooD [2009-11-24 19:44:20 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blue Footed Games [2009-11-24 16:19:57 \| 00,000,000 \| R--D \| C] -- C:\Documents and Settings\kachna\Moje dokumenty\Expressivo Podcasts [2009-11-24 16:19:57 \| 00,000,000 \| R--D \| C] -- C:\Documents and Settings\kachna\Moje dokumenty\Expressivo Documents [2009-11-24 12:34:32 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\IVONA_INST [2009-11-22 17:40:59 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Scholastic [2009-11-21 21:57:35 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Hidato [2009-11-21 20:59:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Cat's Eye Games [2009-11-21 19:28:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Intenium [2009-11-21 16:43:10 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Green Clover Games [2009-11-21 16:43:10 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Green Clover Games [2009-11-21 14:35:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\OXXOGames [2009-11-19 17:54:51 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Friday's games [2009-11-18 16:43:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Merscom [2009-11-18 16:43:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Merscom [2009-11-18 15:12:24 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\eGames [2009-11-18 12:55:57 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\EscapeTheMuseum2 [2009-11-12 17:25:42 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Big Fish Games [2009-11-12 17:23:27 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\BigFishGamesCache [2009-11-12 17:23:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files\bfgclient [2009-11-11 13:26:25 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\EcoRescue [2009-11-09 21:45:51 \| 00,000,000 \| RH-D \| C] -- C:\Documents and Settings\kachna\Recent [2009-11-09 19:21:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Playrix Entertainment [2009-11-07 19:10:02 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\blg [2009-11-07 12:58:53 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dokumenty\2Tasty [2009-11-07 12:57:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\2Tasty [2009-11-06 21:23:13 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Leadertech [2009-11-06 11:46:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\MumboJumbo [2009-11-04 21:14:03 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\WinRAR [2009-11-04 14:39:04 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Pulpit\Nowy folder [2009-11-04 11:35:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files\JDownloader [2009-11-03 15:35:59 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\PlayFirst [2009-11-03 15:35:59 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst [2009-11-01 10:46:02 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\Temp [2009-10-31 12:12:31 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Profiler The Hopscotch Killer [2009-10-29 19:48:19 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\STARGAZE_IMAGE_CACHE ========== Files - Modified Within 30 Days ========== [2009-11-28 14:20:42 \| 00,000,972 \| ---- \| M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009-11-28 14:18:18 \| 00,535,040 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\kachna\Pulpit\OTL.exe [2009-11-28 14:03:44 \| 00,001,032 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009-11-28 14:03:28 \| 01,416,856 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-11-28 14:03:23 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009-11-28 14:03:16 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009-11-28 14:03:14 \| 10,732,70784 \| -HS- \| M] () -- C:\hiberfil.sys [2009-11-28 14:02:10 \| 09,699,328 \| -H-- \| M] () -- C:\Documents and Settings\kachna\NTUSER.DAT [2009-11-28 14:01:54 \| 00,000,188 \| -HS- \| M] () -- C:\Documents and Settings\kachna\ntuser.ini [2009-11-28 13:53:01 \| 00,001,036 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009-11-28 13:13:42 \| 54,487,609 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\20000L.rar [2009-11-27 19:31:47 \| 00,001,000 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Echoes of the Past Royal House of Stone.lnk [2009-11-27 17:10:38 \| 00,105,755 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009-11-27 17:10:36 \| 45,814,706 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009-11-26 21:50:54 \| 01,577,706 \| -H-- \| M] () -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-26 19:37:28 \| 00,001,055 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Mystery Case Files Dire Grove.lnk [2009-11-26 18:20:03 \| 00,000,748 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do JackTheRipper.lnk [2009-11-26 12:16:02 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009-11-25 15:08:57 \| 00,000,910 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Sąsiedzi z Piekła Rodem 2 - Na Wakacjach.lnk [2009-11-25 15:08:55 \| 00,000,910 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Sąsiedzi z Piekła Rodem 1 - Słodka Zemsta.lnk [2009-11-22 15:57:54 \| 00,000,669 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do marionette.lnk [2009-11-22 15:57:53 \| 00,000,719 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do ISPYSpooky.lnk [2009-11-21 09:47:51 \| 00,000,690 \| ---- \| M] () -- C:\Documents and Settings\kachna\Menu Start\Programy\Autostart\Default Registration.lnk [2009-11-18 20:58:36 \| 00,000,673 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do Escape2.lnk [2009-11-16 15:16:29 \| 00,000,682 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Machinarium.lnk [2009-11-15 16:31:08 \| 00,000,677 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do MysteryInLondon.lnk [2009-11-13 20:21:00 \| 00,000,820 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Murder, She Wrote.lnk [2009-11-10 14:51:23 \| 00,000,169 \| ---- \| M] () -- C:\Documents and Settings\kachna\Dane aplikacji\burnaware.ini [2009-11-08 22:15:34 \| 00,000,386 \| ---- \| M] () -- C:\WINDOWS\tasks\SmartDefrag.job [2009-11-06 21:44:48 \| 00,000,607 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do TSR.lnk [2009-11-06 11:46:08 \| 00,000,719 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do LuxorAdventures.lnk [2009-11-06 11:43:37 \| 00,000,169 \| ---- \| M] () -- C:\WINDOWS\settings.ini [2009-10-31 21:41:59 \| 00,000,477 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do fsasgame.lnk ========== Files Created - No Company Name ========== [2009-11-28 12:52:22 \| 54,487,609 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\20000L.rar [2009-11-26 19:40:03 \| 00,001,000 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Echoes of the Past Royal House of Stone.lnk [2009-11-26 19:37:25 \| 00,001,055 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Mystery Case Files Dire Grove.lnk [2009-11-26 18:20:03 \| 00,000,748 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do JackTheRipper.lnk [2009-11-25 15:08:57 \| 00,000,910 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Sąsiedzi z Piekła Rodem 2 - Na Wakacjach.lnk [2009-11-25 15:08:55 \| 00,000,910 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Sąsiedzi z Piekła Rodem 1 - Słodka Zemsta.lnk [2009-11-22 15:48:19 \| 00,000,669 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do marionette.lnk [2009-11-22 15:46:45 \| 00,000,719 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do ISPYSpooky.lnk [2009-11-18 12:55:41 \| 00,000,673 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do Escape2.lnk [2009-11-16 15:16:29 \| 00,000,682 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Machinarium.lnk [2009-11-13 20:18:52 \| 00,000,820 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Murder, She Wrote.lnk [2009-11-12 17:50:35 \| 00,000,677 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do MysteryInLondon.lnk [2009-11-06 21:44:48 \| 00,000,607 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do TSR.lnk [2009-11-06 21:24:52 \| 00,000,690 \| ---- \| C] () -- C:\Documents and Settings\kachna\Menu Start\Programy\Autostart\Default Registration.lnk [2009-11-06 11:32:44 \| 00,000,719 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do LuxorAdventures.lnk [2009-10-31 21:41:59 \| 00,000,477 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do fsasgame.lnk [2009-10-21 18:24:45 \| 00,059,904 \| ---- \| C] () -- C:\WINDOWS\System32\zlib.dll [2009-10-12 16:28:35 \| 00,000,169 \| ---- \| C] () -- C:\WINDOWS\settings.ini [2009-09-26 19:52:50 \| 00,000,169 \| ---- \| C] () -- C:\Documents and Settings\kachna\Dane aplikacji\burnaware.ini [2009-08-27 12:46:53 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\ResortingToDanger.INI [2009-07-28 16:30:15 \| 00,000,169 \| ---- \| C] () -- C:\WINDOWS\adidsl.ini [2009-07-28 16:30:15 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\Fast800.ini [2009-07-28 16:29:49 \| 00,200,704 \| ---- \| C] () -- C:\WINDOWS\System32\coclassfast.dll [2009-07-28 16:29:47 \| 00,046,892 \| ---- \| C] () -- C:\WINDOWS\System32\ADADIX16.DLL [2009-07-28 16:27:52 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\TextSpy.ini [2009-06-02 19:14:05 \| 00,000,041 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib [2009-03-10 16:53:06 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\sav.ini [2009-03-09 17:39:46 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\SETUP32.INI [2009-03-08 17:07:21 \| 00,006,059 \| ---- \| C] () -- C:\Documents and Settings\kachna\Dane aplikacji\Cabos.plist [2009-03-01 20:02:52 \| 00,000,754 \| ---- \| C] () -- C:\WINDOWS\WORDPAD.INI [2009-02-23 13:44:39 \| 00,000,261 \| ---- \| C] () -- C:\WINDOWS\7THLEVEL.INI [2009-02-13 19:51:28 \| 00,023,700 \| ---- \| C] () -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\slot1.mm1 [2009-02-13 17:03:33 \| 00,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-02-13 17:03:31 \| 00,067,584 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-02-12 11:15:49 \| 00,164,992 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\athsgt.sys [2009-02-12 11:15:34 \| 00,012,544 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\limsgt.sys [2009-01-29 11:22:19 \| 00,000,044 \| ---- \| C] () -- C:\WINDOWS\ei.ini [2009-01-12 10:32:43 \| 00,278,984 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-01-12 10:32:43 \| 00,018,048 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008-12-17 18:39:54 \| 00,000,044 \| ---- \| C] () -- C:\Documents and Settings\All Users\Dane aplikacji\{3D55D1F4-1059-11DC-B281-197056D89593} [2008-12-15 19:09:49 \| 00,721,904 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-12-02 20:40:43 \| 00,000,019 \| ---- \| C] () -- C:\Documents and Settings\All Users\Dane aplikacji\NeptDDat.txt [2008-11-25 16:57:22 \| 00,059,392 \| ---- \| C] () -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-11-25 12:23:09 \| 00,000,761 \| ---- \| C] () -- C:\WINDOWS\m3jp2k.ini [2008-11-25 12:23:09 \| 00,000,702 \| ---- \| C] () -- C:\WINDOWS\mmtvmj.ini [2008-11-25 12:23:08 \| 00,000,714 \| ---- \| C] () -- C:\WINDOWS\m3jpeg.ini [2008-11-25 12:22:59 \| 00,019,968 \| ---- \| C] () -- C:\WINDOWS\System32\cpuinf32.dll [2008-11-25 12:22:50 \| 00,761,856 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-11-24 19:41:52 \| 00,000,990 \| ---- \| C] () -- C:\WINDOWS\adiras.ini [2008-11-24 19:37:58 \| 00,147,456 \| ---- \| C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-11-22 09:11:04 \| 00,001,607 \| ---- \| C] () -- C:\WINDOWS\System32\Load.ini [2008-06-29 14:24:32 \| 00,311,128 \| ---- \| C] () -- C:\WINDOWS\System32\ssleay32.dll [2008-06-29 14:24:32 \| 00,168,960 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2008-06-29 14:24:31 \| 01,526,468 \| ---- \| C] () -- C:\WINDOWS\System32\libeay32.dll [2008-04-28 13:55:27 \| 00,162,816 \| ---- \| C] () -- C:\WINDOWS\System32\sqlite3.dll [2007-07-23 09:03:32 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007-07-23 09:03:32 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007-07-23 09:03:30 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007-07-23 09:03:30 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007-07-23 09:03:30 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FC2D0F32 @Alternate Data Stream - 98 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C63E7DE2 @Alternate Data Stream - 98 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4239238F @Alternate Data Stream - 96 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D48500F8 @Alternate Data Stream - 96 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1DEE6B65 @Alternate Data Stream - 96 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:177313FB @Alternate Data Stream - 94 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:571BE359 @Alternate Data Stream - 216 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:660BFF0A @Alternate Data Stream - 178 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E1002D91 @Alternate Data Stream - 176 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3BD4D405 @Alternate Data Stream - 173 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9B7E8561 @Alternate Data Stream - 148 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E7123C4C @Alternate Data Stream - 147 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F073D52C @Alternate Data Stream - 146 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BDBC3765 @Alternate Data Stream - 146 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:90D89144 @Alternate Data Stream - 144 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A2349A15 @Alternate Data Stream - 140 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3FBE55EA @Alternate Data Stream - 139 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1FF4363A @Alternate Data Stream - 138 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C751F71C @Alternate Data Stream - 137 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:75714345 @Alternate Data Stream - 136 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5FF74A17 @Alternate Data Stream - 133 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D53344E0 @Alternate Data Stream - 130 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E2C80DE4 @Alternate Data Stream - 130 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:715EDF9F @Alternate Data Stream - 126 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9E4DE21B @Alternate Data Stream - 125 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A1000DD4 @Alternate Data Stream - 125 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:93C48025 @Alternate Data Stream - 125 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8E640720 @Alternate Data Stream - 124 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FD000392 @Alternate Data Stream - 124 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DA321CD4 @Alternate Data Stream - 124 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:074D8464 @Alternate Data Stream - 123 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C5CE2DF6 @Alternate Data Stream - 123 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5345C8F6 @Alternate Data Stream - 122 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:65241CBC @Alternate Data Stream - 122 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:40D8F125 @Alternate Data Stream - 122 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0344F92D @Alternate Data Stream - 121 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3745E745 @Alternate Data Stream - 120 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E80802C7 @Alternate Data Stream - 120 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D6BE1CEA @Alternate Data Stream - 119 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5B20ED3F @Alternate Data Stream - 118 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5553EB5E @Alternate Data Stream - 118 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2D7D575C @Alternate Data Stream - 117 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6C99C213 @Alternate Data Stream - 117 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5BFBB588 @Alternate Data Stream - 116 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EB1EC531 @Alternate Data Stream - 116 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AD2BA8A6 @Alternate Data Stream - 116 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3B5038B1 @Alternate Data Stream - 114 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EEB25EAE @Alternate Data Stream - 114 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BE340C9B @Alternate Data Stream - 114 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:25249477 @Alternate Data Stream - 114 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CB4A530 @Alternate Data Stream - 113 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6FE17A89 @Alternate Data Stream - 112 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:653B43BA @Alternate Data Stream - 112 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:63CFD724 @Alternate Data Stream - 111 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A58B27C9 @Alternate Data Stream - 110 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F3600258 @Alternate Data Stream - 110 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:25FA66BA @Alternate Data Stream - 109 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9A8247A9 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C839DB21 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8944C195 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:797D7632 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5D59B736 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4FE42FFC @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:12D2EB9C @Alternate Data Stream - 107 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F14D1F80 @Alternate Data Stream - 107 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8C51E95A @Alternate Data Stream - 107 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7B2BB690 @Alternate Data Stream - 107 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:10A4B216 @Alternate Data Stream - 105 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E91ADC66 @Alternate Data Stream - 105 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CD9109D4 @Alternate Data Stream - 105 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0 @Alternate Data Stream - 104 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 @Alternate Data Stream - 100 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1 @Alternate Data Stream - 100 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:51F17BB8 < End of report >

@Blade@

Pomógł: 8 razy

Wysłany: 2009-11-28, 16:22

Uruchom OTL

w oknie Custom Scans/Fixes wklej:

Cytat:

:OTL
PRC - [2007-10-16 14:25:13 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
SRV - File not found -- -- (iWinTrusted)
SRV - File not found -- -- (ASKUpgrade)
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
[2009-11-28 13:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\extensions\DTToolbar@toolbarnet.com
[2008-11-24 21:11:32 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\ask.xml
[2009-09-15 21:04:27 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\daemon-search.xml
[2009-03-12 10:39:08 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\MyStart Search.xml
[2009-08-23 12:13:06 | 00,001,201 | ---- | M] () -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\winamp-search.xml
O2 - BHO: (Absolutist Games Toolbar) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Absolutist Games Toolbar) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Absolutist Games Toolbar) - {631AC2D4-57B3-42B0-A148-DA33B462C1A3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Files
C:\Program Files\Absolutist_Games

:Commands
[emptytemp]
[start explorer]
[Reboot]

Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL + log z GMER (zakładka Rootkit/Malware

klikasz Szukaj

po zakończeniu klikasz kopiuj i wklejasz zawartość na forum)

kachna1965
Gość

Wysłany: 2009-11-28, 20:47 sprawdzenie loga

proszę o sprawdzenie loga z usuwania z OTL , nowy log z OTL All processes killed ========== OTL ========== No active process named explorer.exe was found! Service iWinTrusted stopped successfully! Service iWinTrusted deleted successfully! Service ASKUpgrade stopped successfully! Service ASKUpgrade deleted successfully! Prefs.js: "Yahoo! Search" removed from browser.search.defaultenginename Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl Prefs.js: "Ask" removed from browser.search.order.1 Prefs.js: "Yahoo! Search" removed from browser.search.selectedEngine Prefs.js: DTToolbar@toolbarnet.com:1.0.8.0552 removed from extensions.enabledItems Prefs.js: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" removed from keyword.URL Folder C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\extensions\DTToolbar@toolbarnet.com\ not found. C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\ask.xml moved successfully. C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\daemon-search.xml moved successfully. C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\MyStart Search.xml moved successfully. C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\searchplugins\winamp-search.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{631ac2d4-57b3-42b0-a148-da33b462c1a3}\ deleted successfully. C:\Program Files\Absolutist_Games\tbAbso.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{631ac2d4-57b3-42b0-a148-da33b462c1a3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{631ac2d4-57b3-42b0-a148-da33b462c1a3}\ not found. File C:\Program Files\Absolutist_Games\tbAbso.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{631AC2D4-57B3-42B0-A148-DA33B462C1A3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{631AC2D4-57B3-42B0-A148-DA33B462C1A3}\ not found. File C:\Program Files\Absolutist_Games\tbAbso.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. ========== FILES ========== C:\Program Files\Absolutist_Games folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: kachna ->Temp folder emptied: 2416194 bytes ->Temporary Internet Files folder emptied: 440030 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 95611164 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 93,94 mb OTL by OldTimer - Version 3.1.11.1 log created on 11282009_164231 Files\Folders moved on Reboot... Registry entries deleted on Reboot... OTL logfile created on: 2009-11-28 16:51:38 - Run 2 OTL by OldTimer - Version 3.1.11.1 Folder = C:\Documents and Settings\kachna\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory \| 568,71 Mb Available Physical Memory \| 55,57% Memory free 2,40 Gb Paging File \| 2,05 Gb Available in Paging File \| 85,29% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 20,51 Gb Total Space \| 12,77 Gb Free Space \| 62,29% Space Free \| Partition Type: NTFS Drive D: \| 16,79 Gb Total Space \| 9,76 Gb Free Space \| 58,14% Space Free \| Partition Type: NTFS Drive E: \| 37,26 Gb Total Space \| 10,17 Gb Free Space \| 27,29% Space Free \| Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GADOMSKA-7763C6 Current User Name: kachna Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-11-28 14:18:18 \| 00,535,040 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\kachna\Pulpit\OTL.exe PRC - [2009-11-06 21:46:14 \| 00,908,248 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-11-04 11:14:51 \| 02,028,312 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009-08-18 09:33:09 \| 00,486,680 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009-08-18 09:33:03 \| 00,693,016 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009-08-18 09:32:41 \| 00,595,736 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009-08-18 09:32:34 \| 00,908,056 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009-08-18 09:31:28 \| 00,297,752 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009-07-25 04:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-04-23 14:51:38 \| 00,691,656 \| ---- \| M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2009-01-08 12:56:02 \| 05,853,672 \| ---- \| M] (o2.pl Sp. z o.o.) -- C:\Program Files\Tlen.pl\tlen.exe PRC - [2008-12-04 14:48:50 \| 00,068,856 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007-10-16 14:25:13 \| 01,034,752 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-04-04 15:13:42 \| 00,143,408 \| ---- \| M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe PRC - [2007-02-13 15:20:50 \| 01,205,840 \| ---- \| M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe PRC - [2004-08-04 00:44:30 \| 00,013,824 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe ========== Modules (SafeList) ========== MOD - [2009-11-28 14:18:18 \| 00,535,040 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\kachna\Pulpit\OTL.exe MOD - [2007-02-28 18:49:52 \| 00,137,192 \| ---- \| M] (Babylon Ltd.) -- C:\Program Files\IncrediMail\bin\B4ImApp.dll MOD - [2006-08-25 05:21:14 \| 01,054,208 \| R--- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009-09-21 10:45:52 \| 00,072,704 \| ---- \| M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009-08-18 09:32:34 \| 00,908,056 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009-08-18 09:31:28 \| 00,297,752 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009-07-25 04:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-06-03 12:50:46 \| 00,654,848 \| ---- \| M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-04-01 13:56:51 \| 00,133,104 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9b2c96266e240) Usługa Google Update (gupdate1c9b2c96266e240) SRV - [2009-04-01 13:54:14 \| 00,183,280 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) ========== Driver Services (SafeList) ========== DRV - [2009-08-18 09:33:07 \| 00,027,784 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009-08-18 09:33:06 \| 00,335,240 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009-06-02 18:10:51 \| 00,721,904 \| ---- \| M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-05-23 13:28:32 \| 00,278,984 \| ---- \| M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-05-05 12:30:31 \| 00,108,552 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009-04-28 21:20:06 \| 00,044,944 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2009-02-12 11:15:59 \| 00,164,992 \| ---- \| M] () -- C:\WINDOWS\system32\drivers\athsgt.sys -- (athsgt) DRV - [2009-02-12 11:15:48 \| 00,012,544 \| ---- \| M] () -- C:\WINDOWS\system32\drivers\limsgt.sys -- (limsgt) DRV - [2009-01-30 13:27:41 \| 00,011,973 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2009-01-12 10:32:43 \| 00,018,048 \| ---- \| M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008-09-24 11:29:25 \| 00,029,184 \| ---- \| M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone) DRV - [2008-09-04 06:28:22 \| 00,019,968 \| ---- \| M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008-09-04 06:27:54 \| 00,024,832 \| ---- \| M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008-09-04 06:27:28 \| 00,013,056 \| ---- \| M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007-03-08 13:34:46 \| 04,027,840 \| R--- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2007-01-04 12:48:04 \| 00,104,344 \| ---- \| M] (Analog Devices Inc.) -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2007-01-04 12:47:48 \| 00,069,656 \| ---- \| M] (Analog Deivces) -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys) DRV - [2005-11-03 15:40:07 \| 00,063,488 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005-08-10 13:44:04 \| 00,050,688 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 14:20:39 \| 00,006,656 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004-09-03 18:23:10 \| 00,115,680 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004-09-03 18:19:07 \| 00,054,368 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2004-08-04 00:08:22 \| 00,010,624 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-08-04 00:07:44 \| 00,041,088 \| ---- \| M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2004-08-03 23:31:34 \| 00,020,992 \| ---- \| M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2004-08-03 23:29:56 \| 01,897,408 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003-12-01 16:20:52 \| 00,004,832 \| ---- \| M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2001-08-17 23:00:04 \| 00,002,944 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 22:49:56 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424 FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088 FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009-11-04 11:17:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009-10-05 21:18:27 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-08 19:54:39 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-18 19:43:02 \| 00,000,000 \| ---D \| M] [2008-11-24 19:51:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Extensions [2009-11-28 14:13:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\extensions [2009-08-23 12:12:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-05-31 12:15:55 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\kachna\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009-11-27 20:37:46 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-03-20 17:32:59 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2009-02-07 18:23:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008-11-11 08:38:54 \| 00,663,552 \| ---- \| M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2006-09-26 11:03:14 \| 00,098,304 \| ---- \| M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2009-07-15 20:00:25 \| 00,002,767 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-07-15 20:00:25 \| 00,001,406 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-07-15 20:00:25 \| 00,000,917 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-07-15 20:00:25 \| 00,000,858 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-07-15 20:00:25 \| 00,001,183 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-07-15 20:00:25 \| 00,001,683 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () O4 - Startup: C:\Documents and Settings\kachna\Menu Start\Programy\Autostart\Default Registration.lnk = E:\sacred rings1\The Sacred Rings\DRC1.exe (Leader Technologies) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-24 19:19:24 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009-11-28 16:42:31 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009-11-28 14:18:13 \| 00,535,040 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\kachna\Pulpit\OTL.exe [2009-11-27 21:49:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009-11-27 19:32:03 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Orneon [2009-11-27 18:52:17 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Gamers Digital [2009-11-27 18:52:17 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gamers Digital [2009-11-25 15:09:21 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Moje dokumenty\JoWooD [2009-11-22 17:40:59 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Scholastic [2009-11-21 21:57:35 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Hidato [2009-11-21 19:28:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Intenium [2009-11-21 14:35:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\OXXOGames [2009-11-18 12:55:57 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\EscapeTheMuseum2 [2009-11-12 17:25:42 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Big Fish Games [2009-11-12 17:23:27 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\BigFishGamesCache [2009-11-12 17:23:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files\bfgclient [2009-11-09 21:45:51 \| 00,000,000 \| RH-D \| C] -- C:\Documents and Settings\kachna\Recent [2009-11-07 12:58:53 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dokumenty\2Tasty [2009-11-07 12:57:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\2Tasty [2009-11-06 21:23:13 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\Leadertech [2009-11-06 11:46:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\MumboJumbo [2009-11-04 21:14:03 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Dane aplikacji\WinRAR [2009-11-04 14:39:04 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Pulpit\Nowy folder [2009-11-04 11:35:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files\JDownloader [2009-11-01 10:46:02 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\Temp [2009-10-31 12:12:31 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Profiler The Hopscotch Killer [2009-10-29 19:48:19 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\STARGAZE_IMAGE_CACHE ========== Files - Modified Within 30 Days ========== [2009-11-28 17:08:00 \| 09,699,328 \| -H-- \| M] () -- C:\Documents and Settings\kachna\NTUSER.DAT [2009-11-28 17:02:43 \| 00,105,805 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009-11-28 17:02:42 \| 45,855,703 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009-11-28 16:53:02 \| 00,001,036 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009-11-28 16:45:59 \| 00,000,972 \| ---- \| M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009-11-28 16:45:40 \| 00,001,032 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009-11-28 16:45:28 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009-11-28 16:45:24 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009-11-28 16:45:23 \| 10,732,70784 \| -HS- \| M] () -- C:\hiberfil.sys [2009-11-28 16:44:02 \| 00,000,188 \| -HS- \| M] () -- C:\Documents and Settings\kachna\ntuser.ini [2009-11-28 14:18:18 \| 00,535,040 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\kachna\Pulpit\OTL.exe [2009-11-28 14:03:28 \| 01,416,856 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-11-27 19:31:47 \| 00,001,000 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Echoes of the Past Royal House of Stone.lnk [2009-11-26 21:50:54 \| 01,577,706 \| -H-- \| M] () -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-26 19:37:28 \| 00,001,055 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Mystery Case Files Dire Grove.lnk [2009-11-26 18:20:03 \| 00,000,748 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do JackTheRipper.lnk [2009-11-26 12:16:02 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009-11-25 15:08:57 \| 00,000,910 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Sąsiedzi z Piekła Rodem 2 - Na Wakacjach.lnk [2009-11-25 15:08:55 \| 00,000,910 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Sąsiedzi z Piekła Rodem 1 - Słodka Zemsta.lnk [2009-11-22 15:57:54 \| 00,000,669 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do marionette.lnk [2009-11-22 15:57:53 \| 00,000,719 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do ISPYSpooky.lnk [2009-11-21 12:17:18 \| 00,292,352 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\gmer.exe [2009-11-21 09:47:51 \| 00,000,690 \| ---- \| M] () -- C:\Documents and Settings\kachna\Menu Start\Programy\Autostart\Default Registration.lnk [2009-11-18 20:58:36 \| 00,000,673 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do Escape2.lnk [2009-11-16 15:16:29 \| 00,000,682 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Machinarium.lnk [2009-11-15 16:31:08 \| 00,000,677 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do MysteryInLondon.lnk [2009-11-13 20:21:00 \| 00,000,820 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Murder, She Wrote.lnk [2009-11-10 14:51:23 \| 00,000,169 \| ---- \| M] () -- C:\Documents and Settings\kachna\Dane aplikacji\burnaware.ini [2009-11-08 22:15:34 \| 00,000,386 \| ---- \| M] () -- C:\WINDOWS\tasks\SmartDefrag.job [2009-11-06 21:44:48 \| 00,000,607 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do TSR.lnk [2009-11-06 11:46:08 \| 00,000,719 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do LuxorAdventures.lnk [2009-11-06 11:43:37 \| 00,000,169 \| ---- \| M] () -- C:\WINDOWS\settings.ini [2009-10-31 21:41:59 \| 00,000,477 \| ---- \| M] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do fsasgame.lnk ========== Files Created - No Company Name ========== [2009-11-28 16:52:04 \| 00,292,352 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\gmer.exe [2009-11-26 19:40:03 \| 00,001,000 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Echoes of the Past Royal House of Stone.lnk [2009-11-26 19:37:25 \| 00,001,055 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Mystery Case Files Dire Grove.lnk [2009-11-26 18:20:03 \| 00,000,748 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do JackTheRipper.lnk [2009-11-25 15:08:57 \| 00,000,910 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Sąsiedzi z Piekła Rodem 2 - Na Wakacjach.lnk [2009-11-25 15:08:55 \| 00,000,910 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Sąsiedzi z Piekła Rodem 1 - Słodka Zemsta.lnk [2009-11-22 15:48:19 \| 00,000,669 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do marionette.lnk [2009-11-22 15:46:45 \| 00,000,719 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do ISPYSpooky.lnk [2009-11-18 12:55:41 \| 00,000,673 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do Escape2.lnk [2009-11-16 15:16:29 \| 00,000,682 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Machinarium.lnk [2009-11-13 20:18:52 \| 00,000,820 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Murder, She Wrote.lnk [2009-11-12 17:50:35 \| 00,000,677 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do MysteryInLondon.lnk [2009-11-06 21:44:48 \| 00,000,607 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do TSR.lnk [2009-11-06 21:24:52 \| 00,000,690 \| ---- \| C] () -- C:\Documents and Settings\kachna\Menu Start\Programy\Autostart\Default Registration.lnk [2009-11-06 11:32:44 \| 00,000,719 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do LuxorAdventures.lnk [2009-10-31 21:41:59 \| 00,000,477 \| ---- \| C] () -- C:\Documents and Settings\kachna\Pulpit\Skrót do fsasgame.lnk [2009-10-21 18:24:45 \| 00,059,904 \| ---- \| C] () -- C:\WINDOWS\System32\zlib.dll [2009-10-12 16:28:35 \| 00,000,169 \| ---- \| C] () -- C:\WINDOWS\settings.ini [2009-09-26 19:52:50 \| 00,000,169 \| ---- \| C] () -- C:\Documents and Settings\kachna\Dane aplikacji\burnaware.ini [2009-08-27 12:46:53 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\ResortingToDanger.INI [2009-07-28 16:30:15 \| 00,000,169 \| ---- \| C] () -- C:\WINDOWS\adidsl.ini [2009-07-28 16:30:15 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\Fast800.ini [2009-07-28 16:29:49 \| 00,200,704 \| ---- \| C] () -- C:\WINDOWS\System32\coclassfast.dll [2009-07-28 16:29:47 \| 00,046,892 \| ---- \| C] () -- C:\WINDOWS\System32\ADADIX16.DLL [2009-07-28 16:27:52 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\TextSpy.ini [2009-06-02 19:14:05 \| 00,000,041 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib [2009-03-10 16:53:06 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\sav.ini [2009-03-09 17:39:46 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\SETUP32.INI [2009-03-08 17:07:21 \| 00,006,059 \| ---- \| C] () -- C:\Documents and Settings\kachna\Dane aplikacji\Cabos.plist [2009-03-01 20:02:52 \| 00,000,754 \| ---- \| C] () -- C:\WINDOWS\WORDPAD.INI [2009-02-23 13:44:39 \| 00,000,261 \| ---- \| C] () -- C:\WINDOWS\7THLEVEL.INI [2009-02-13 19:51:28 \| 00,023,700 \| ---- \| C] () -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\slot1.mm1 [2009-02-13 17:03:33 \| 00,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-02-13 17:03:31 \| 00,067,584 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-02-12 11:15:49 \| 00,164,992 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\athsgt.sys [2009-02-12 11:15:34 \| 00,012,544 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\limsgt.sys [2009-01-29 11:22:19 \| 00,000,044 \| ---- \| C] () -- C:\WINDOWS\ei.ini [2009-01-12 10:32:43 \| 00,278,984 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-01-12 10:32:43 \| 00,018,048 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008-12-17 18:39:54 \| 00,000,044 \| ---- \| C] () -- C:\Documents and Settings\All Users\Dane aplikacji\{3D55D1F4-1059-11DC-B281-197056D89593} [2008-12-15 19:09:49 \| 00,721,904 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-12-02 20:40:43 \| 00,000,019 \| ---- \| C] () -- C:\Documents and Settings\All Users\Dane aplikacji\NeptDDat.txt [2008-11-25 16:57:22 \| 00,059,392 \| ---- \| C] () -- C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-11-25 12:23:09 \| 00,000,761 \| ---- \| C] () -- C:\WINDOWS\m3jp2k.ini [2008-11-25 12:23:09 \| 00,000,702 \| ---- \| C] () -- C:\WINDOWS\mmtvmj.ini [2008-11-25 12:23:08 \| 00,000,714 \| ---- \| C] () -- C:\WINDOWS\m3jpeg.ini [2008-11-25 12:22:59 \| 00,019,968 \| ---- \| C] () -- C:\WINDOWS\System32\cpuinf32.dll [2008-11-25 12:22:50 \| 00,761,856 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-11-24 19:41:52 \| 00,000,990 \| ---- \| C] () -- C:\WINDOWS\adiras.ini [2008-11-24 19:37:58 \| 00,147,456 \| ---- \| C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-11-22 09:11:04 \| 00,001,607 \| ---- \| C] () -- C:\WINDOWS\System32\Load.ini [2008-06-29 14:24:32 \| 00,311,128 \| ---- \| C] () -- C:\WINDOWS\System32\ssleay32.dll [2008-06-29 14:24:32 \| 00,168,960 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2008-06-29 14:24:31 \| 01,526,468 \| ---- \| C] () -- C:\WINDOWS\System32\libeay32.dll [2008-04-28 13:55:27 \| 00,162,816 \| ---- \| C] () -- C:\WINDOWS\System32\sqlite3.dll [2007-07-23 09:03:32 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007-07-23 09:03:32 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007-07-23 09:03:30 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007-07-23 09:03:30 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007-07-23 09:03:30 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FC2D0F32 @Alternate Data Stream - 98 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C63E7DE2 @Alternate Data Stream - 98 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4239238F @Alternate Data Stream - 96 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D48500F8 @Alternate Data Stream - 96 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1DEE6B65 @Alternate Data Stream - 96 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:177313FB @Alternate Data Stream - 94 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:571BE359 @Alternate Data Stream - 216 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:660BFF0A @Alternate Data Stream - 178 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E1002D91 @Alternate Data Stream - 176 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3BD4D405 @Alternate Data Stream - 173 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9B7E8561 @Alternate Data Stream - 148 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E7123C4C @Alternate Data Stream - 147 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F073D52C @Alternate Data Stream - 146 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BDBC3765 @Alternate Data Stream - 146 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:90D89144 @Alternate Data Stream - 144 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A2349A15 @Alternate Data Stream - 140 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3FBE55EA @Alternate Data Stream - 139 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1FF4363A @Alternate Data Stream - 138 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C751F71C @Alternate Data Stream - 137 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:75714345 @Alternate Data Stream - 136 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5FF74A17 @Alternate Data Stream - 133 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D53344E0 @Alternate Data Stream - 130 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E2C80DE4 @Alternate Data Stream - 130 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:715EDF9F @Alternate Data Stream - 126 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9E4DE21B @Alternate Data Stream - 125 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A1000DD4 @Alternate Data Stream - 125 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:93C48025 @Alternate Data Stream - 125 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8E640720 @Alternate Data Stream - 124 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FD000392 @Alternate Data Stream - 124 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DA321CD4 @Alternate Data Stream - 124 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:074D8464 @Alternate Data Stream - 123 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C5CE2DF6 @Alternate Data Stream - 123 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5345C8F6 @Alternate Data Stream - 122 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:65241CBC @Alternate Data Stream - 122 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:40D8F125 @Alternate Data Stream - 122 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0344F92D @Alternate Data Stream - 121 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3745E745 @Alternate Data Stream - 120 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E80802C7 @Alternate Data Stream - 120 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D6BE1CEA @Alternate Data Stream - 119 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5B20ED3F @Alternate Data Stream - 118 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5553EB5E @Alternate Data Stream - 118 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2D7D575C @Alternate Data Stream - 117 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6C99C213 @Alternate Data Stream - 117 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5BFBB588 @Alternate Data Stream - 116 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EB1EC531 @Alternate Data Stream - 116 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:AD2BA8A6 @Alternate Data Stream - 116 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3B5038B1 @Alternate Data Stream - 114 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EEB25EAE @Alternate Data Stream - 114 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BE340C9B @Alternate Data Stream - 114 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:25249477 @Alternate Data Stream - 114 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CB4A530 @Alternate Data Stream - 113 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6FE17A89 @Alternate Data Stream - 112 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:653B43BA @Alternate Data Stream - 112 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:63CFD724 @Alternate Data Stream - 111 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A58B27C9 @Alternate Data Stream - 110 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F3600258 @Alternate Data Stream - 110 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:25FA66BA @Alternate Data Stream - 109 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9A8247A9 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C839DB21 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8944C195 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:797D7632 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5D59B736 @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4FE42FFC @Alternate Data Stream - 108 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:12D2EB9C @Alternate Data Stream - 107 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:F14D1F80 @Alternate Data Stream - 107 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8C51E95A @Alternate Data Stream - 107 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7B2BB690 @Alternate Data Stream - 107 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:10A4B216 @Alternate Data Stream - 105 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E91ADC66 @Alternate Data Stream - 105 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CD9109D4 @Alternate Data Stream - 105 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0 @Alternate Data Stream - 104 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 @Alternate Data Stream - 100 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1 @Alternate Data Stream - 100 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:51F17BB8 < End of report >

kachna1965
Gość

Wysłany: 2009-11-28, 20:50 sprawdzenie loga z GMER

proszę o sprawdzenie loga GMER 1.0.15.15252 - http://www.gmer.net Rootkit scan 2009-11-28 20:49:39 Windows 5.1.2600 Dodatek Service Pack 2 Running: gmer.exe; Driver: C:\DOCUME~1\kachna\USTAWI~1\Temp\awtyraoc.sys ---- System - GMER 1.0.15 ---- SSDT sppi.sys ZwCreateKey [0xF770D0E0] SSDT sppi.sys ZwEnumerateKey [0xF772BCA4] SSDT sppi.sys ZwEnumerateValueKey [0xF772C032] SSDT sppi.sys ZwOpenKey [0xF770D0C0] SSDT sppi.sys ZwQueryKey [0xF772C10A] SSDT sppi.sys ZwQueryValueKey [0xF772BF8A] SSDT sppi.sys ZwSetValueKey [0xF772C19C] INT 0x3B ? 865AEBF8 INT 0x3B ? 865AEBF8 INT 0x3E ? 8676DBF8 INT 0x3F ? 8676DBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? sppi.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F725462C 5 Bytes JMP 865AE1D8 .text aj9s9ll6.SYS F6CD2386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aj9s9ll6.SYS F6CD23AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aj9s9ll6.SYS F6CD23C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text aj9s9ll6.SYS F6CD23C9 1 Byte [30] .text aj9s9ll6.SYS F6CD23C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... .text C:\WINDOWS\system32\DRIVERS\athsgt.sys section is writeable [0xF39E1300, 0x21F20, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xF399E300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7B46300, 0x1B7E, 0xE8000020] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 867DC2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F773EC4C] sppi.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F773ECA0] sppi.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F770E042] sppi.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F770E13E] sppi.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F770E0C0] sppi.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F770E800] sppi.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F770E6D6] sppi.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F771DE9C] sppi.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 865AE2D8 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlInitUnicodeString] 00021083 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!swprintf] 01B05E00 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeSetEvent] 5DE58B5B IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 7E8366C3 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 0F740028 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 89320C8D IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0002288B IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 66D00328 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmUnmapIoSpace] 002A7E83 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 0C8D1574 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IofCompleteRequest] 248B8932 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 0F000002 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IofCallDriver] 832A46B7 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmAllocateMappingAddress] E08303C0 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 66D003FC IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoConnectInterrupt] 002C7E83 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoDetachDevice] 0C8D1E74 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeWaitForSingleObject] 208B8932 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeInitializeEvent] 8A000002 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 83880846 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlInitAnsiString] 000001C0 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 2C4EB70F IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoQueueWorkItem] 8303C183 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmMapIoSpace] D103FCE1 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2E7E8366 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8D1C7400 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoReportResourceForDetection] 83893204 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000218 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!NlsMbCodePageTag] 2E4EB70F IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!PoRequestPowerIrp] 021C8B89 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] B70F0000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0C12E46 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!sprintf] 03D00304 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0CB389F2 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ObfDereferenceObject] 80000002 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0975013E IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 1B42E853 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ZwClose] C4830000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] B05E5F04 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] E58B5B01 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CCCCC35D IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!PoStartNextPowerIrp] CCCCCCCC IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!PoCallDriver] 53EC8B55 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoCreateDevice] 08758B56 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0214BE83 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 57000000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ZwOpenKey] 45C60674 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 1EEB010B IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoStartTimer] 020C868B IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeInitializeTimer] C0850000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoInitializeTimer] 808A1074 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeInitializeDpc] 00000804 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeInitializeSpinLock] A03CF024 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoInitializeIrp] 0B45950F IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ZwCreateKey] 45C604EB IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 458A000B IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 88C0840B IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ZwSetValueKey] 840F0946 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000C1 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 14B30E8B IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoStartPacket] 1C8286C6 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 88010000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C859E IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoFreeMdl] A19E8800 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmUnlockPages] C600001C IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 001C8686 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 86C60100 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00001CA2 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 70518B01 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8D52006A IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoStartNextPacket] 001C8886 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeBugCheckEx] 55E85000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 8B000023 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeSetTimer] 70518B0E IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeCancelTimer] 8D52016A IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!_allmul] 001CA486 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmProbeAndLockPages] 41E85000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!_except_handler3] 8B000023 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!PoSetPowerState] 18C4830E IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 1C8D9E88 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 9E880000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!_aulldiv] 00001CA9 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!strstr] 0E798366 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!_strupr] 74AAB000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeQuerySystemTime] 8186C636 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 1A00001C IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!KeTickCount] 1C8386C6 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] C6020000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoDeleteDevice] 001C8E86 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 86C60200 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00001CAA IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoAllocateIrp] 959E8802 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoAllocateMdl] 8800001C IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB19E IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmLockPagableDataSection] 96868800 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8800001C IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CB286 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!ExFreePoolWithTag] C61AEB00 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoFreeIrp] 001C8186 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!IoFreeWorkItem] 86C61200 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!InitSafeBootMode] 00001C83 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlCompareMemory] 8E868801 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!memmove] 001CAA86 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[ntoskrnl.exe!MmHighestUserAddress] 80968B00 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!KeGetCurrentIrql] 89000001 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!KfRaiseIrql] 0001BC83 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!KfLowerIrql] 24468B00 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!HalGetInterruptVector] 89820C8D IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!KfReleaseSpinLock] 000000BD IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00 IAT \SystemRoot\System32\Drivers\aj9s9ll6.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8676C1F8 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbohci \Device\USBPDO-0 864FB1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 867DA1F8 Device \Driver\dmio \Device\DmControl\DmConfig 867DA1F8 Device \Driver\dmio \Device\DmControl\DmPnP 867DA1F8 Device \Driver\dmio \Device\DmControl\DmInfo 867DA1F8 Device \Driver\usbohci \Device\USBPDO-1 864FB1F8 Device \Driver\PCI_PNP6112 \Device\00000045 sppi.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\prodrv06 \Device\ProDrv06 E1751C30 Device \Driver\Ftdisk \Device\HarddiskVolume1 8676E1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8676E1F8 Device \Driver\Cdrom \Device\CdRom0 865011F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8676E1F8 Device \Driver\Cdrom \Device\CdRom1 865011F8 Device \Driver\atapi \Device\Ide\IdePort0 8676D1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8676D1F8 Device \Driver\atapi \Device\Ide\IdePort1 8676D1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8676D1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 8676D1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 8676D1F8 Device \Driver\Cdrom \Device\CdRom2 865011F8 Device \Driver\Cdrom \Device\CdRom3 865011F8 Device \Driver\Cdrom \Device\CdRom4 865011F8 Device \Driver\prohlp02 \Device\ProHlp02 E1370E20 Device \Driver\Cdrom \Device\CdRom5 865011F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86582500 Device \Driver\NetBT \Device\NetbiosSmb 86582500 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\NetBT \Device\NetBT_Tcpip_{193DB19C-F242-4A62-B27D-E7FA2827356B} 86582500 Device \Driver\sptd \Device\3107007264 sppi.sys Device \Driver\usbohci \Device\USBFDO-0 864FB1F8 Device \Driver\usbohci \Device\USBFDO-1 864FB1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 867561F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 867561F8 Device \Driver\Ftdisk \Device\FtControl 8676E1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{5F3B52AA-E510-4C2F-A6CD-5396053F893E} 86582500 Device \Driver\aj9s9ll6 \Device\Scsi\aj9s9ll61Port2Path0Target3Lun0 864A53A8 Device \Driver\aj9s9ll6 \Device\Scsi\aj9s9ll61Port2Path0Target0Lun0 864A53A8 Device \Driver\aj9s9ll6 \Device\Scsi\aj9s9ll61 864A53A8 Device \Driver\aj9s9ll6 \Device\Scsi\aj9s9ll61Port2Path0Target2Lun0 864A53A8 Device \Driver\aj9s9ll6 \Device\Scsi\aj9s9ll61Port2Path0Target1Lun0 864A53A8 Device \FileSystem\Cdfs \Cdfs 8652E500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x24 0xB2 0x61 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0xDD 0x51 0xD5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF6 0x72 0xB5 0x67 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0xBC 0x0C 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x0A 0x9B 0x66 0xFF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x1D 0x0A 0xBA 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xCD 0xCE 0x56 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x2A 0x68 0x9B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x10 0x20 0xE9 0xD5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA0 0x39 0xEE 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDC 0xC4 0xE8 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD2 0xDB 0x9C 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD4 0x7F 0xAE 0x8F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x24 0xB2 0x61 0xCF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0xDD 0x51 0xD5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF6 0x72 0xB5 0x67 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0xBC 0x0C 0xBF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x0A 0x9B 0x66 0xFF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x1D 0x0A 0xBA 0x4B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xCD 0xCE 0x56 0x1F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x2A 0x68 0x9B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x10 0x20 0xE9 0xD5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA0 0x39 0xEE 0x97 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDC 0xC4 0xE8 0x53 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD2 0xDB 0x9C 0x93 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD4 0x7F 0xAE 0x8F ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\Cache\73656C82d01 0 bytes File C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\Cache\73666C82d01 0 bytes File C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\Cache\73676C82d01 0 bytes File C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\Cache\EB453619d01 0 bytes File C:\Documents and Settings\kachna\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\oimm9jg3.default\Cache\EDE18759d01 0 bytes ---- EOF - GMER 1.0.15 ----

@Blade@

Pomógł: 8 razy

Wysłany: 2009-11-28, 21:54

W logach nic więcej nie widzę. W OTL kliknij CleanUp Przeczyść dysk oraz rejestr CCleaner Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport
_________________

kachna1965
Gość

Wysłany: 2009-11-29, 19:12 sprawdzenie loga

przeskanowałam cały system programem anti-malware i jest czysto program nie znalazł żadnych śmieci-dziękuję bardzo za tak szybką pomoc -i jak to się mówi-do następnego loga Edit by Exe: Mam nadzieję że już wszystko OK, bo narobiłaś mi pracy xD na przyszłość pisz w jednym temacie a nie każdy post w osobnym temacie, bo musiałem wszystko scalać i patrzeć na kolejność P

kachna1965

Wysłany: 2009-12-01, 14:10

sorry,że miałeś tyle roboty no ale wiesz człowiek uczy się na błędach, za to postawię Tobie wirtualne piwo

mateo9zero

Wysłany: 2010-01-03, 13:45

Witam. Czy byłby ktoś tutaj taki dobry i sprawdził mojego loga z Hijackthis ? Obawiam się, że mam jakiegoś wirusa, a sam dobrze się na tym nieznam. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:36:18, on 2010-01-03 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\RTHDCPL.EXE F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\Java\jre6\bin\jusched.exe F:\WINDOWS\system32\rundll32.exe H:\Nero 7\InCD\NBHGui.exe H:\Nero 7\InCD\InCD.exe H:\NOD32\egui.exe F:\WINDOWS\system32\ctfmon.exe H:\DAEMON Tools Lite\daemon.exe H:\ALLPlayer\ALLUpdate.exe F:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe H:\NOD32\ekrn.exe H:\Nero 7\InCD\InCDsrv.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe F:\WINDOWS\system32\wbem\wmiapsrv.exe H:\Nowe Gadu-Gadu\gg.exe H:\Nowe Gadu-Gadu\spellchecker_gg.exe F:\Documents and Settings\Murzyn\Moje dokumenty\Pobieranie\Original_rapid_share_Manager_For_XP\Original rapid share Manager For XP\rapid share Manager\RapidShareManager.exe H:\Mozilla\firefox.exe F:\Documents and Settings\Murzyn\Moje dokumenty\Pobieranie\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] H:\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] H:\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [egui] "H:\NOD32\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ALLUpdate] "H:\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "F:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: LogonInit - logonInit.dll (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - H:\NOD32\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - H:\NOD32\ekrn.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - H:\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - F:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- End of file - 5047 bytes

@Blade@

Pomógł: 8 razy

Wysłany: 2010-01-03, 17:26

Uruchom HijackThis

Do a system scan only

w okienku programu pokaże się log

zaznacz kratki przy podanych wpisach

klikasz Fix checked

Kod:

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] H:\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] H:\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ALLUpdate] "H:\ALLPlayer\ALLUpdate.exe" "sleep"
O20 - Winlogon Notify: LogonInit - logonInit.dll (file missing)

Podaj logi z: OTL, GMER oraz System Repair Engineer

Logi wklejasz na http://wklej.to/ lub http://wklej.org/, a w poście dajesz tylko link

_________________

Mateo9zero
Gość

Wysłany: 2010-01-03, 19:29

Zrobiłem tak jak kazałeś. http://www.wklejto.pl/52344 - Log z OTL http://www.wklejto.pl/52357 - Log z System Repair Engineer Log z GMER się nie udał. Wieszał mi się komputer dwukrotnie podczas scanowania tym programem.

@Blade@

Pomógł: 8 razy

Wysłany: 2010-01-03, 20:08

Praktycznie nic tu nie ma.
Uruchom OTL

w oknie Custom Scans/Fixes wklej:

Cytat:

:OTL
PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic-Eng7 Customized Web Search"
[2009-09-30 10:08:32 | 00,000,888 | ---- | M] () -- F:\Documents and Settings\Murzyn\Dane aplikacji\Mozilla\Firefox\Profiles\ydhfhbit.default\searchplugins\conduit.xml

:Commands
[emptytemp]
[start explorer]

Klikasz Run Fix. Następnie:

W OTL kliknij CleanUp

Przeczyść dysk oraz rejestr CCleaner

Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport

_________________

Mateo9zero
Gość

Wysłany: 2010-01-03, 20:34

Zrobiłem tak jak kazałeś. Podczas gdy wkleiłem skrypt i klikłem Run Fix proces się wykonał i trzeba było zrestartować komputer. Niestety system nie chciał się zamknąć przez 10 minut i go zresetowałem. Nie wiem czy nie zrobiłem coś źle w takim razie ?

@Blade@

Pomógł: 8 razy

Wysłany: 2010-01-03, 21:02

W takim razie wrzuć jeszcze nowy log z OTL, bo nie wiadomo czy wszystko się wykonało
_________________

Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » sprawdzenie loga z hijackthis

Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum

Dodaj temat do Ulubionych
Wersja do druku

system walidacji dla gości opracował Petermechanic Forum komputerowe

Strona wygenerowana w 0,9 sekundy. Zapytań do SQL: 10