Witam
Dzisiaj rano brat nie mógł zalogować się na e-mail i do konta Steam.
Jak to jest z tym syfem wykradającym hasła. Jeżeli przywróciłem obraz partycji systemowej przez Norton Ghosta to pozbyłem się tego badziewia czy nie?? Obraz był robiony zaraz po formacie i instalacji najpotrzebniejszych programów.
Mam 2 partycje C i D. C to systemowa a co z D. Wirusy zagnieżdżają się tylko na partycji systemowej czy na innych też ??
Kradzież konta e-mail i konta steam.
-
Vi-rus
- Posty: 72
- Rejestracja: 12 cze 2011, 18:03
Kradzież konta e-mail i konta steam.
:: Athlon XP 3000+ :: ASRock K7NF2-RAID :: 2GB RAM DC 400 MHz :: GeForce 7600GT :: SAMSUNG ATA 80GB :: DELTA DPS-350PB-2C ::
-
kominekl
- Posty: 5855
- Rejestracja: 27 lis 2011, 14:25
- Kontaktowanie:
Kradzież konta e-mail i konta steam.
Wirusy zagnieżdżają się tylko na partycji systemowej czy na innych też ??
Na wszystkich, ale głównie systemowej.
Jeżeli przywróciłem obraz partycji systemowej przez Norton Ghosta to pozbyłem się tego badziewia czy nie??
Raczej tak.
Reasumacja.
Podaj logi z OTL -> http://hotfix.pl/articles.php?article_id=143 i TDSSKiller -> http://www.hotfix.pl/instrukcja-obslugi ... r-a341.htm.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
-
Vi-rus
- Posty: 72
- Rejestracja: 12 cze 2011, 18:03
Kradzież konta e-mail i konta steam.
OTL.Txt:
Extras.Txt:
TDSSKiller:
Kod: Zaznacz cały
OTL logfile created on: 2012-07-16 15:09:16 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Instalki\Programy
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1023,23 Mb Total Physical Memory | 530,57 Mb Available Physical Memory | 51,85% Memory free
2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,63 Gb Total Space | 11,16 Gb Free Space | 71,42% Space Free | Partition Type: NTFS
Drive D: | 58,93 Gb Total Space | 41,41 Gb Free Space | 70,28% Space Free | Partition Type: NTFS
Computer Name: VI-E94BCCA6EAB3 | User Name: Vi-rus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012-07-16 14:59:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Instalki\Programy\OTL.exe
PRC - [2012-06-15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-04-17 12:04:03 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- D:\Programy\Gadu-Gadu 7.7\gg.exe
PRC - [2012-04-17 08:52:38 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2012-04-17 08:52:38 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012-03-07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-06-11 05:15:18 | 000,083,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012-06-15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-04-17 08:52:38 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
MOD - [2012-04-17 08:52:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2012-04-04 07:54:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
MOD - [2008-03-20 11:17:48 | 000,106,496 | ---- | M] () -- D:\Programy\Gadu-Gadu 7.7\libiax2.dll
MOD - [2008-03-20 11:17:44 | 000,061,440 | ---- | M] () -- D:\Programy\Gadu-Gadu 7.7\libjb.dll
MOD - [2007-10-25 13:51:16 | 000,198,656 | ---- | M] () -- D:\Programy\Gadu-Gadu 7.7\libcurl.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2012-07-16 11:10:04 | 000,161,776 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- D:\Programy\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-04-17 08:52:38 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2012-03-20 13:49:22 | 001,118,648 | ---- | M] (PC Tools) [Disabled | Stopped] -- D:\Programy\Spyware Doctor\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012-03-20 11:11:50 | 000,402,336 | ---- | M] (PC Tools) [Disabled | Stopped] -- D:\Programy\Spyware Doctor\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2012-02-29 03:19:20 | 001,351,944 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- D:\Programy\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2012-02-29 03:19:12 | 002,117,896 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2012-02-21 14:34:04 | 001,529,152 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- D:\Programy\TuneUp Utilities\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Disabled | Stopped] -- D:\Programy\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2002-08-14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- D:\Programy\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-04-17 08:52:38 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SnopFree.sys -- (SnoopFree)
DRV - [2012-03-20 13:50:12 | 000,203,088 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012-03-16 12:15:40 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012-03-14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012-03-14 08:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012-03-14 08:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012-03-14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012-03-14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012-02-28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2012-02-28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2012-02-28 11:26:42 | 000,067,728 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV - [2012-02-09 13:16:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- D:\Programy\TuneUp Utilities\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012-01-17 17:12:30 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010-09-01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-06-03 04:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004-05-17 08:00:54 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004-05-17 08:00:52 | 000,033,280 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004-04-02 09:40:00 | 000,021,760 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2002-08-14 15:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Programy\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002-08-14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-1417001333-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programy\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-16 11:06:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-16 14:27:32 | 000,000,000 | ---D | M]
[2012-04-17 08:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vi-rus\Dane aplikacji\Mozilla\Extensions
[2012-07-16 11:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vi-rus\Dane aplikacji\Mozilla\Firefox\Profiles\eo6n1fp7.default\extensions
[2012-07-16 11:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-16 11:10:32 | 000,743,290 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\VI-RUS\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\EO6N1FP7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012-06-15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-06-15 01:13:23 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-06-15 01:13:23 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-06-15 01:13:23 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-06-15 01:13:23 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-06-15 01:13:23 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-06-15 01:13:23 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKU\S-1-5-21-1409082233-1417001333-1801674531-1003..\Run: [Gadu-Gadu] D:\Programy\Gadu-Gadu 7.7\gg.exe (Gadu-Gadu S.A.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Programy\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Vi-rus\Dane aplikacji\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6F2363C-523C-42BE-BB9F-4010E5591236}: NameServer = 109.197.168.3,109.197.168.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Vi-rus\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vi-rus\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-04-16 22:18:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b2b8992d-880e-11e1-86cc-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b2b8992d-880e-11e1-86cc-806d6172696f}\Shell\AutoRun\command - "" = E:\Bin\assetup.exe
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012-07-16 14:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ESET
[2012-07-16 14:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2012-07-16 11:20:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vi-rus\Recent
[2012-07-16 11:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vi-rus\Ustawienia lokalne\Dane aplikacji\Secunia PSI
[2012-07-16 11:10:17 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-07-16 11:10:17 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012-07-16 11:10:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-07-16 11:10:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-07-16 11:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Sun
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012-07-16 14:34:18 | 000,182,192 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012-07-16 14:34:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012-07-16 14:34:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-16 14:33:31 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Vi-rus\NTUSER.DAT
[2012-07-16 14:33:31 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Vi-rus\ntuser.ini
[2012-07-16 14:27:38 | 000,460,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012-07-16 11:29:44 | 007,447,302 | -H-- | M] () -- C:\Documents and Settings\Vi-rus\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2012-07-16 11:15:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-07-16 11:15:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-07-16 11:10:04 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-07-16 11:10:04 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-07-16 11:10:04 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-07-16 11:10:04 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-07-16 11:10:04 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012-07-16 11:10:03 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012-07-16 11:06:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2012-07-16 10:59:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012-04-17 13:08:04 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012-04-17 11:58:54 | 000,042,944 | ---- | C] () -- C:\Documents and Settings\Vi-rus\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2012-04-17 10:27:39 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-04-17 10:24:15 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012-04-17 08:52:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
[2012-04-17 08:52:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2012-04-17 08:52:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2012-04-17 08:33:41 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2012-04-17 08:33:41 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2012-04-17 08:33:34 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2012-04-17 08:33:33 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2012-04-17 08:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2012-04-17 08:33:28 | 000,136,302 | R--- | C] () -- C:\WINDOWS\Cmuda.ini
[2012-04-17 08:33:24 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2012-04-17 08:33:24 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2012-04-17 08:33:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2012-04-17 08:29:04 | 000,244,224 | R--- | C] () -- C:\WINDOWS\System32\NvRaidMan.exe
[2012-04-17 08:27:20 | 000,002,319 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012-04-17 08:27:18 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012-04-17 00:08:34 | 000,995,622 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2012-04-17 00:08:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-04-17 00:05:42 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-04-16 22:24:09 | 007,447,302 | -H-- | C] () -- C:\Documents and Settings\Vi-rus\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2012-04-16 22:23:19 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Vi-rus\ntuser.ini
[2012-04-16 22:23:18 | 002,359,296 | -H-- | C] () -- C:\Documents and Settings\Vi-rus\NTUSER.DAT
[2012-04-16 22:21:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-04-16 22:18:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2012-04-16 22:17:36 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2012-04-16 22:17:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2012-04-16 22:15:24 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012-04-16 22:15:14 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2012-04-16 22:15:14 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2012-04-16 22:14:31 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2012-04-16 22:14:30 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[color=#E56717]========== LOP Check ==========[/color]
[2012-07-16 14:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2012-04-17 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-07-16 14:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2012-04-17 10:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-04-17 10:01:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012-04-17 11:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi-rus\Dane aplikacji\DVDVideoSoft
[2012-04-17 09:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi-rus\Dane aplikacji\DVDVideoSoftIEHelpers
[2012-04-17 15:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi-rus\Dane aplikacji\ESET
[2012-04-17 09:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi-rus\Dane aplikacji\Gadu-Gadu
[2012-04-17 19:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi-rus\Dane aplikacji\Gadu-Gadu 10
[2012-04-17 10:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi-rus\Dane aplikacji\TestApp
[2012-04-17 10:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi-rus\Dane aplikacji\TuneUp Software
[2012-04-17 09:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi-rus\Dane aplikacji\WinPatrol
[2012-04-17 12:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi-rus\Dane aplikacji\XnView
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5C321E34
< End of report >
Extras.Txt:
Kod: Zaznacz cały
OTL Extras logfile created on: 2012-07-16 15:09:16 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Instalki\Programy
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1023,23 Mb Total Physical Memory | 530,57 Mb Available Physical Memory | 51,85% Memory free
2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,63 Gb Total Space | 11,16 Gb Free Space | 71,42% Space Free | Partition Type: NTFS
Drive D: | 58,93 Gb Total Space | 41,41 Gb Free Space | 70,28% Space Free | Partition Type: NTFS
Computer Name: VI-E94BCCA6EAB3 | User Name: Vi-rus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Programy\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programy\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Przeglądaj w XnView] -- "D:\Programy\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Gry\Steam\Steam.exe" = D:\Gry\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Polish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{ED3A19B5-716E-4069-8168-2BDE5E7F91BA}" = ESET Smart Security
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F161A0DD-AAA9-4938-A741-ED491F77D034}" = TuneUp Utilities Language Pack (pl-PL)
"{FD310764-B3E5-430F-980E-D6C0016B2660}" = PerfectDisk 12.5 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.19.412
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.0 (Full)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 pl)" = Mozilla Firefox 13.0.1 (x86 pl)
"NVIDIA Drivers" = NVIDIA Drivers
"Odkurzacz 12.6_is1" = Odkurzacz 12.6
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Registry Shower 2007_is1" = Registry Shower 2007 2.70 PC Format
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR 4.11 (32-bitowy)
"XnView_is1" = XnView 1.98.8
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2012-07-16 05:23:56 | Computer Name = VI-E94BCCA6EAB3 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-07-16 05:28:16 | Computer Name = VI-E94BCCA6EAB3 | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 80070422 z w wierszu 44 z f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą
Error - 2012-07-16 05:28:16 | Computer Name = VI-E94BCCA6EAB3 | Source = VSS | ID = 8193
Description = Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas
wywoływania procedury CoCreateInstance. hr = 0x80040206.
Error - 2012-07-16 05:28:32 | Computer Name = VI-E94BCCA6EAB3 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-07-16 05:30:32 | Computer Name = VI-E94BCCA6EAB3 | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 80070422 z w wierszu 44 z f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą
Error - 2012-07-16 05:30:32 | Computer Name = VI-E94BCCA6EAB3 | Source = VSS | ID = 8193
Description = Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas
wywoływania procedury CoCreateInstance. hr = 0x80040206.
Error - 2012-07-16 08:28:59 | Computer Name = VI-E94BCCA6EAB3 | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 80070422 z w wierszu 44 z f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą
Error - 2012-07-16 08:28:59 | Computer Name = VI-E94BCCA6EAB3 | Source = VSS | ID = 8193
Description = Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas
wywoływania procedury CoCreateInstance. hr = 0x80040206.
Error - 2012-07-16 08:34:16 | Computer Name = VI-E94BCCA6EAB3 | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 80070422 z w wierszu 44 z f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą
Error - 2012-07-16 08:34:16 | Computer Name = VI-E94BCCA6EAB3 | Source = VSS | ID = 8193
Description = Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas
wywoływania procedury CoCreateInstance. hr = 0x80040206.
[ System Events ]
Error - 2012-07-16 05:30:32 | Computer Name = VI-E94BCCA6EAB3 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2012-07-16 05:30:44 | Computer Name = VI-E94BCCA6EAB3 | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: atapi PCIIde
Error - 2012-07-16 05:30:50 | Computer Name = VI-E94BCCA6EAB3 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2012-07-16 08:28:11 | Computer Name = VI-E94BCCA6EAB3 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2012-07-16 08:28:59 | Computer Name = VI-E94BCCA6EAB3 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2012-07-16 08:29:13 | Computer Name = VI-E94BCCA6EAB3 | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: atapi PCIIde
Error - 2012-07-16 08:29:18 | Computer Name = VI-E94BCCA6EAB3 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2012-07-16 08:33:28 | Computer Name = VI-E94BCCA6EAB3 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2012-07-16 08:34:16 | Computer Name = VI-E94BCCA6EAB3 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2012-07-16 08:34:29 | Computer Name = VI-E94BCCA6EAB3 | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: atapi PCIIde
< End of report >
TDSSKiller:
Kod: Zaznacz cały
15:18:48.0687 0892 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:18:48.0859 0892 ============================================================
15:18:48.0859 0892 Current date / time: 2012/07/16 15:18:48.0859
15:18:48.0859 0892 SystemInfo:
15:18:48.0859 0892
15:18:48.0859 0892 OS Version: 5.1.2600 ServicePack: 3.0
15:18:48.0859 0892 Product type: Workstation
15:18:48.0859 0892 ComputerName: VI-E94BCCA6EAB3
15:18:48.0859 0892 UserName: Vi-rus
15:18:48.0859 0892 Windows directory: C:\WINDOWS
15:18:48.0859 0892 System windows directory: C:\WINDOWS
15:18:48.0859 0892 Processor architecture: Intel x86
15:18:48.0859 0892 Number of processors: 1
15:18:48.0859 0892 Page size: 0x1000
15:18:48.0859 0892 Boot type: Normal boot
15:18:48.0859 0892 ============================================================
15:18:49.0406 0892 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:18:49.0406 0892 ============================================================
15:18:49.0406 0892 \Device\Harddisk0\DR0:
15:18:49.0406 0892 MBR partitions:
15:18:49.0406 0892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1F411B9
15:18:49.0421 0892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F41237, BlocksNum 0x75DCD8E
15:18:49.0421 0892 ============================================================
15:18:49.0437 0892 C: <-> \Device\Harddisk0\DR0\Partition0
15:18:49.0468 0892 D: <-> \Device\Harddisk0\DR0\Partition1
15:18:49.0468 0892 ============================================================
15:18:49.0468 0892 Initialize success
15:18:49.0468 0892 ============================================================
15:19:31.0843 0740 ============================================================
15:19:31.0843 0740 Scan started
15:19:31.0843 0740 Mode: Manual;
15:19:31.0843 0740 ============================================================
15:19:32.0031 0740 Abiosdsk - ok
15:19:32.0046 0740 abp480n5 - ok
15:19:32.0078 0740 ACPI (05118282f5d039595a2b92b4a4afe197) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:19:32.0093 0740 ACPI - ok
15:19:32.0125 0740 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:19:32.0125 0740 ACPIEC - ok
15:19:32.0140 0740 adpu160m - ok
15:19:32.0171 0740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:19:32.0187 0740 aec - ok
15:19:32.0218 0740 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
15:19:32.0218 0740 AFD - ok
15:19:32.0234 0740 Aha154x - ok
15:19:32.0250 0740 aic78u2 - ok
15:19:32.0250 0740 aic78xx - ok
15:19:32.0281 0740 Alerter (27af056d8c42f0ab3cf1dfdcbbeb3243) C:\WINDOWS\system32\alrsvc.dll
15:19:32.0281 0740 Alerter - ok
15:19:32.0296 0740 ALG (d1738dddff196c5cee6d867c136af745) C:\WINDOWS\System32\alg.exe
15:19:32.0296 0740 ALG - ok
15:19:32.0312 0740 AliIde - ok
15:19:32.0328 0740 AmdK7 (6f41705041a671feb1fc8cfbadbb90ca) C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:19:32.0328 0740 AmdK7 - ok
15:19:32.0343 0740 amsint - ok
15:19:32.0375 0740 AppMgmt (1561430da2f2ab81cc0ce71af95a778d) C:\WINDOWS\System32\appmgmts.dll
15:19:32.0375 0740 AppMgmt - ok
15:19:32.0390 0740 asc - ok
15:19:32.0406 0740 asc3350p - ok
15:19:32.0406 0740 asc3550 - ok
15:19:32.0453 0740 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
15:19:32.0453 0740 Aspi32 - ok
15:19:32.0500 0740 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:19:32.0515 0740 aspnet_state - ok
15:19:32.0546 0740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:19:32.0546 0740 AsyncMac - ok
15:19:32.0578 0740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:19:32.0578 0740 atapi - ok
15:19:32.0593 0740 Atdisk - ok
15:19:32.0625 0740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:19:32.0625 0740 Atmarpc - ok
15:19:32.0640 0740 AudioSrv (3a28d3e7bad0eed3810cd918b2525b54) C:\WINDOWS\System32\audiosrv.dll
15:19:32.0656 0740 AudioSrv - ok
15:19:32.0671 0740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:19:32.0671 0740 audstub - ok
15:19:32.0703 0740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:19:32.0718 0740 Beep - ok
15:19:32.0765 0740 BITS (78200faa6fd9c69394134c238c87fb7f) C:\WINDOWS\system32\qmgr.dll
15:19:32.0781 0740 BITS - ok
15:19:32.0812 0740 Browser (b98ed6d85339a66a73f32fb569eb6c01) C:\WINDOWS\System32\browser.dll
15:19:32.0828 0740 Browser - ok
15:19:32.0859 0740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:19:32.0859 0740 cbidf2k - ok
15:19:32.0875 0740 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:19:32.0875 0740 CCDECODE - ok
15:19:32.0890 0740 cd20xrnt - ok
15:19:32.0921 0740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:19:32.0921 0740 Cdaudio - ok
15:19:32.0953 0740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:19:32.0953 0740 Cdfs - ok
15:19:32.0984 0740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:19:32.0984 0740 Cdrom - ok
15:19:33.0000 0740 Changer - ok
15:19:33.0015 0740 CiSvc (45b63df2fb498d219fcbb4425cade676) C:\WINDOWS\system32\cisvc.exe
15:19:33.0015 0740 CiSvc - ok
15:19:33.0031 0740 ClipSrv (c94f1b6f61858d6389c0fa06954fb9c4) C:\WINDOWS\system32\clipsrv.exe
15:19:33.0031 0740 ClipSrv - ok
15:19:33.0062 0740 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:33.0078 0740 clr_optimization_v2.0.50727_32 - ok
15:19:33.0078 0740 CmdIde - ok
15:19:33.0156 0740 cmuda (924ab66e831e9cf3e20dbc6b63103516) C:\WINDOWS\system32\drivers\cmuda.sys
15:19:33.0171 0740 cmuda - ok
15:19:33.0187 0740 COMSysApp - ok
15:19:33.0203 0740 Cpqarray - ok
15:19:33.0234 0740 CryptSvc (6b105fe95f2e9f0b6346044ba59d41c9) C:\WINDOWS\System32\cryptsvc.dll
15:19:33.0234 0740 CryptSvc - ok
15:19:33.0250 0740 dac2w2k - ok
15:19:33.0250 0740 dac960nt - ok
15:19:33.0312 0740 DcomLaunch (02396dab9dd407b06539981f477f3fec) C:\WINDOWS\system32\rpcss.dll
15:19:33.0328 0740 DcomLaunch - ok
15:19:33.0359 0740 DefragFS (f33959a8e4a8b689e2194f9531528994) C:\WINDOWS\system32\drivers\DefragFS.sys
15:19:33.0375 0740 DefragFS - ok
15:19:33.0390 0740 Dhcp (6b4afe7c676cff3eff2dc06a4ee945f7) C:\WINDOWS\System32\dhcpcsvc.dll
15:19:33.0390 0740 Dhcp - ok
15:19:33.0437 0740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:19:33.0437 0740 Disk - ok
15:19:33.0437 0740 dmadmin - ok
15:19:33.0515 0740 dmboot (bc9219abc5696942e6f9ac8a9b28670f) C:\WINDOWS\system32\drivers\dmboot.sys
15:19:33.0531 0740 dmboot - ok
15:19:33.0562 0740 dmio (5fa232e3ba6e1346f9f5a7e519320cb0) C:\WINDOWS\system32\drivers\dmio.sys
15:19:33.0562 0740 dmio - ok
15:19:33.0593 0740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:19:33.0593 0740 dmload - ok
15:19:33.0625 0740 dmserver (d858920a05076914d34b0388e8d96cc0) C:\WINDOWS\System32\dmserver.dll
15:19:33.0625 0740 dmserver - ok
15:19:33.0656 0740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:19:33.0656 0740 DMusic - ok
15:19:33.0687 0740 Dnscache (4f7e82841ed3cf026bd8d5ce7c7379db) C:\WINDOWS\System32\dnsrslvr.dll
15:19:33.0687 0740 Dnscache - ok
15:19:33.0718 0740 Dot3svc (e0b7d66cf29d9adccf873c77821cd4ca) C:\WINDOWS\System32\dot3svc.dll
15:19:33.0718 0740 Dot3svc - ok
15:19:33.0734 0740 dpti2o - ok
15:19:33.0750 0740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:19:33.0750 0740 drmkaud - ok
15:19:33.0781 0740 eamon (8c2b6bbc82ad12cd9a2e73e5dcbba705) C:\WINDOWS\system32\DRIVERS\eamon.sys
15:19:33.0796 0740 eamon - ok
15:19:33.0828 0740 EapHost (5f256c1ad50fefdc442cd5aab58c7dd8) C:\WINDOWS\System32\eapsvc.dll
15:19:33.0828 0740 EapHost - ok
15:19:33.0859 0740 ehdrv (5412ed24fffca64e2f0168399b86c952) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
15:19:33.0875 0740 ehdrv - ok
15:19:33.0984 0740 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
15:19:34.0046 0740 ekrn - ok
15:19:34.0078 0740 epfw (774babcb1144513dc86992003740b774) C:\WINDOWS\system32\DRIVERS\epfw.sys
15:19:34.0078 0740 epfw - ok
15:19:34.0109 0740 Epfwndis (4b86da2c58063b647577cd669cffaeeb) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
15:19:34.0109 0740 Epfwndis - ok
15:19:34.0125 0740 epfwtdi (1b36748ea9e25549ebe5d8ea105bd981) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
15:19:34.0125 0740 epfwtdi - ok
15:19:34.0156 0740 ERSvc (ed1b71382c31fd2cf3cdc4672efad6ea) C:\WINDOWS\System32\ersvc.dll
15:19:34.0171 0740 ERSvc - ok
15:19:34.0203 0740 Eventlog (3e3ae424e27c4cefe4cab368c7b570ea) C:\WINDOWS\system32\services.exe
15:19:34.0203 0740 Eventlog - ok
15:19:34.0234 0740 EventSystem (be1b1412a3d488c50b8f67f792196108) C:\WINDOWS\system32\es.dll
15:19:34.0250 0740 EventSystem - ok
15:19:34.0281 0740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:19:34.0281 0740 Fastfat - ok
15:19:34.0312 0740 FastUserSwitchingCompatibility (8ad90ed829b8404d962545ed3efb1129) C:\WINDOWS\System32\shsvcs.dll
15:19:34.0312 0740 FastUserSwitchingCompatibility - ok
15:19:34.0328 0740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:19:34.0328 0740 Fdc - ok
15:19:34.0359 0740 Fips (09e2a4d33f81a06a8aab2ba0a0b5d235) C:\WINDOWS\system32\drivers\Fips.sys
15:19:34.0359 0740 Fips - ok
15:19:34.0390 0740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:19:34.0390 0740 Flpydisk - ok
15:19:34.0421 0740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:19:34.0421 0740 FltMgr - ok
15:19:34.0453 0740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:19:34.0453 0740 Fs_Rec - ok
15:19:34.0484 0740 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:19:34.0484 0740 Ftdisk - ok
15:19:34.0500 0740 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:19:34.0500 0740 gameenum - ok
15:19:34.0593 0740 GhostStartService (bc9c77fac763d84bfdf09b55d4b41afa) D:\Programy\Norton Ghost 2003\GhostStartService.exe
15:19:34.0593 0740 GhostStartService - ok
15:19:34.0625 0740 GhPciScan (4d0e1ddfc571285a0bbabb0a534f4d3d) D:\Programy\Norton Ghost 2003\ghpciscan.sys
15:19:34.0625 0740 GhPciScan - ok
15:19:34.0656 0740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:19:34.0656 0740 Gpc - ok
15:19:34.0703 0740 helpsvc (af752014f7eb61542e3f35b9374d7e76) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:19:34.0703 0740 helpsvc - ok
15:19:34.0750 0740 hkmsvc (f0273916da6fb64cc88e0bd77619554f) C:\WINDOWS\System32\kmsvc.dll
15:19:34.0750 0740 hkmsvc - ok
15:19:34.0765 0740 hpn - ok
15:19:34.0796 0740 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
15:19:34.0812 0740 HTTP - ok
15:19:34.0843 0740 HTTPFilter (aa268079ac119f3a596e5e27aee4bd17) C:\WINDOWS\System32\w3ssl.dll
15:19:34.0843 0740 HTTPFilter - ok
15:19:34.0859 0740 i2omgmt - ok
15:19:34.0859 0740 i2omp - ok
15:19:34.0906 0740 i8042prt (177b372af55c4460d0968b5f1d02aa1c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:19:34.0906 0740 i8042prt - ok
15:19:34.0953 0740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:19:34.0953 0740 Imapi - ok
15:19:34.0984 0740 ImapiService (9125af650608a921f98a789e5c5ba864) C:\WINDOWS\system32\imapi.exe
15:19:34.0984 0740 ImapiService - ok
15:19:35.0000 0740 ini910u - ok
15:19:35.0015 0740 IntelIde - ok
15:19:35.0046 0740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:19:35.0046 0740 Ip6Fw - ok
15:19:35.0078 0740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:19:35.0078 0740 IpFilterDriver - ok
15:19:35.0093 0740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:19:35.0093 0740 IpInIp - ok
15:19:35.0125 0740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:19:35.0140 0740 IpNat - ok
15:19:35.0156 0740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:19:35.0156 0740 IPSec - ok
15:19:35.0187 0740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:19:35.0187 0740 IRENUM - ok
15:19:35.0203 0740 isapnp (c8eef2e93835b81bd335de2123121283) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:19:35.0203 0740 isapnp - ok
15:19:35.0281 0740 JavaQuickStarterService (a456937acc87bb40d7e2331f1e3a2ac5) C:\Program Files\Java\jre7\bin\jqs.exe
15:19:35.0296 0740 JavaQuickStarterService - ok
15:19:35.0328 0740 Kbdclass (2aeca45d4aeaacbdcb77ad11184e4601) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:19:35.0328 0740 Kbdclass - ok
15:19:35.0359 0740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:19:35.0390 0740 kmixer - ok
15:19:35.0421 0740 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
15:19:35.0421 0740 KSecDD - ok
15:19:35.0453 0740 LanmanServer (427f50a24aa35597a9a5e8fbf029590f) C:\WINDOWS\System32\srvsvc.dll
15:19:35.0468 0740 LanmanServer - ok
15:19:35.0484 0740 lanmanworkstation (92c7c0c7f4248f1b9f6872bab9053523) C:\WINDOWS\System32\wkssvc.dll
15:19:35.0500 0740 lanmanworkstation - ok
15:19:35.0500 0740 lbrtfdc - ok
15:19:35.0531 0740 LmHosts (437aa83d68f9fac234ca68dbd40db705) C:\WINDOWS\System32\lmhsvc.dll
15:19:35.0531 0740 LmHosts - ok
15:19:35.0562 0740 Messenger (36f3ab18b1be303da51de90a67de3942) C:\WINDOWS\System32\msgsvc.dll
15:19:35.0562 0740 Messenger - ok
15:19:35.0593 0740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:19:35.0593 0740 mnmdd - ok
15:19:35.0625 0740 mnmsrvc (845814a8cb9d704d030f076e1bce83f3) C:\WINDOWS\system32\mnmsrvc.exe
15:19:35.0625 0740 mnmsrvc - ok
15:19:35.0656 0740 Modem (4a068db7dc37d5afedb6512d2931d7b3) C:\WINDOWS\system32\drivers\Modem.sys
15:19:35.0656 0740 Modem - ok
15:19:35.0671 0740 Mouclass (fbed3df6b884f8cf00447b73507f2c48) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:19:35.0671 0740 Mouclass - ok
15:19:35.0687 0740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:19:35.0703 0740 MountMgr - ok
15:19:35.0703 0740 mraid35x - ok
15:19:35.0734 0740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:19:35.0734 0740 MRxDAV - ok
15:19:35.0781 0740 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:19:35.0796 0740 MRxSmb - ok
15:19:35.0828 0740 MSDTC (a54c5eecc7d3424824410bae0aa6c371) C:\WINDOWS\system32\msdtc.exe
15:19:35.0828 0740 MSDTC - ok
15:19:35.0843 0740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:19:35.0843 0740 Msfs - ok
15:19:35.0859 0740 MSIServer - ok
15:19:35.0875 0740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:19:35.0875 0740 MSKSSRV - ok
15:19:35.0906 0740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:19:35.0906 0740 MSPCLOCK - ok
15:19:35.0906 0740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:19:35.0921 0740 MSPQM - ok
15:19:35.0937 0740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:19:35.0937 0740 mssmbios - ok
15:19:35.0953 0740 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:19:35.0968 0740 MSTEE - ok
15:19:35.0984 0740 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:19:36.0000 0740 Mup - ok
15:19:36.0015 0740 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:19:36.0031 0740 NABTSFEC - ok
15:19:36.0078 0740 napagent (14cb8528e17d1221c50fc8ca88b1795f) C:\WINDOWS\System32\qagentrt.dll
15:19:36.0078 0740 napagent - ok
15:19:36.0109 0740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:19:36.0125 0740 NDIS - ok
15:19:36.0156 0740 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:19:36.0156 0740 NdisIP - ok
15:19:36.0187 0740 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:19:36.0187 0740 NdisTapi - ok
15:19:36.0218 0740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:19:36.0218 0740 Ndisuio - ok
15:19:36.0234 0740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:19:36.0250 0740 NdisWan - ok
15:19:36.0265 0740 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:19:36.0265 0740 NDProxy - ok
15:19:36.0281 0740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:19:36.0281 0740 NetBIOS - ok
15:19:36.0312 0740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:19:36.0312 0740 NetBT - ok
15:19:36.0359 0740 NetDDE (cbb409b314309fcffce5e682e91338c6) C:\WINDOWS\system32\netdde.exe
15:19:36.0359 0740 NetDDE - ok
15:19:36.0375 0740 NetDDEdsdm (cbb409b314309fcffce5e682e91338c6) C:\WINDOWS\system32\netdde.exe
15:19:36.0375 0740 NetDDEdsdm - ok
15:19:36.0390 0740 Netlogon (88296f7943f30a1ee3af735440b92268) C:\WINDOWS\system32\lsass.exe
15:19:36.0390 0740 Netlogon - ok
15:19:36.0421 0740 Netman (4fe97d0b1b182df2a9bdd4c02155ef5e) C:\WINDOWS\System32\netman.dll
15:19:36.0437 0740 Netman - ok
15:19:36.0468 0740 Nla (612e31fcac1040edd78ecac81c9f859f) C:\WINDOWS\System32\mswsock.dll
15:19:36.0484 0740 Nla - ok
15:19:36.0500 0740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:19:36.0500 0740 Npfs - ok
15:19:36.0562 0740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:19:36.0593 0740 Ntfs - ok
15:19:36.0609 0740 NtLmSsp (88296f7943f30a1ee3af735440b92268) C:\WINDOWS\system32\lsass.exe
15:19:36.0609 0740 NtLmSsp - ok
15:19:36.0656 0740 NtmsSvc (3fb5399dbb7001a80d58edad64c98225) C:\WINDOWS\system32\ntmssvc.dll
15:19:36.0671 0740 NtmsSvc - ok
15:19:36.0703 0740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:19:36.0703 0740 Null - ok
15:19:37.0171 0740 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:19:37.0343 0740 nv - ok
15:19:37.0437 0740 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
15:19:37.0437 0740 nvatabus - ok
15:19:37.0468 0740 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:19:37.0468 0740 NVENETFD - ok
15:19:37.0484 0740 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:19:37.0484 0740 nvnetbus - ok
15:19:37.0515 0740 nvraid (a5c77d944410fadee380fb20b432760d) C:\WINDOWS\system32\DRIVERS\nvraid.sys
15:19:37.0515 0740 nvraid - ok
15:19:37.0546 0740 NVSvc (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe
15:19:37.0562 0740 NVSvc - ok
15:19:37.0578 0740 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
15:19:37.0578 0740 nv_agp - ok
15:19:37.0609 0740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:19:37.0609 0740 NwlnkFlt - ok
15:19:37.0625 0740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:19:37.0625 0740 NwlnkFwd - ok
15:19:37.0671 0740 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:19:37.0687 0740 ose - ok
15:19:37.0718 0740 Parport (2d4cdaebced17743aa9e25d3016dc229) C:\WINDOWS\system32\DRIVERS\parport.sys
15:19:37.0718 0740 Parport - ok
15:19:37.0734 0740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:19:37.0734 0740 PartMgr - ok
15:19:37.0765 0740 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys
15:19:37.0765 0740 ParVdm - ok
15:19:37.0796 0740 PCI (6862c69168d787b85a7d95ccd33c694e) C:\WINDOWS\system32\DRIVERS\pci.sys
15:19:37.0796 0740 PCI - ok
15:19:37.0812 0740 PCIDump - ok
15:19:37.0843 0740 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:19:37.0843 0740 PCIIde - ok
15:19:37.0875 0740 Pcmcia (8db27f1ae9593c94095485305a583862) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:19:37.0890 0740 Pcmcia - ok
15:19:37.0937 0740 PCTCore (3bdcb8b1f3af6c6b1dd0d3e93e9ea620) C:\WINDOWS\system32\drivers\PCTCore.sys
15:19:37.0953 0740 PCTCore - ok
15:19:37.0984 0740 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\WINDOWS\system32\drivers\pctDS.sys
15:19:38.0015 0740 pctDS - ok
15:19:38.0078 0740 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\WINDOWS\system32\drivers\pctEFA.sys
15:19:38.0093 0740 pctEFA - ok
15:19:38.0125 0740 PCTSD (0ee7d63f463b8efd387f0c2ba8312830) C:\WINDOWS\system32\Drivers\PCTSD.sys
15:19:38.0140 0740 PCTSD - ok
15:19:38.0250 0740 PDAgent (cc113e4054e09e85bbca0b81c0aa26c5) D:\Programy\PerfectDisk\PDAgent.exe
15:19:38.0296 0740 PDAgent - ok
15:19:38.0312 0740 PDCOMP - ok
15:19:38.0453 0740 PDEngine (dc4ff4fb444391fbf2a00205ba78d57b) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
15:19:38.0500 0740 PDEngine - ok
15:19:38.0562 0740 PDFRAME - ok
15:19:38.0593 0740 PDFSFilter (9f2dc7b99fb3aafa91cf97f36b1cf9e4) C:\WINDOWS\system32\DRIVERS\PDFsFilter.sys
15:19:38.0593 0740 PDFSFilter - ok
15:19:38.0609 0740 PDRELI - ok
15:19:38.0625 0740 PDRFRAME - ok
15:19:38.0640 0740 perc2 - ok
15:19:38.0640 0740 perc2hib - ok
15:19:38.0703 0740 PlugPlay (3e3ae424e27c4cefe4cab368c7b570ea) C:\WINDOWS\system32\services.exe
15:19:38.0703 0740 PlugPlay - ok
15:19:38.0718 0740 PolicyAgent (88296f7943f30a1ee3af735440b92268) C:\WINDOWS\system32\lsass.exe
15:19:38.0718 0740 PolicyAgent - ok
15:19:38.0750 0740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:19:38.0750 0740 PptpMiniport - ok
15:19:38.0765 0740 ProtectedStorage (88296f7943f30a1ee3af735440b92268) C:\WINDOWS\system32\lsass.exe
15:19:38.0765 0740 ProtectedStorage - ok
15:19:38.0781 0740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:19:38.0781 0740 PSched - ok
15:19:38.0796 0740 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
15:19:38.0796 0740 PSI - ok
15:19:38.0828 0740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:19:38.0828 0740 Ptilink - ok
15:19:38.0875 0740 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:19:38.0875 0740 PxHelp20 - ok
15:19:38.0875 0740 ql1080 - ok
15:19:38.0890 0740 Ql10wnt - ok
15:19:38.0906 0740 ql12160 - ok
15:19:38.0921 0740 ql1240 - ok
15:19:38.0937 0740 ql1280 - ok
15:19:38.0953 0740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:19:38.0953 0740 RasAcd - ok
15:19:38.0968 0740 RasAuto (bc22c5e1238d4d36d65679e249c483c3) C:\WINDOWS\System32\rasauto.dll
15:19:38.0984 0740 RasAuto - ok
15:19:39.0015 0740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:19:39.0015 0740 Rasl2tp - ok
15:19:39.0046 0740 RasMan (0c392e397b8d34aaaf19ec6119cbb788) C:\WINDOWS\System32\rasmans.dll
15:19:39.0062 0740 RasMan - ok
15:19:39.0078 0740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:19:39.0078 0740 RasPppoe - ok
15:19:39.0093 0740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:19:39.0093 0740 Raspti - ok
15:19:39.0125 0740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:19:39.0140 0740 Rdbss - ok
15:19:39.0156 0740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:19:39.0156 0740 RDPCDD - ok
15:19:39.0203 0740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:19:39.0203 0740 rdpdr - ok
15:19:39.0250 0740 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:19:39.0250 0740 RDPWD - ok
15:19:39.0281 0740 RDSessMgr (f83907a9a038db2e35329b039628d293) C:\WINDOWS\system32\sessmgr.exe
15:19:39.0296 0740 RDSessMgr - ok
15:19:39.0328 0740 redbook (e0c7bbd18040b58651bac700c804861d) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:19:39.0328 0740 redbook - ok
15:19:39.0375 0740 RemoteAccess (b3f57e6115bcd4dbade9874f300655e3) C:\WINDOWS\System32\mprdim.dll
15:19:39.0375 0740 RemoteAccess - ok
15:19:39.0406 0740 RemoteRegistry (b472b59ef98469c91651b751d3442cb8) C:\WINDOWS\system32\regsvc.dll
15:19:39.0406 0740 RemoteRegistry - ok
15:19:39.0437 0740 RpcLocator (6bc4d5a70f46ea27ddc14e5414c862a5) C:\WINDOWS\system32\locator.exe
15:19:39.0437 0740 RpcLocator - ok
15:19:39.0484 0740 RpcSs (02396dab9dd407b06539981f477f3fec) C:\WINDOWS\system32\rpcss.dll
15:19:39.0484 0740 RpcSs - ok
15:19:39.0531 0740 RSVP (9acee3313020a01235336c2a483afd1a) C:\WINDOWS\system32\rsvp.exe
15:19:39.0531 0740 RSVP - ok
15:19:39.0546 0740 SamSs (88296f7943f30a1ee3af735440b92268) C:\WINDOWS\system32\lsass.exe
15:19:39.0562 0740 SamSs - ok
15:19:39.0593 0740 SCardSvr (c6f479218e94896738c06af5ba6ab3d3) C:\WINDOWS\System32\SCardSvr.exe
15:19:39.0593 0740 SCardSvr - ok
15:19:39.0625 0740 Schedule (dd73c11a5c4d14945846384b90a61a4b) C:\WINDOWS\system32\schedsvc.dll
15:19:39.0640 0740 Schedule - ok
15:19:39.0703 0740 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) D:\Programy\Spyware Doctor\PC Tools Security\pctsAuxs.exe
15:19:39.0718 0740 sdAuxService - ok
15:19:39.0796 0740 sdCoreService (697e0a2a300ee8719cafae55b4771053) D:\Programy\Spyware Doctor\PC Tools Security\pctsSvc.exe
15:19:39.0828 0740 sdCoreService - ok
15:19:39.0859 0740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:19:39.0859 0740 Secdrv - ok
15:19:39.0890 0740 seclogon (2aad9026648120fffe2a8d871bb2bbc7) C:\WINDOWS\System32\seclogon.dll
15:19:39.0890 0740 seclogon - ok
15:19:39.0921 0740 Secunia PSI Agent - ok
15:19:39.0937 0740 SENS (9d01e29d59723eb73b72107b208dafe6) C:\WINDOWS\system32\sens.dll
15:19:39.0953 0740 SENS - ok
15:19:39.0984 0740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:19:39.0984 0740 serenum - ok
15:19:40.0000 0740 Serial (d07b02f88165e69b9f17162cf592c8a6) C:\WINDOWS\system32\DRIVERS\serial.sys
15:19:40.0015 0740 Serial - ok
15:19:40.0031 0740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:19:40.0031 0740 Sfloppy - ok
15:19:40.0078 0740 SharedAccess (da5c015911f68f22ed821e9ee49ab233) C:\WINDOWS\System32\ipnathlp.dll
15:19:40.0078 0740 SharedAccess - ok
15:19:40.0125 0740 ShellHWDetection (8ad90ed829b8404d962545ed3efb1129) C:\WINDOWS\System32\shsvcs.dll
15:19:40.0125 0740 ShellHWDetection - ok
15:19:40.0140 0740 Simbad - ok
15:19:40.0187 0740 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) D:\Programy\Skype\Updater\Updater.exe
15:19:40.0187 0740 SkypeUpdate - ok
15:19:40.0234 0740 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:19:40.0234 0740 SLIP - ok
15:19:40.0265 0740 SnoopFree (21ea9dc8fbe1236051832abb5254226f) C:\WINDOWS\system32\Drivers\SnopFree.sys
15:19:40.0265 0740 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\SnopFree.sys. md5: 21ea9dc8fbe1236051832abb5254226f
15:19:40.0265 0740 SnoopFree ( LockedFile.Multi.Generic ) - warning
15:19:40.0265 0740 SnoopFree - detected LockedFile.Multi.Generic (1)
15:19:40.0281 0740 SnoopFreeSvc (adbf2ffb193dd067254bf9090fd8a669) C:\WINDOWS\system32\SnoopFreeSvc.exe
15:19:40.0296 0740 SnoopFreeSvc - ok
15:19:40.0312 0740 Sparrow - ok
15:19:40.0312 0740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:19:40.0312 0740 splitter - ok
15:19:40.0343 0740 Spooler (dd69ec597ab942c39b950d9c3ce1375d) C:\WINDOWS\system32\spoolsv.exe
15:19:40.0359 0740 Spooler - ok
15:19:40.0390 0740 sr (eb032822be406ef220d546ddffcf0002) C:\WINDOWS\system32\DRIVERS\sr.sys
15:19:40.0390 0740 sr - ok
15:19:40.0421 0740 srservice (316d0e66074ae4cde641c50d3a1c5148) C:\WINDOWS\system32\srsvc.dll
15:19:40.0437 0740 srservice - ok
15:19:40.0468 0740 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
15:19:40.0484 0740 Srv - ok
15:19:40.0515 0740 SSDPSRV (2c0b1224aa36b4ca1753302baa855882) C:\WINDOWS\System32\ssdpsrv.dll
15:19:40.0531 0740 SSDPSRV - ok
15:19:40.0562 0740 Steam Client Service - ok
15:19:40.0609 0740 stisvc (41508ea375c97dc2b56e5f1afc067187) C:\WINDOWS\system32\wiaservc.dll
15:19:40.0625 0740 stisvc - ok
15:19:40.0656 0740 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:19:40.0656 0740 streamip - ok
15:19:40.0671 0740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:19:40.0687 0740 swenum - ok
15:19:40.0687 0740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:19:40.0703 0740 swmidi - ok
15:19:40.0718 0740 SwPrv - ok
15:19:40.0718 0740 symc810 - ok
15:19:40.0734 0740 symc8xx - ok
15:19:40.0750 0740 sym_hi - ok
15:19:40.0765 0740 sym_u3 - ok
15:19:40.0781 0740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:19:40.0781 0740 sysaudio - ok
15:19:40.0828 0740 SysmonLog (e42048198518f9162027a9984cbb7b5c) C:\WINDOWS\system32\smlogsvc.exe
15:19:40.0828 0740 SysmonLog - ok
15:19:40.0859 0740 TapiSrv (2340e6977548038c88e39a9ecbb3fadc) C:\WINDOWS\System32\tapisrv.dll
15:19:40.0875 0740 TapiSrv - ok
15:19:40.0921 0740 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:19:40.0953 0740 Tcpip - ok
15:19:40.0984 0740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:19:40.0984 0740 TDPIPE - ok
15:19:41.0000 0740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:19:41.0000 0740 TDTCP - ok
15:19:41.0015 0740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:19:41.0015 0740 TermDD - ok
15:19:41.0062 0740 TermService (52e0505408edd4ab5ccc7f83b67b4299) C:\WINDOWS\System32\termsrv.dll
15:19:41.0062 0740 TermService - ok
15:19:41.0109 0740 Themes (8ad90ed829b8404d962545ed3efb1129) C:\WINDOWS\System32\shsvcs.dll
15:19:41.0109 0740 Themes - ok
15:19:41.0140 0740 TlntSvr (b17551ab6eaa71dca530632c15fa3d9a) C:\WINDOWS\system32\tlntsvr.exe
15:19:41.0156 0740 TlntSvr - ok
15:19:41.0171 0740 TosIde - ok
15:19:41.0203 0740 TrkWks (9e70eb419d7785c286dc458a019bab9b) C:\WINDOWS\system32\trkwks.dll
15:19:41.0203 0740 TrkWks - ok
15:19:41.0343 0740 TuneUp.UtilitiesSvc (f5e67d2f8d3c023d3587737dbc718b25) D:\Programy\TuneUp Utilities\TuneUpUtilitiesService32.exe
15:19:41.0375 0740 TuneUp.UtilitiesSvc - ok
15:19:41.0390 0740 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) D:\Programy\TuneUp Utilities\TuneUpUtilitiesDriver32.sys
15:19:41.0390 0740 TuneUpUtilitiesDrv - ok
15:19:41.0437 0740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:19:41.0437 0740 Udfs - ok
15:19:41.0453 0740 ultra - ok
15:19:41.0484 0740 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
15:19:41.0484 0740 UMWdf - ok
15:19:41.0531 0740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:19:41.0546 0740 Update - ok
15:19:41.0578 0740 upnphost (e96a6baee0b2a14a38b45830d6e30697) C:\WINDOWS\System32\upnphost.dll
15:19:41.0593 0740 upnphost - ok
15:19:41.0609 0740 UPS (eb90e28b28541ec845e5345609355ca7) C:\WINDOWS\System32\ups.exe
15:19:41.0609 0740 UPS - ok
15:19:41.0640 0740 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:19:41.0640 0740 usbaudio - ok
15:19:41.0671 0740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:19:41.0671 0740 usbccgp - ok
15:19:41.0687 0740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:19:41.0703 0740 usbehci - ok
15:19:41.0703 0740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:19:41.0718 0740 usbhub - ok
15:19:41.0734 0740 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:19:41.0734 0740 usbohci - ok
15:19:41.0765 0740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:19:41.0765 0740 USBSTOR - ok
15:19:41.0796 0740 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:19:41.0796 0740 usbvideo - ok
15:19:41.0843 0740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:19:41.0843 0740 VgaSave - ok
15:19:41.0843 0740 ViaIde - ok
15:19:41.0875 0740 VolSnap (56b191ac5fc0df219949c95a6c87afe7) C:\WINDOWS\system32\drivers\VolSnap.sys
15:19:41.0875 0740 VolSnap - ok
15:19:41.0921 0740 VSS (7f2d7bffc4554e1c742dd3629fd1fb1b) C:\WINDOWS\System32\vssvc.exe
15:19:41.0921 0740 VSS - ok
15:19:41.0984 0740 W32Time (a672ca3981352f8e9c30fea056e80a62) C:\WINDOWS\system32\w32time.dll
15:19:41.0984 0740 W32Time - ok
15:19:42.0015 0740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:19:42.0031 0740 Wanarp - ok
15:19:42.0031 0740 WDICA - ok
15:19:42.0078 0740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:19:42.0078 0740 wdmaud - ok
15:19:42.0109 0740 WebClient (81fb88b975e25d76e00b69879d8a434c) C:\WINDOWS\System32\webclnt.dll
15:19:42.0109 0740 WebClient - ok
15:19:42.0156 0740 winmgmt (70c22297534a88b0ad0568900ab5a6d9) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:19:42.0156 0740 winmgmt - ok
15:19:42.0218 0740 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
15:19:42.0218 0740 WmdmPmSN - ok
15:19:42.0281 0740 Wmi (968c967f8a9b96e7d63fdd5664c896e7) C:\WINDOWS\System32\advapi32.dll
15:19:42.0312 0740 Wmi - ok
15:19:42.0343 0740 WmiApSrv (a2b12d80a1670511b047a7d8bb647598) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:19:42.0359 0740 WmiApSrv - ok
15:19:42.0390 0740 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:19:42.0390 0740 WS2IFSL - ok
15:19:42.0421 0740 wscsvc (b6669f49d42e09bc0f9889faa0f3336d) C:\WINDOWS\system32\wscsvc.dll
15:19:42.0421 0740 wscsvc - ok
15:19:42.0453 0740 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:19:42.0453 0740 WSTCODEC - ok
15:19:42.0484 0740 wuauserv (04550d5eb7ee82c115db547c01df09fd) C:\WINDOWS\system32\wuauserv.dll
15:19:42.0484 0740 wuauserv - ok
15:19:42.0515 0740 WZCSVC (c2842273aaa77ac031edb87fa19a2147) C:\WINDOWS\System32\wzcsvc.dll
15:19:42.0546 0740 WZCSVC - ok
15:19:42.0578 0740 xmlprov (24ed6935771359a5aef1fe8bf0c56f39) C:\WINDOWS\System32\xmlprov.dll
15:19:42.0578 0740 xmlprov - ok
15:19:42.0609 0740 MBR (0x1B8) (32052574bf9f325ae309abc7bfd04460) \Device\Harddisk0\DR0
15:19:43.0000 0740 \Device\Harddisk0\DR0 - ok
15:19:43.0000 0740 Boot (0x1200) (d8d47707d1c0d344473380500bb5adaa) \Device\Harddisk0\DR0\Partition0
15:19:43.0000 0740 \Device\Harddisk0\DR0\Partition0 - ok
15:19:43.0015 0740 Boot (0x1200) (e6a64557d0cfffd8334cd90031243480) \Device\Harddisk0\DR0\Partition1
15:19:43.0031 0740 \Device\Harddisk0\DR0\Partition1 - ok
15:19:43.0031 0740 ============================================================
15:19:43.0031 0740 Scan finished
15:19:43.0031 0740 ============================================================
15:19:43.0046 1316 Detected object count: 1
15:19:43.0046 1316 Actual detected object count: 1
15:20:45.0406 1316 SnoopFree ( LockedFile.Multi.Generic ) - skipped by user
15:20:45.0406 1316 SnoopFree ( LockedFile.Multi.Generic ) - User select action: Skip
:: Athlon XP 3000+ :: ASRock K7NF2-RAID :: 2GB RAM DC 400 MHz :: GeForce 7600GT :: SAMSUNG ATA 80GB :: DELTA DPS-350PB-2C ::
-
kominekl
- Posty: 5855
- Rejestracja: 27 lis 2011, 14:25
- Kontaktowanie:
Kradzież konta e-mail i konta steam.
"Gadu-Gadu" = Gadu-Gadu 7.7
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Registry Shower 2007_is1" = Registry Shower 2007 2.70 PC Format
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"SpywareBlaster_is1" = SpywareBlaster 4.6
"WinPatrol" = WinPatrol
Odinstaluj to oprogramowanie.
Logi.
Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:
:OTL
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5C321E34
:Files
C:\Documents and Settings\Vi-rus\Ustawienia lokalne\Dane aplikacji\Secunia PSI
C:\WINDOWS\tasks\*.*
C:\Documents and Settings\All Users\Dane aplikacji\TEMP
C:\Documents and Settings\All Users\Dane aplikacji\{32364CEA-7855-4A3C-B674-53D8E9B97936}
C:\Documents and Settings\Vi-rus\Dane aplikacji\WinPatrol
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]
Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.
Optymalizacja.
Jeśli jej pragniesz to podaj log z Autoruns -> http://www.hotfix.pl/optymalizacja-auto ... s-a128.htm.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
-
- Reklama
Kto jest online
Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 2 gości
