Brak dźwięku i błąd generic host process for win32 services

**Posty:** 179 · przez **_x_boy_** 06 Lut 2011, 13:55

Witam,

Od dwóch dni mam problem z systemem a dokładniej wyskakuje mi błąd " Generic host Process for Win32 Services " po którym nie mam dźwięku i system wręcz szaleje! internet się rozłącza kolory paska zadnań się zmieniają itp. Ściągnąłem "Windows Worms Doors Cleaner" bo słyszałem, że trzeba zablokować porty niestety nic to nie dało . Przy okazji Utorrent przestał ściągać ( router linksys wag200g) port mam 10483 wszystko ładnie wcześniej chodziło . Win Xp 32 bit.

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-06 14:13:27 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD2500KS-00MJB0 rev.02.01C03 Running: ejkse363.exe; Driver: C:\DOCUME~1\Maciej\USTAWI~1\Temp\pgwcafoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB3D36604] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB3D364C0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB3D3699E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB3D36098] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB3D3659A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB3D35FD8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB3D3603C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB3D366BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB3D3667A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB3D367FA] ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\WINDOWS\system32\DRIVERS\imapi.sys entry point in ".rsrc" section [0xB7553314] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB69E03A0, 0x59FFE5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3580] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3624] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00400002 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00400000 ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89C24AEA Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89C24AEA Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-4 89C24AEA Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89C24AEA Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89C24AEA Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 89C24AEA Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 89C24AEA Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 89C24AEA Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort6 89C24AEA Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort7 89C24AEA AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device \Device\Ide\IdeDeviceP2T0L0-17 -> \??\IDE#DiskWDC_WD2500KS-00MJB0_____________________02.01C03#5&6dad66d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0xF2 0xC7 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0x0A 0xD3 0xD7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0xF2 0xC7 0x4F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0x0A 0xD3 0xD7 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sectors 488394799 (+254): rootkit-like behavior; ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\DRIVERS\imapi.sys suspicious modification; TDL3 <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----

Kod: Zaznacz wszystko: OTL logfile created on: 2011-02-06 14:14:59 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = F:\CHROME DOWN Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 3046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 0,37 Gb Free Space | 1,90% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 1,00 Gb Free Space | 2,56% Space Free | Partition Type: NTFS Drive E: | 34,18 Gb Total Space | 3,15 Gb Free Space | 9,21% Space Free | Partition Type: NTFS Drive F: | 140,10 Gb Total Space | 3,68 Gb Free Space | 2,63% Space Free | Partition Type: NTFS Computer Name: MACIEJ-FADAB975 | User Name: Maciej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-06 14:01:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\CHROME DOWN\OTL.exe PRC - [2011-01-08 04:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2010-12-17 19:16:06 | 001,527,808 | ---- | M] (Alexey ILJIN) -- C:\Program Files\Translate Client\translateclient.exe PRC - [2010-12-16 06:19:28 | 012,984,928 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-10-18 19:14:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010-08-13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008-11-18 18:52:51 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2008-11-18 18:39:02 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2008-11-18 18:38:57 | 000,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2008-11-18 18:38:44 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2008-11-18 18:36:32 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:14 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe PRC - [2007-02-23 11:27:50 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcfcoms.exe PRC - [2002-07-02 10:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-06 14:01:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\CHROME DOWN\OTL.exe MOD - [2008-11-18 18:38:06 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll MOD - [2008-04-14 22:50:40 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll MOD - [2008-04-14 22:50:26 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll MOD - [2002-03-13 08:25:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (StarWindServiceAE) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2010-08-13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009-03-04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-11-18 18:52:51 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2008-11-18 18:38:57 | 000,155,160 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2008-11-18 18:38:44 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2008-11-18 18:36:32 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2007-02-23 11:27:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-07-09 23:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-03-15 17:17:32 | 000,005,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\GPCIDrv.sys -- (GPCIDrv) DRV - [2010-03-15 17:17:29 | 000,017,962 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2009-05-25 10:49:10 | 000,086,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV - [2009-05-25 10:49:08 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009-05-25 10:49:08 | 000,109,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV - [2009-05-25 10:49:08 | 000,108,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV - [2009-05-25 10:49:08 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009-05-25 10:49:08 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV - [2009-05-25 10:49:08 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2008-11-18 19:04:21 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2008-11-18 19:03:33 | 000,110,160 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2008-11-18 19:02:43 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008-11-18 19:01:23 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2008-11-18 19:01:09 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2008-11-18 19:00:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-01-09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007-06-29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2005-12-12 17:06:12 | 000,171,185 | R--- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1065.sys -- (RDID1065) DRV - [2005-05-09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX) DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2002-07-24 06:52:26 | 000,998,004 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2002-07-19 03:48:32 | 000,156,604 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2002-07-19 03:48:22 | 000,213,860 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2002-07-19 03:48:08 | 000,011,068 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2002-07-19 03:48:04 | 000,195,432 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2002-07-19 03:47:52 | 000,837,548 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2002-07-19 03:46:28 | 000,127,948 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2002-04-17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi) DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) DRV - [2001-04-13 19:18:24 | 000,188,276 | ---- | M] (Roland) [Kernel | Auto | Running] -- E:\ABLETON VST\RVIEg01VST.sys -- (RVIEGVST) DRV - [2001-04-13 19:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- E:\ABLETON VST\RVIEg01.sys -- (RVIEG01) DRV - [1999-12-17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = wyborcza.pl/0,0.html?p=031 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1957994488-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..\URLSearchHook: {b88b1d29-b49c-455d-9fd2-3acd06af56b8} - C:\Program Files\EN_-_Real_Madrid_FC\tbEN_1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.startup.homepage: "wyborcza.pl/0,0.html?p=031" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11 FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.326.1 FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010-07-29 17:06:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2010-10-05 11:45:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-12 10:14:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-18 09:22:53 | 000,000,000 | ---D | M] [2010-02-26 14:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Extensions [2011-02-02 13:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\c7vyaefg.default\extensions [2010-05-02 10:30:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\c7vyaefg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-03-15 07:57:12 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Maciej\Dane aplikacji\Mozilla\Firefox\Profiles\c7vyaefg.default\searchplugins\daemon-search.xml [2011-02-02 13:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-05-16 14:26:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010-07-29 17:06:39 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\PROGRAM FILES\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM [2009-04-15 09:16:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-10-05 11:45:04 | 000,000,000 | ---D | M] (RelevantKnowledge) -- C:\PROGRAM FILES\RELEVANTKNOWLEDGE [2010-02-21 11:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010-07-23 01:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-23 01:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-07-23 01:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-23 01:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-23 01:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-23 01:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (EN - Real Madrid FC Toolbar) - {b88b1d29-b49c-455d-9fd2-3acd06af56b8} - C:\Program Files\EN_-_Real_Madrid_FC\tbEN_1.dll (Conduit Ltd.) O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKLM\..\Toolbar: (EN - Real Madrid FC Toolbar) - {b88b1d29-b49c-455d-9fd2-3acd06af56b8} - C:\Program Files\EN_-_Real_Madrid_FC\tbEN_1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..\Toolbar\WebBrowser: (EN - Real Madrid FC Toolbar) - {B88B1D29-B49C-455D-9FD2-3ACD06AF56B8} - C:\Program Files\EN_-_Real_Madrid_FC\tbEN_1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\WinDir\Svchost.exe (Microsoft Corporation) O4 - HKLM..\Run: [Jet Detection] d:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe () O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-21-1957994488-602609370-839522115-1003..\Run: [HKCU] C:\WINDOWS\system32\WinDir\Svchost.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1957994488-602609370-839522115-1003..\Run: [Jtavodurexur] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WinDir\Svchost.exe (Microsoft Corporation) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O7 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WinDir\Svchost.exe (Microsoft Corporation) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\OFFICE\Office10\EXCEL.EXE (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: 111222.cn ([list1] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: pps.tv ([kan] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: pps.tv ([list1] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: pps.tv ([tvguide] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: pps.tv ([vodguide] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: ppstream.com ([list1] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: ppstream.com ([notice] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: ppstream.com ([xml1] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: ppstream.com ([xml2] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: ppstream.com ([xml3] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: ppstream.net ([list1] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: ppstv.com ([list1] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: ppstv.net ([list1] http in Lokalny intranet) O15 - HKU\S-1-5-21-1957994488-602609370-839522115-1003\..Trusted Domains: security_PPStream.exe ([]about in Lokalny intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.86,93.188.161.226 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Maciej\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maciej\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{072c5f64-5844-11de-8503-00e021100c91}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe O33 - MountPoints2\{072c5f64-5844-11de-8503-00e021100c91}\Shell\Open(&0)\command - "" = J:\Recycled\ctfmon.exe O33 - MountPoints2\{424cd1e8-4437-11df-873c-00e021100c91}\Shell\AutoRun\command - "" = hermon.exe O33 - MountPoints2\{fd562dc7-e58e-11de-867b-00e021100c91}\Shell - "" = AutoRun O33 - MountPoints2\{fd562dc7-e58e-11de-867b-00e021100c91}\Shell\AutoRun\command - "" = J:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Windows Server\nsmadt.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\Maciej\Pulpit\Dla Justynki [2011-02-06 12:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-02-04 11:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Ubisoft [2011-02-01 16:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciej\Dane aplikacji\translateclient [2011-02-01 16:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Translate Client [2011-02-01 16:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Translate Client [2011-02-01 16:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciej\Pulpit\PORTABLE-TranslateClient-5.0.517 [2011-02-01 16:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciej\Pulpit\crack [2011-01-29 17:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciej\Pulpit\sf walentynki 2005 upload by DAVID SHANON [2011-01-25 16:16:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maciej\Pulpit\Making Fidget House Sound (Tutorial by Timofey) Project [2011-01-24 12:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciej\Ustawienia lokalne\Dane aplikacji\Ubisoft [2011-01-24 12:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2011-01-19 15:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciej\Moje dokumenty\Hitman Blood Money [2011-01-19 14:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Eidos [2011-01-14 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spectrasonics [2011-01-13 15:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciej\Ustawienia lokalne\Dane aplikacji\Focus Home Interactive [2011-01-09 13:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DivX [2011-01-08 15:44:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maciej\Pulpit\Deadmau5-Ghost_N_Stuff_Making_by_Timofey Project [2010-12-28 15:32:12 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll [2010-12-28 15:32:12 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll [2010-12-28 15:32:12 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpmui.dll [2010-12-28 15:32:12 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll [2010-12-28 15:32:12 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfinpa.dll [2010-12-28 15:32:12 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfiesc.dll [2010-12-28 15:32:12 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfhcp.dll [2010-12-28 15:32:12 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll [2010-12-28 15:32:12 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll [2010-12-28 15:32:11 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfhbn3.dll [2010-12-28 15:32:11 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll [2010-12-28 15:32:11 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll [2009-09-14 18:39:31 | 000,018,384 | ---- | C] ( ) -- C:\WINDOWS\System32\video.drv [2009-02-09 22:56:42 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] [2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\Maciej\Pulpit\Dla Justynki [2011-02-06 14:06:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-02-06 14:04:08 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\obdrkgq.job [2011-02-06 13:57:33 | 003,374,301 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80651102}.CDF [2011-02-06 13:57:33 | 003,374,301 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80651102}.BAK [2011-02-06 13:57:33 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-02-06 13:57:32 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2011-02-06 13:57:29 | 000,003,298 | ---- | M] () -- C:\WINDOWS\System32\StyleVista.png [2011-02-06 13:57:29 | 000,003,137 | ---- | M] () -- C:\WINDOWS\System32\StyleVistaDown.png [2011-02-06 13:57:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-06 13:56:36 | 012,582,912 | -H-- | M] () -- C:\Documents and Settings\Maciej\NTUSER.DAT [2011-02-06 13:56:35 | 000,010,588 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000002-80651102}.rfx [2011-02-06 13:56:35 | 000,010,588 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000002-80651102}.rfx [2011-02-06 13:56:35 | 000,006,456 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000002-80651102}.rfx [2011-02-06 13:56:35 | 000,006,456 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000002-80651102}.rfx [2011-02-06 12:45:36 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\HiJackThis.lnk [2011-02-06 03:02:00 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Maciej\ntuser.ini [2011-02-05 17:02:44 | 000,031,884 | ---- | M] () -- C:\Documents and Settings\Maciej\Moje dokumenty\cc_20110205_170240.reg [2011-02-05 12:19:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-02-05 11:25:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-02-04 11:12:37 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia - Piaski Czasu.lnk [2011-02-03 18:15:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-02-02 16:52:09 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Maciej\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-02 10:32:22 | 000,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-02-01 16:55:10 | 000,024,328 | ---- | M] () -- C:\Documents and Settings\Maciej\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-02-01 16:55:04 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Translate Client.lnk [2011-01-30 13:46:29 | 000,069,292 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\C16784514_4.jpg [2011-01-30 13:45:57 | 000,062,556 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\C16784514_3.jpg [2011-01-25 20:38:34 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-01-23 02:05:47 | 000,035,604 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\cd74d5a293056d5e81a2865df61e1630 [2011-01-23 01:53:23 | 000,043,135 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\d29ac6b0283dd928943a52dea423de6c [2011-01-20 16:50:22 | 007,811,657 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\Mattie Stick - Start (MattieStick@gmail.com).mp3 [2011-01-19 14:53:30 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Launch Hitman Blood Money.lnk [2011-01-19 13:23:39 | 003,538,024 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\ele.mp3 [2011-01-17 17:31:11 | 000,057,826 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\C16761494_1.jpg [2011-01-17 17:31:07 | 000,075,952 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\C16761494_4.jpg [2011-01-17 17:31:05 | 000,044,488 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\C16761494_3.jpg [2011-01-14 17:47:59 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\Nowy Dokument programu Microsoft Word (2).doc [2011-01-11 12:16:55 | 000,045,981 | ---- | M] () -- C:\Documents and Settings\Maciej\Pulpit\18471a85a6dda422d1d78040a935b65d [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-06 12:36:39 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\HiJackThis.lnk [2011-02-05 17:02:42 | 000,031,884 | ---- | C] () -- C:\Documents and Settings\Maciej\Moje dokumenty\cc_20110205_170240.reg [2011-02-04 11:12:37 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia - Piaski Czasu.lnk [2011-02-01 16:55:10 | 000,003,298 | ---- | C] () -- C:\WINDOWS\System32\StyleVista.png [2011-02-01 16:55:10 | 000,003,137 | ---- | C] () -- C:\WINDOWS\System32\StyleVistaDown.png [2011-02-01 16:55:04 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Translate Client.lnk [2011-02-01 16:54:51 | 002,469,454 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\translateclient setup.exe [2011-01-30 13:46:30 | 000,069,292 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\C16784514_4.jpg [2011-01-30 13:46:00 | 000,062,556 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\C16784514_3.jpg [2011-01-23 02:05:48 | 000,035,604 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\cd74d5a293056d5e81a2865df61e1630 [2011-01-23 01:53:27 | 000,043,135 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\d29ac6b0283dd928943a52dea423de6c [2011-01-19 14:53:30 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Launch Hitman Blood Money.lnk [2011-01-19 14:51:46 | 001,538,984 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\Hitman Blood Money - spolszczenie v1.1.exe [2011-01-19 13:19:58 | 003,538,024 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\ele.mp3 [2011-01-19 12:11:07 | 061,957,914 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\rh40sr_pl_20090226.exe [2011-01-17 17:31:12 | 000,057,826 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\C16761494_1.jpg [2011-01-17 17:31:08 | 000,075,952 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\C16761494_4.jpg [2011-01-17 17:31:06 | 000,044,488 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\C16761494_3.jpg [2011-01-14 17:47:59 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\Nowy Dokument programu Microsoft Word (2).doc [2011-01-13 17:03:17 | 000,707,658 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\CitiesXL2011_V1_MrHackTV.EXE [2011-01-11 16:47:25 | 007,811,657 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\Mattie Stick - Start (MattieStick@gmail.com).mp3 [2011-01-11 12:16:56 | 000,045,981 | ---- | C] () -- C:\Documents and Settings\Maciej\Pulpit\18471a85a6dda422d1d78040a935b65d [2010-12-28 15:32:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll [2010-12-28 15:32:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcfcoin.dll [2010-12-28 15:32:12 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxcfinst.dll [2010-12-18 19:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\psnetwork.ini [2010-12-18 18:39:13 | 000,126,464 | RHS- | C] () -- C:\WINDOWS\System32\dfshimw.dll [2010-10-05 11:43:56 | 002,638,692 | -H-- | C] () -- C:\Documents and Settings\Maciej\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-10-05 11:10:03 | 000,062,629 | ---- | C] () -- C:\Documents and Settings\Maciej\Dane aplikacji\Maciej3SQLite3.dll [2010-10-02 20:21:10 | 000,297,757 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll [2010-05-18 15:29:55 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys [2010-04-28 09:56:59 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys [2010-03-15 18:11:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini [2010-03-15 18:11:26 | 000,000,184 | ---- | C] () -- C:\Program Files\neostrada [2010-03-15 16:39:28 | 000,005,112 | ---- | C] () -- C:\WINDOWS\GPCIDrv.sys [2010-03-15 16:39:09 | 000,017,962 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2010-02-26 14:46:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-02-18 12:04:44 | 000,032,918 | R--- | C] () -- C:\WINDOWS\System32\RdCi1065.dll [2010-01-17 21:21:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009-12-24 16:06:30 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini [2009-12-11 09:36:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009-11-10 11:52:53 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009-11-10 11:52:53 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009-11-10 11:52:53 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009-09-09 09:01:52 | 000,000,613 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini [2009-09-09 09:00:05 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2009-08-03 09:53:53 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVStrap.sys [2009-07-15 23:19:41 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll [2009-06-11 22:13:48 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-05-17 11:23:00 | 000,610,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-05-14 18:12:57 | 000,000,984 | ---- | C] () -- C:\WINDOWS\VPlayer.INI [2009-02-28 13:29:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-02-28 12:46:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll [2009-02-14 00:11:01 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2009-02-14 00:11:01 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2009-02-14 00:11:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2009-02-14 00:11:01 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2009-02-12 09:14:09 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Maciej\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-02-10 09:41:45 | 002,868,224 | ---- | C] () -- C:\WINDOWS\System32\PSP EasyVerb.dll [2009-02-10 09:38:26 | 008,396,800 | ---- | C] () -- C:\WINDOWS\System32\PSP 608 MultiDelay.dll [2009-02-10 09:22:31 | 012,550,144 | ---- | C] () -- C:\WINDOWS\CS-80V(10 voices).dll [2009-02-10 09:22:31 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll [2009-02-09 23:06:02 | 000,000,104 | ---- | C] () -- C:\WINDOWS\CTRec.INI [2009-02-09 22:58:07 | 000,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2009-02-09 22:57:57 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2009-02-09 22:57:48 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2009-02-09 22:57:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009-02-09 22:56:47 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2009-02-09 12:43:06 | 000,024,328 | ---- | C] () -- C:\Documents and Settings\Maciej\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-02-09 12:37:00 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Maciej\Dane aplikacji\desktop.ini [2009-02-09 12:33:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2009-02-09 12:29:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2009-02-09 12:29:51 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2009-02-09 12:29:12 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2009-02-09 12:29:11 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-02-08 13:23:31 | 001,126,300 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-02-08 13:23:30 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-02-08 13:22:53 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2008-10-28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006-01-08 14:53:24 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\hash2.dll [2005-12-11 06:59:11 | 000,000,245 | -H-- | C] () -- C:\Documents and Settings\Maciej\Dane aplikacji\Maciejlog.dat [2004-08-03 23:44:28 | 000,048,585 | ---- | C] () -- C:\WINDOWS\System32\AlertModulea.sys [2004-08-03 23:44:10 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2004-08-03 23:44:04 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2004-08-03 23:43:58 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2004-08-03 23:43:56 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2004-08-03 23:43:54 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2004-08-03 23:43:16 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2004-08-03 21:46:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2004-08-03 21:45:34 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2004-08-03 21:45:16 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2004-08-03 21:45:16 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2004-08-03 21:45:14 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2004-08-03 21:45:12 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2004-07-17 10:46:14 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2004-07-17 10:34:48 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001-10-26 18:29:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2001-10-26 18:29:32 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2001-10-26 18:28:34 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2001-10-26 18:27:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2001-10-26 17:15:04 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2001-10-26 17:14:52 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2001-10-26 17:14:32 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2001-10-26 17:12:52 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2001-10-26 16:45:26 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2001-10-26 16:45:26 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2001-10-26 16:45:24 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2001-10-26 16:42:08 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2001-10-26 16:42:08 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2001-10-26 16:42:08 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2001-10-26 16:42:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2001-08-17 22:31:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2001-08-17 22:31:56 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2001-08-17 22:31:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2001-08-17 22:31:46 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2001-08-17 22:31:46 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2001-08-17 22:31:44 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2001-08-17 22:13:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2001-08-17 20:55:06 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2001-07-22 03:25:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2001-07-21 23:16:20 | 000,000,606 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 23:15:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-21 23:15:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2001-03-20 15:22:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\IHC.dll [2001-02-25 14:27:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Cwdxpx1.dll [1995-08-24 05:55:56 | 000,015,360 | -H-- | C] () -- C:\WINDOWS\System32\SVPTE2.DRV [color=#E56717]========== LOP Check ==========[/color] [2010-10-13 02:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ableton [2010-10-05 11:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2009-02-10 09:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Cakewalk [2010-10-13 06:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2010-10-15 08:42:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DSS [2010-04-28 09:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\eLicenser [2010-04-22 09:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2009-05-14 18:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-10-09 18:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-08-08 21:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-02-06 10:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks [2009-02-26 08:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-06-01 15:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Spectrasonics [2010-04-28 09:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Syncrosoft [2009-03-01 13:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-05-22 10:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited [2011-01-24 12:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2010-10-18 09:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009-09-15 11:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010-10-13 02:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Ableton [2010-03-15 07:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\DAEMON Tools [2009-07-16 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\FLVPlayer4Free [2009-12-22 12:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\FMZilla [2009-02-09 21:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Gadu-Gadu [2011-01-16 23:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Gadu-Gadu 10 [2009-04-18 09:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\GHISLER [2010-06-02 07:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\ipla [2010-07-28 10:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\iZotope [2010-01-29 15:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Leadertech [2009-03-16 11:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Mount&Blade [2009-11-27 12:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Moyea [2009-12-19 11:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\MP3Rocket [2010-08-11 09:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Muxui [2009-09-14 12:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\My Games [2009-03-15 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Nokia [2010-07-29 19:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Ogzana [2009-12-24 15:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\OpenFM [2009-02-09 22:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Opera [2009-02-26 08:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\PC Suite [2009-10-12 14:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Pioneer [2010-09-12 09:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\PPStream [2009-10-02 15:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Thinstall [2011-02-06 13:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\translateclient [2011-02-05 16:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\uTorrent [2009-02-10 09:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciej\Dane aplikacji\Waves Audio [2011-02-06 14:04:08 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\obdrkgq.job [2011-02-06 13:57:32 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-02-06 14:14:59 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = F:\CHROME DOWN Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 3046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 0,37 Gb Free Space | 1,90% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 1,00 Gb Free Space | 2,56% Space Free | Partition Type: NTFS Drive E: | 34,18 Gb Total Space | 3,15 Gb Free Space | 9,21% Space Free | Partition Type: NTFS Drive F: | 140,10 Gb Total Space | 3,68 Gb Free Space | 2,63% Space Free | Partition Type: NTFS Computer Name: MACIEJ-FADAB975 | User Name: Maciej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- D:\Program Files\Opera\opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "d:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "d:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "d:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "25128:TCP" = 25128:TCP:*:Enabled:BitComet 25128 TCP "25128:UDP" = 25128:UDP:*:Enabled:BitComet 25128 UDP "10938:TCP" = 10938:TCP:*:Enabled:BitComet 10938 TCP "10938:UDP" = 10938:UDP:*:Enabled:BitComet 10938 UDP "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724 "10483:TCP" = 10483:TCP:*:Enabled:BitComet 10483 TCP "10483:UDP" = 10483:UDP:*:Enabled:BitComet 10483 UDP [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Temp\temporary2.exe" = C:\Program Files\Temp\temporary2.exe:*:Enabled:BearShare -- (MusicLab, LLC) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "F:\World of Warcraft\Launcher.exe" = F:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher "C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.) "C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks) "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks) "F:\BitComet\BitComet.exe" = F:\BitComet\BitComet.exe:*:Enabled:BitComet.exe "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe" = C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe:*:Enabled:Menu "F:\nwn2\nwn2main.exe" = F:\nwn2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main "F:\nwn2\nwn2main_amdxp.exe" = F:\nwn2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD "F:\nwn2\nwupdate.exe" = F:\nwn2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater "F:\nwn2\nwn2server.exe" = F:\nwn2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server "F:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe" = F:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader "F:\Program Files\World of Warcraft\Launcher.exe" = F:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "F:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = F:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "F:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = F:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader "F:\TDU\TestDriveUnlimited.exe" = F:\TDU\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Eksplorator Windows -- (Microsoft Corporation) "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application "c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe "F:\TDU 2\TestDrive2.dat" = F:\TDU 2\TestDrive2.dat:*:Enabled:Test Drive Unlimited 2 "F:\F1 2010\F1_2010_game.exe" = F:\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010 Executable "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\WINDOWS\system32\lxcfcoms.exe" = C:\WINDOWS\system32\lxcfcoms.exe:*:Enabled:730 Series Server -- ( ) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener "{0FAACC79-2004-42E1-83B1-F589D9324C97}_is1" = Google Chrome Password Recovery 1.0.1 "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{1BC4026B-1957-4514-9058-2B542557F143}" = Opera 9.63 "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe "{45790912-3E8E-4D7A-B39C-51866AF6BF84}" = Prince of Persia - Piaski Czasu "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0 "{66BA35B0-1911-47EF-B170-1DCFFDA362F1}" = AmpliTube Jimi Hendrix "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme "{80280415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional z programem FrontPage - Beta "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live! "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A95824AD-495D-43C3-B635-FD102D7CAA0D}" = SynthEdit "{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1.3 - Polish "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game "{DA22A6BB-10B5-4595-BD59-1AD4023C8536}" = Virtual Sound Canvas VST "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALLPlayer_is1" = ALLPlayer V3.X "ARP2600 V2_is1" = ARP2600 V2 2.0 "Arturia CS-80V v1.5" = Arturia CS-80V v1.5 "Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0 "Arturia Moog Modular V2 v1.0" = Arturia Moog Modular V2 v1.0 "ASAPI Update" = ASAPI Update "ASIO4ALL" = ASIO4ALL "AudioRealism Bass Line 2_is1" = ABL 2.1.0 "AudioRealism Bassline v1.504" = AudioRealism Bassline v1.504 "Audjoo Helix_is1" = Audjoo Helix 1.0 "AutocompletePro2_is1" = AutocompletePro "AutoConnect" = AutoConnect v0.1.3.1 "avast!" = avast! Antivirus "CCleaner" = CCleaner "Cuttermusic Revitar v2.0" = Cuttermusic Revitar v2.0 "DDD3_is1" = discoDSP Discovery R3.1 Demo "DigiDrum Classic" = DigiDrum Classic 1.0 "DigiDrum Pro" = DigiDrum Pro 1.03 "Digital Editions" = Adobe Digital Editions "discoDSP Discovery Pro VSTi_is1" = discoDSP Discovery Pro VSTi v1.0 Release 2 "eLicenser Control" = eLicenser Control "EN_-_Real_Madrid_FC Toolbar" = EN - Real Madrid FC Toolbar "FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.5.0.0 "Gadu-Gadu" = Gadu-Gadu 7.7 "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Chrome" = Google Chrome "Hardcore" = Hardcore "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "IL Download Manager" = IL Download Manager "IL Harmless" = IL Harmless "iZotope Ozone 4_is1" = iZotope Ozone 4 "iZotope pHATmatik PRO_is1" = iZotope pHATmatik PRO "KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Basic) "Korg Legacy Collection v1.1.9" = Korg Legacy Collection v1.1.9 "Lennar Digital Sylenth VSTi v1.2.1" = Lennar Digital Sylenth VSTi v1.2.1 "Lexmark 730 Series" = Lexmark 730 Series "Linplug SaxLab v1.0.2" = Linplug SaxLab v1.0.2 "Live 8.0.5" = Live 8.0.5 "LUXONIX Ravity(S) v1.4" = LUXONIX Ravity(S) v1.4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "MKV Player_is1" = MKV Player 2.0 "Moog Modular V_is1" = Moog Modular V v2.2 "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Native Instruments B4 v2.0.0.7" = Native Instruments B4 v2.0.0.7 "Native Instruments Beatport Sync" = Native Instruments Beatport Sync "Native Instruments Elektrik Piano 1.5" = Native Instruments Elektrik Piano 1.5 "Native Instruments Massive" = Native Instruments Massive "Native Instruments Pro-53" = Native Instruments Pro-53 "Native Instruments Reaktor 5" = Native Instruments Reaktor 5 "Native.Instruments.Pro.53.v3.02.004-DAC" = Native.Instruments.Pro.53.v3.02.004-DAC "Nero7Lite_is1" = Nero 7 Lite v7.5.9.0 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Ohmicide RTAS" = Ohm Force - Ohmicide RTAS "OpenAL" = OpenAL "Orb" = Winamp Remote "Pianoteq23" = Pianoteq v2.3.0 "PoiZone" = PoiZone "Predator_is1" = Rob Papen Predator V1.1.1 "PSP 608 MultiDelay 1.1.2" = PSP 608 MultiDelay 1.1.2 "PSP EasyVerb 1.5.2" = PSP EasyVerb 1.5.2 "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 1.9.0 Lite "reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0 "reFX quadraSID 1.6.0_is1" = reFX quadraSID 1.6.0 "reFX Vanguard_is1" = reFX Vanguard VSTi "rgcAudio Reverb_is1" = rgcAudio Reverb v1.0 "Rob Papen Albino 3" = Rob Papen Albino 3 "Rob Papen Blue VSTi v1.02" = Rob Papen Blue VSTi v1.02 "Sawer" = Sawer "SCARBEE Vintage Keyboard FX v1.2.1" = SCARBEE Vintage Keyboard FX v1.2.1 "ST6UNST #1" = MALDI MS Imaging Tool "Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b "SubEdit-Player_is1" = SubEdit-Player "Synapse Junglist VSTi v3.2" = Synapse Junglist VSTi v3.2 "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosoft's License Control "SystemRequirementsLab" = System Requirements Lab "Tone2 Firebird VSTi v1.2.1" = Tone2 Firebird VSTi v1.2.1 "Toxic Biohazard" = Toxic Biohazard "Translate Client" = Client for Google Translate "Tunatic" = Tunatic "uTorrent" = µTorrent "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "V-Station" = V-Station "WACKI" = WACKI Uninstall "Waldorf Largo" = Waldorf Largo "Waves SSL Collection v1.2" = Waves SSL Collection v1.2 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "z3ta+_x86_is1" = rgc:audio z3ta+ 1.5 "ZeroVector DEMO_is1" = ZeroVector 1.0 DEMO [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Save 100%" = Save 100% [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 2011-02-05 09:54:22 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. Error - 2011-02-05 10:10:18 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. Error - 2011-02-05 12:01:08 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. Error - 2011-02-05 12:20:14 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. Error - 2011-02-05 21:10:46 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. Error - 2011-02-06 06:58:51 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. Error - 2011-02-06 08:34:17 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. Error - 2011-02-06 08:50:35 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. Error - 2011-02-06 08:52:41 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. Error - 2011-02-06 08:57:32 | Computer Name = MACIEJ-FADAB975 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\dfshimw.dll failed, 00000005. [ Application Events ] Error - 2011-02-05 21:12:22 | Computer Name = MACIEJ-FADAB975 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.5512, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x001a61ae. Error - 2011-02-06 07:00:29 | Computer Name = MACIEJ-FADAB975 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.5512, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x001a61ae. Error - 2011-02-06 08:36:10 | Computer Name = MACIEJ-FADAB975 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.5512, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x001a61ae. Error - 2011-02-06 08:51:24 | Computer Name = MACIEJ-FADAB975 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.5512, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x001a61ae. Error - 2011-02-06 08:54:25 | Computer Name = MACIEJ-FADAB975 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.5512, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x001a61ae. Error - 2011-02-06 08:55:42 | Computer Name = MACIEJ-FADAB975 | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: A connection with the server could not be established Error - 2011-02-06 08:55:44 | Computer Name = MACIEJ-FADAB975 | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje. Error - 2011-02-06 08:56:17 | Computer Name = MACIEJ-FADAB975 | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: A connection with the server could not be established Error - 2011-02-06 08:56:17 | Computer Name = MACIEJ-FADAB975 | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje. Error - 2011-02-06 08:58:59 | Computer Name = MACIEJ-FADAB975 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.5512, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x001a61ae. [ System Events ] Error - 2011-02-06 08:53:02 | Computer Name = MACIEJ-FADAB975 | Source = Ftdisk | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2011-02-06 08:54:20 | Computer Name = MACIEJ-FADAB975 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: %%2 Error - 2011-02-06 08:54:20 | Computer Name = MACIEJ-FADAB975 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego błędu: %%2 Error - 2011-02-06 08:57:38 | Computer Name = MACIEJ-FADAB975 | Source = Ftdisk | ID = 262189 Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego. Error - 2011-02-06 08:57:38 | Computer Name = MACIEJ-FADAB975 | Source = Ftdisk | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2011-02-06 08:58:54 | Computer Name = MACIEJ-FADAB975 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: %%2 Error - 2011-02-06 08:58:54 | Computer Name = MACIEJ-FADAB975 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego błędu: %%2 Error - 2011-02-06 08:58:54 | Computer Name = MACIEJ-FADAB975 | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą HTTP SSL. Error - 2011-02-06 08:58:54 | Computer Name = MACIEJ-FADAB975 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi HTTP SSL z powodu następującego błędu: %%1053 Error - 2011-02-06 09:03:25 | Computer Name = MACIEJ-FADAB975 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort2 nie odpowiedziało w ramach ustalonego limitu czasu. < End of report >

**Posty:** 18165 · przez **wojtas** 06 Lut 2011, 15:35

wykonaj skan:Kaspersky TDSSKiller, jeśli coś znajdzie dajesz Cure. po tym dajesz 3 nowe logi + raport z TDSSKiller'a