de99ial
-
Postów
6 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez de99ial
-
-
Domyśliłem się, że trzeba użyć Defoggera aby przywrócić procesy.
Nie wiem jakie zwyczaje panują na jakich forach, ale na PClabie nie zauważyłem, aby Admin przywracał treść edytowanych przez użytkowników postów.
Dzięki wielkie za pomoc raz jeszcze.
Wszystkiego dobrego.
-
Defogger pomógł, Avira nie zgłasza tego od czego się zaczęło.
Dzięki za pomoc i przepraszam za stratę czasu.
Pozdrawiam
PS. Admin to nie byle user, który może sobie wejść i poczytać. To, że jak ktoś bardzo chce to znajdzie - wiem. Chodzi mi o typowego usera, nie Admina
Konta w sieci wiedzą tyle ile im podam.
-
Raport z Aviry
Avira Free Antivirus Report file date: 8 lutego 2012 18:35 Scanning for 3435674 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : SYSTEM Computer name : KOMPUTER Version information: BUILD.DAT : 12.0.0.872 41826 Bytes 2011-12-15 17:24:00 AVSCAN.EXE : 12.1.0.18 490448 Bytes 2011-10-25 16:45:53 AVSCAN.DLL : 12.1.0.17 54224 Bytes 2011-09-23 11:34:56 LUKE.DLL : 12.1.0.17 68304 Bytes 2011-10-11 13:00:17 AVSCPLR.DLL : 12.1.0.21 99536 Bytes 2011-12-08 19:12:51 AVREG.DLL : 12.1.0.27 227536 Bytes 2011-12-09 20:04:34 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 2011-12-20 18:26:04 VBASE003.VDF : 7.11.21.238 4472832 Bytes 2012-02-01 17:27:43 VBASE004.VDF : 7.11.21.239 2048 Bytes 2012-02-01 17:27:43 VBASE005.VDF : 7.11.21.240 2048 Bytes 2012-02-01 17:27:44 VBASE006.VDF : 7.11.21.241 2048 Bytes 2012-02-01 17:27:44 VBASE007.VDF : 7.11.21.242 2048 Bytes 2012-02-01 17:27:44 VBASE008.VDF : 7.11.21.243 2048 Bytes 2012-02-01 17:27:47 VBASE009.VDF : 7.11.21.244 2048 Bytes 2012-02-01 17:27:49 VBASE010.VDF : 7.11.21.245 2048 Bytes 2012-02-01 17:27:49 VBASE011.VDF : 7.11.21.246 2048 Bytes 2012-02-01 17:27:49 VBASE012.VDF : 7.11.21.247 2048 Bytes 2012-02-01 17:27:49 VBASE013.VDF : 7.11.22.33 1486848 Bytes 2012-02-03 18:52:17 VBASE014.VDF : 7.11.22.56 687616 Bytes 2012-02-03 18:52:19 VBASE015.VDF : 7.11.22.92 178176 Bytes 2012-02-06 18:51:52 VBASE016.VDF : 7.11.22.93 2048 Bytes 2012-02-06 18:51:53 VBASE017.VDF : 7.11.22.94 2048 Bytes 2012-02-06 18:51:53 VBASE018.VDF : 7.11.22.95 2048 Bytes 2012-02-06 18:51:53 VBASE019.VDF : 7.11.22.96 2048 Bytes 2012-02-06 18:51:53 VBASE020.VDF : 7.11.22.97 2048 Bytes 2012-02-06 18:51:53 VBASE021.VDF : 7.11.22.98 2048 Bytes 2012-02-06 18:51:53 VBASE022.VDF : 7.11.22.99 2048 Bytes 2012-02-06 18:51:53 VBASE023.VDF : 7.11.22.100 2048 Bytes 2012-02-06 18:51:53 VBASE024.VDF : 7.11.22.101 2048 Bytes 2012-02-06 18:51:53 VBASE025.VDF : 7.11.22.102 2048 Bytes 2012-02-06 18:51:53 VBASE026.VDF : 7.11.22.103 2048 Bytes 2012-02-06 18:51:53 VBASE027.VDF : 7.11.22.104 2048 Bytes 2012-02-06 18:51:53 VBASE028.VDF : 7.11.22.105 2048 Bytes 2012-02-06 18:51:54 VBASE029.VDF : 7.11.22.106 2048 Bytes 2012-02-06 18:51:54 VBASE030.VDF : 7.11.22.107 2048 Bytes 2012-02-06 18:51:54 VBASE031.VDF : 7.11.22.138 106496 Bytes 2012-02-07 21:27:54 Engineversion : 8.2.8.48 AEVDF.DLL : 8.1.2.2 106868 Bytes 2011-10-25 16:45:51 AESCRIPT.DLL : 8.1.4.3 438649 Bytes 2012-02-03 18:52:28 AESCN.DLL : 8.1.8.2 131444 Bytes 2012-01-27 17:03:11 AESBX.DLL : 8.2.4.5 434549 Bytes 2011-12-01 19:13:39 AERDL.DLL : 8.1.9.15 639348 Bytes 2011-09-08 21:16:06 AEPACK.DLL : 8.2.16.2 799095 Bytes 2012-01-27 17:03:11 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 2011-12-30 21:25:06 AEHEUR.DLL : 8.1.3.24 4387190 Bytes 2012-02-03 18:52:27 AEHELP.DLL : 8.1.19.0 254327 Bytes 2012-01-19 21:51:36 AEGEN.DLL : 8.1.5.21 409971 Bytes 2012-02-03 18:52:24 AEEMU.DLL : 8.1.3.0 393589 Bytes 2011-09-01 21:46:01 AECORE.DLL : 8.1.25.3 201079 Bytes 2012-01-27 17:03:05 AEBB.DLL : 8.1.1.0 53618 Bytes 2011-09-01 21:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 2011-10-11 13:00:11 AVPREF.DLL : 12.1.0.17 51920 Bytes 2011-10-11 13:00:09 AVREP.DLL : 12.1.0.17 179408 Bytes 2011-10-11 13:00:09 AVARKT.DLL : 12.1.0.19 208848 Bytes 2011-12-08 19:12:45 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 2011-10-11 13:00:08 SQLITE3.DLL : 3.7.0.0 398288 Bytes 2011-10-11 13:00:22 AVSMTP.DLL : 12.1.0.17 62928 Bytes 2011-10-11 13:00:10 NETNT.DLL : 12.1.0.17 17104 Bytes 2011-10-11 13:00:18 RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 2011-10-11 13:00:31 RCTEXT.DLL : 12.1.1.16 96208 Bytes 2011-12-22 18:58:08 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp Logging.............................: default Primary action......................: delete Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: extended Deviating risk categories...........: +APPL,+JOKE,+PFS,+SPR, Start of the scan: 8 lutego 2012 18:35 Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting search for hidden objects. HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\AppDomains\Communications.CCC.exe.CCC.3136 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\AppDomains\Communications.MOM.exe.MOM.2860 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Processes\2860 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Processes\3136 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime HydraVision Caste Initialize [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Constructor ProcTime [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste HotKey [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Initialize [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name [NOTE] The registry entry is invisible. Hidden driver [NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts. The scan of running processes will be started Scan process 'taskeng.exe' - '26' Module(s) have been scanned Scan process 'TOTALCMD.EXE' - '53' Module(s) have been scanned Scan process 'svchost.exe' - '28' Module(s) have been scanned Scan process 'vssvc.exe' - '47' Module(s) have been scanned Scan process 'avscan.exe' - '79' Module(s) have been scanned Scan process 'Spik.exe' - '133' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '47' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '35' Module(s) have been scanned Scan process 'CCC.exe' - '238' Module(s) have been scanned Scan process 'taskhost.exe' - '35' Module(s) have been scanned Scan process 'MOM.exe' - '67' Module(s) have been scanned Scan process 'avgnt.exe' - '75' Module(s) have been scanned Scan process 'XBoxStat.exe' - '32' Module(s) have been scanned Scan process 'VDeck.exe' - '53' Module(s) have been scanned Scan process 'Explorer.EXE' - '145' Module(s) have been scanned Scan process 'Dwm.exe' - '33' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '48' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '108' Module(s) have been scanned Scan process 'svchost.exe' - '55' Module(s) have been scanned Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '34' Module(s) have been scanned Scan process 'Fuel.Service.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '69' Module(s) have been scanned Scan process 'sched.exe' - '41' Module(s) have been scanned Scan process 'spoolsv.exe' - '77' Module(s) have been scanned Scan process 'svchost.exe' - '71' Module(s) have been scanned Scan process 'atieclxx.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '59' Module(s) have been scanned Scan process 'AUDIODG.EXE' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '151' Module(s) have been scanned Scan process 'svchost.exe' - '87' Module(s) have been scanned Scan process 'svchost.exe' - '76' Module(s) have been scanned Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'conhost.exe' - '14' Module(s) have been scanned Scan process 'avshadow.exe' - '31' Module(s) have been scanned Scan process 'avguard.exe' - '67' Module(s) have been scanned Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'winlogon.exe' - '31' Module(s) have been scanned Scan process 'lsm.exe' - '16' Module(s) have been scanned Scan process 'lsass.exe' - '60' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'csrss.exe' - '18' Module(s) have been scanned Scan process 'wininit.exe' - '26' Module(s) have been scanned Scan process 'csrss.exe' - '18' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting to scan executable files (registry). The registry was scanned ( '1697' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'D:\' End of the scan: 8 lutego 2012 20:07 Used time: 1:32:00 Hour(s) The scan has been done completely. 26164 Scanned directories 756492 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 756492 Files not concerned 5987 Archives were scanned 0 Warnings 10 Notes 378552 Objects were scanned with rootkit scan 10 Hidden objects were found
-
Usuwałem bo lubię dbać o swoją prywatność. Może to przewrażliwienie a może nie, nazwij jak chcesz.
W pliku txt masz dokładną kopię wszystkich wykasowanych logów z forum.
Oto aktualne logi:
OTL
OTL logfile created on: 2012-02-08 01:40:59 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Download Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,95% Memory free 4,00 Gb Paging File | 2,67 Gb Available in Paging File | 66,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 35,02 Gb Free Space | 35,90% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 19,29 Gb Free Space | 5,24% Space Free | Partition Type: NTFS Drive E: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KOMPUTER | User Name: de99ial | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-02-08 01:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe PRC - [2012-02-02 21:14:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-10-11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011-10-11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011-10-11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011-10-11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011-09-08 18:30:10 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011-09-08 18:29:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011-09-08 12:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011-06-24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011-03-29 19:56:16 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2009-10-09 10:00:44 | 001,699,328 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009-09-24 06:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\totalcmd\TOTALCMD.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-02-02 21:14:02 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-01-12 01:43:11 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll MOD - [2012-01-12 01:43:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2011-12-06 18:45:08 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011-10-12 23:48:18 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll MOD - [2011-10-12 23:47:09 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll MOD - [2011-10-12 19:05:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll MOD - [2011-10-12 19:05:17 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll MOD - [2011-10-12 19:05:08 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll MOD - [2011-10-12 19:05:08 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll MOD - [2011-10-12 19:05:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011-10-12 19:04:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011-10-12 19:04:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011-10-12 19:04:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011-10-12 19:04:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011-10-12 19:04:15 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011-10-12 19:04:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011-09-08 12:53:30 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011-09-08 12:41:26 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2010-11-13 03:39:47 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-06-21 12:22:45 | 000,008,192 | ---- | M] () -- C:\Program Files\Spik\idlehk.dll MOD - [2009-09-02 02:28:04 | 047,628,288 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll MOD - [2009-05-07 09:53:18 | 000,106,496 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009-05-07 09:50:46 | 000,073,728 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2008-02-14 06:57:00 | 000,094,208 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-10-11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-10-11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011-09-08 18:29:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011-09-08 12:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2010-05-19 02:00:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-12-08 20:12:50 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011-11-24 19:05:10 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2011-10-11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011-10-11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011-09-08 19:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011-09-08 19:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011-09-08 17:52:20 | 000,248,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011-06-24 05:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01) DRV - [2011-06-06 23:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010-12-01 23:02:47 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-06-17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010-02-18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009-09-17 12:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009-07-27 08:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009-06-05 01:28:12 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009-05-04 17:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2007-06-29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5 FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5 FF - prefs.js..network.proxy.backup.ftp: "41.160.185.138" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "41.160.185.138" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "41.160.185.138" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "218.22.80.61" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "218.22.80.61" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "218.22.80.61" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "218.22.80.61" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@kontakt.wp.pl/WPMSGPlugin,version=1.0.1: C:\Program Files\Spik\mozilla\npwpk.dll ( ) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-02 21:14:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-25 18:53:35 | 000,000,000 | ---D | M] [2010-04-29 17:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\de99ial\AppData\Roaming\mozilla\Extensions [2012-01-06 11:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\de99ial\AppData\Roaming\mozilla\Firefox\Profiles\fm8fomfk.default\extensions [2011-12-26 19:07:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\de99ial\AppData\Roaming\mozilla\Firefox\Profiles\fm8fomfk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-03-25 18:53:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-17 10:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} () (No name found) -- C:\USERS\DE99IAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FM8FOMFK.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\DE99IAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FM8FOMFK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012-02-02 21:14:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-06-21 12:47:59 | 000,077,824 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npwpk.dll [2011-06-24 19:02:58 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-06-24 19:02:58 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-06-24 19:02:58 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-06-24 19:02:58 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-06-24 19:02:58 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-06-24 19:02:58 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll File not found O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 80.244.140.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{224C5BDE-EF94-4AE4-9794-AF8508F7A244}: DhcpNameServer = 217.172.224.160 80.244.140.241 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wpmsg {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-02-07 18:40:08 | 000,000,000 | ---D | C] -- C:\Users\de99ial\AppData\Local\GHISLER [2012-01-25 19:04:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2012-01-25 19:04:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2012-01-20 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012-01-11 18:24:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012-01-11 18:24:30 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012-01-11 18:24:30 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012-01-10 23:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [3 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-02-08 01:39:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-02-07 22:34:28 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-02-07 22:34:28 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-02-07 22:27:29 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-02-07 22:27:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-02-07 22:27:07 | 1609,945,088 | -HS- | M] () -- C:\hiberfil.sys [2012-01-29 00:27:01 | 000,064,512 | ---- | M] () -- C:\Users\de99ial\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012-01-17 02:19:37 | 000,000,124 | ---- | M] () -- C:\Users\de99ial\Documents\ax_files.xml [2012-01-15 17:43:00 | 000,697,674 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-01-15 17:43:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-01-15 17:43:00 | 000,134,784 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-01-15 17:43:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-01-12 01:54:57 | 000,361,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-10-09 16:39:57 | 000,000,256 | ---- | C] () -- C:\Windows\game.ini [2011-09-14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011-08-26 15:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011-03-17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011-03-07 18:57:50 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini [2011-01-03 21:35:16 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2010-07-11 15:26:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-06-30 22:03:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010-05-06 21:44:32 | 000,064,512 | ---- | C] () -- C:\Users\de99ial\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-04-29 22:14:13 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010-04-29 22:14:13 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010-04-29 22:14:13 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010-04-29 13:08:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-02-21 03:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-11-06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009-08-16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009-08-02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009-08-02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009-07-14 09:07:57 | 000,697,674 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 09:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 09:07:57 | 000,134,784 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 09:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 05:33:53 | 000,361,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-06-19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009-05-29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-05-29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007-02-05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [color=#E56717]========== LOP Check ==========[/color] [2011-09-03 21:00:35 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\1812 [2011-10-23 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Activision [2012-01-10 23:00:21 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Any Video Converter [2012-02-05 23:52:12 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\foobar2000 [2010-05-06 17:52:25 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Foxit [2010-04-29 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\GHISLER [2011-11-21 19:12:11 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\OpenOffice.org [2010-04-29 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Spik [2011-11-26 09:32:30 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\TrueCrypt [2012-02-08 01:37:49 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\uTorrent [2011-10-31 01:08:20 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\wargaming.net [2010-04-29 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Win7codecs [2011-12-02 18:20:10 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >i drugi
OTL Extras logfile created on: 2012-02-08 01:40:59 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Download Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,95% Memory free 4,00 Gb Paging File | 2,67 Gb Available in Paging File | 66,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 35,02 Gb Free Space | 35,90% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 19,29 Gb Free Space | 5,24% Space Free | Partition Type: NTFS Drive E: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KOMPUTER | User Name: de99ial | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0 "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DACC3F4-2007-A5EE-5FFF-129338EC89E6}" = CCC Help English "{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6 "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6 "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{65DF3688-6EF3-4C86-83DE-54AB46029F07}" = Hellgate "{6603BC18-EEF7-7936-77BF-76861115E674}" = Catalyst Control Center Graphics Previews Common "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{81B3EF66-BAC7-4C91-B856-3943C0196B4E}" = Duke Nukem - Manhattan Project - 1.0.1 Patch "{81E19A62-1FD2-1066-7C10-19DD3323E27F}" = AMD Media Foundation Decoders "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{840D2B01-6A05-1D0D-DCD2-59567DE0E0BC}" = AMD Fuel "{8AA5716D-43F6-F7D5-0DD4-199A8103EC71}" = ATI AVIVO Codecs "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel(TM) - Ultimate Alliance "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A4B7D086-851B-8830-2F80-DC5AE26B3918}" = AMD Drag and Drop Transcoding "{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91045}" = Nero 8 Essentials "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ACC75323-DB4A-4F7F-9AF2-1D1DEFF2D0B4}" = Heroes of Might & Magic V: Kuźnia Przeznaczenia "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CC5FA098-131A-5648-31D5-825692C72B2C}" = AMD VISION Engine Control Center "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2 "{EA5700B4-7DD1-68DE-8F44-7C2B48E59572}" = HydraVision "{EF19211B-DB8D-4EF6-B501-27329E455D2C}" = Heroes of Might and Magic V "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy "{F99F26DF-CCDE-F5F6-02AD-ABA8AAB51ADE}" = ccc-utility "7-Zip" = 7-Zip 4.65 "ACDSee" = ACDSee "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "Dungeon Keeper_is1" = Dungeon Keeper "Fallout New Vegas 2011 - Extended HD Edition_is1" = Fallout New Vegas 2011 - Extended HD Edition v1.4.0.525 "foobar2000" = foobar2000 v1.1.1 "Foxit Reader" = Foxit Reader "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń "InstallShield_{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel(TM) - Ultimate Alliance "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.60.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 10.0 (x86 pl)" = Mozilla Firefox 10.0 (x86 pl) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.2 "Spik" = Spik "Totalcmd" = Total Commander (Remove or Repair) "TrueCrypt" = TrueCrypt "uTorrent" = µTorrent "uTorrentBar Toolbar" = uTorrentBar Toolbar "VLC media player" = VLC media player 1.1.10 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "1812 - Serce Zimy" = 1812 - Serce Zimy "I-Doser v4" = I-Doser v4 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-01-31 22:39:40 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2012-02-01 17:58:09 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2012-02-02 15:43:20 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2012-02-02 19:07:25 | Computer Name = komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: worldoftanks.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4ef4901a Nazwa modułu powodującego błąd: worldoftanks.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4ef4901a Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x007a8b03 Identyfikator procesu powodującego błąd: 0x18e4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cce1fbd7f67dfd Ścieżka aplikacji powodującej błąd: D:\Gry\World_of_Tanks\worldoftanks.exe Ścieżka modułu powodującego błąd: D:\Gry\World_of_Tanks\worldoftanks.exe Identyfikator raportu: ab073e40-4df2-11e1-9d02-40618661e07d Error - 2012-02-03 14:06:28 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2012-02-04 05:56:42 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2012-02-05 06:42:02 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2012-02-05 16:38:01 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2012-02-05 22:19:42 | Computer Name = komputer | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu 3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu "version" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2012-02-06 14:06:00 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = [ System Events ] Error - 2011-12-31 05:12:50 | Computer Name = komputer | Source = Service Control Manager | ID = 7024 Description = Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535. Error - 2011-12-31 05:12:50 | Computer Name = komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-01-05 15:13:19 | Computer Name = komputer | Source = Service Control Manager | ID = 7024 Description = Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535. Error - 2012-01-05 15:13:19 | Computer Name = komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-01-06 01:49:23 | Computer Name = komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2012-01-08 08:08:42 | Computer Name = komputer | Source = Service Control Manager | ID = 7024 Description = Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535. Error - 2012-01-08 08:08:42 | Computer Name = komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-01-29 21:12:38 | Computer Name = komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2012-01-30 13:14:01 | Computer Name = komputer | Source = Service Control Manager | ID = 7024 Description = Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535. Error - 2012-01-30 13:14:01 | Computer Name = komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. < End of report >GMER
GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-08 01:48:50 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD503HI rev.1AJ10001 Running: m58zevwe.exe; Driver: C:\Users\de99ial\AppData\Local\Temp\pgddqpoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82E3F369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E78D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text sptd.sys 88E3A000 8 Bytes [34, 02, 22, 83, A0, 67, 21, ...] {XOR AL, 0x2; AND AL, [EBX-0x7cde9860]} .text sptd.sys 88E3A009 23 Bytes [67, 21, 83, 48, 8B, 21, 83, ...] .text sptd.sys 88E3A024 4 Bytes [44, 95, F6, 88] .text sptd.sys 88E3A02C 74 Bytes [51, 66, 06, 83, 48, 29, FE, ...] .text sptd.sys 88E3A077 113 Bytes [83, 2B, 7E, 06, 83, C4, 62, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x88F31D38] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA39000, 0x3A3E05, 0xE8000020] .text USBPORT.SYS!DllUnload 8F64BDB9 5 Bytes JMP 860F51D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2536] USER32.dll!GetWindowInfo 77804B5E 5 Bytes JMP 66E0A4E7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2536] USER32.dll!TrackPopupMenu 77812228 5 Bytes JMP 66E0AABD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3364] ntdll.dll!LdrLoadDll 7792223E 5 Bytes JMP 66C91B30 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88E3B0C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88E3BFE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [88E3B574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88E3C1BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88E3B362] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FF2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FD5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FD56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FF24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FE8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FE4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FE506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FE5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73FE6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FE826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FE87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FE901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FEE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FE4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84E621F8 Device \Driver\usbohci \Device\USBPDO-0 860F61F8 Device \Driver\PCI_PNP4532 \Device\00000051 sptd.sys Device \Driver\usbohci \Device\USBPDO-1 860F61F8 Device \Driver\usbehci \Device\USBPDO-2 860F71F8 Device \Driver\usbohci \Device\USBPDO-3 860F61F8 Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbohci \Device\USBPDO-4 860F61F8 Device \Driver\usbehci \Device\USBPDO-5 860F71F8 Device \Driver\usbohci \Device\USBPDO-6 860F61F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 85F9F430 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E601F8 Device \Driver\atapi \Device\Ide\IdePort0 84E601F8 Device \Driver\atapi \Device\Ide\IdePort1 84E601F8 Device \Driver\atapi \Device\Ide\IdePort2 84E601F8 Device \Driver\atapi \Device\Ide\IdePort3 84E601F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84E601F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 85F9F430 Device \Driver\NetBT \Device\NetBt_Wins_Export 860951F8 Device \Driver\usbohci \Device\USBFDO-0 860F61F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{224C5BDE-EF94-4AE4-9794-AF8508F7A244} 860951F8 Device \Driver\usbohci \Device\USBFDO-1 860F61F8 Device \Driver\usbehci \Device\USBFDO-2 860F71F8 Device \Driver\usbohci \Device\USBFDO-3 860F61F8 Device \Driver\usbohci \Device\USBFDO-4 860F61F8 Device \Driver\usbehci \Device\USBFDO-5 860F71F8 Device \Driver\usbohci \Device\USBFDO-6 860F61F8 Device \Driver\aisqkmsu \Device\Scsi\aisqkmsu1 860FC1F8 Device \Driver\aisqkmsu \Device\Scsi\aisqkmsu1Port4Path0Target0Lun0 860FC1F8 Device \FileSystem\cdfs \Cdfs 85FC91F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0x48 0x7D 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x67 0xFF 0x3B 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x41 0x8E 0x54 0xB4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0x48 0x7D 0xCA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x67 0xFF 0x3B 0xEB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x41 0x8E 0x54 0xB4 ... ---- EOF - GMER 1.0.15 ----Avirę dam jutro, nie gromadze logów, wybacz.
I dzięki za zainteresowanie.
-
Witam
Zostałem tutaj skierowany przez Filutka78 z forum pclaba, gdzie próbowała mi pomóc.
Chciałem wkleić tutaj wszystkie logi, które na jej prośbę wykonałem, ale z jakiegoś powodu wyrzuca mi błąd, więc całość korespondencji wrzuciłem do pliku txt, który załączam do tego posta.
Z góry dzięki za pomoc.
Kilka pytań dotyczących szyfrowania danych i sieci TOR
w Oprogramowanie zabezpieczające
Opublikowano
Operator co najwyżej może określić, że korzystasz z protokołu TOR, ale samej treści czy docelowego komputera nie jest w stanie podejrzeć. Niektórzy operatorzy blokują możliwość korzystania z sieci TOR. Aby to ominąć trzeba użyć tzw. mostu (ang. brigde) - na stronie TOR znajdziesz informacje jak to włączyć.
Generalnie zasada jest taka, że im większa liczba używających TORa na łączach danego operatora tym wyższy poziom anonimowości.
Teoretycznie możliwe jest podsłuchanie ruchu oraz lokalizacja połączenia ale w tym celu podsłuchujący musiałby mieć pod kontrolą przynajmniej dwa węzły TOR biorące udział w danym transferze danych (co jest mało prawdopodobne). Druga możliwość to skrypty java (dlatego twórcy TORa zalecają wyłączenie). Należy pamiętać,że o ile transfer danych jest szyfrowany o tyle sama informacja nie, więc jesli wyślesz np. maila niezaszyfrowanego to podsłuchujący mogą chwycić jego treść ale nie będą w stanie określić skąd został wysłany.