Witam !
Mój problem dotyczy ciągle pojawiających się wirusów na komputerze. Uruchamiam antyvirus robię skan usuwa wszystko co znajdzie i jest wszystko dobrze aż do ponownego uruchomienia pcta bo wtedy wirusy znowu się pokazują.
Oto mój log:
Pokaż logi:
Przestawiasz w nim Processes i Modules na All oraz wklejasz w dolne białe okienko Custom Scans/Fixes :
Klikasz Run Scan.
W GMER nic nie zmieniamy -> wciskamy Szukaj (skan potrwa kilkadziesiąt minut) -> po skanie Kopiuj.
W przypadku restartu w czasie skanowania odznacz Urządzenia.
OTL Log:
OTL Extras logfile created on: 2009-11-22 12:19:35 - Run 1
OTL by OldTimer - Version 3.1.6.3 Folder = C:\Documents and Settings\Jakub\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 296,43 Gb Free Space | 63,65% Space Free | Partition Type: NTFS
Drive D: | 74,52 Gb Total Space | 14,77 Gb Free Space | 19,82% Space Free | Partition Type: NTFS
Drive E: | 575,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: UMERSKI
Current User Name: Jakub
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8461:TCP" = 8461:TCP:*:Enabled:GoD High Port
"8462:TCP" = 8462:TCP:*:Enabled:GoD Low Port
"10480:TCP" = 10480:TCP:*:Enabled:SWAT4
"10480:UDP" = 10480:UDP:*:Enabled:SWAT4
"10482:TCP" = 10482:TCP:*:Enabled:SWAT4
"10482:UDP" = 10482:UDP:*:Enabled:SWAT4
"10483:TCP" = 10483:TCP:*:Enabled:SWAT4
"10483:UDP" = 10483:UDP:*:Enabled:SWAT4
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- ()
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Program Files\Autodesk\backburner\monitor.exe" = C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\manager.exe" = C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\server.exe" = C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat:*:Enabled:Command & Conquer 3 Wojny o tyberium(tm) -- (Electronic Arts Inc.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\Program Files\1.0 S\SWAT 4\Content\System\Swat4.exe" = D:\Program Files\1.0 S\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4 -- (Sierra Entertainment, Inc.)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\Ubisoft\THE SETTLERS - Narodziny Imperium\base\bin\Settlers6.exe" = C:\Program Files\Ubisoft\THE SETTLERS - Narodziny Imperium\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Narodziny Imperium -- (Blue Byte GmbH)
"C:\Program Files\VUGames\SWAT 4\Content\System\Swat4.exe" = C:\Program Files\VUGames\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4 -- (Sierra Entertainment, Inc.)
"C:\Program Files\VUGames\SWAT 4\Content\System\Swat4DedicatedServer.exe" = C:\Program Files\VUGames\SWAT 4\Content\System\Swat4DedicatedServer.exe:*:Enabled:Dedykowany serwer SWAT 4 -- (Sierra Entertainment, Inc.)
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Electronic Arts\Command & Conquer 3 Gniew Kane'a\RetailExe\1.0\cnc3ep1.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3 Gniew Kane'a\RetailExe\1.0\cnc3ep1.dat:*:Enabled:Command & Conquer(tm) 3: Gniew Kane'a -- (Electronic Arts Inc.)
"C:\Program Files\WaterProof\PHPEdit\2.12.0\Extensions\DBG\DbgListener.exe" = C:\Program Files\WaterProof\PHPEdit\2.12.0\Extensions\DBG\DbgListener.exe:*:Enabled:Listener for php debugger DBG -- (NuSphere Corp., http://www.nusphere.com)
"C:\Program Files\WaterProof\PHPEdit\2.12.0\PHPEdit.exe" = C:\Program Files\WaterProof\PHPEdit\2.12.0\PHPEdit.exe:*:Enabled:PHPEdit - The PHP IDE -- (PHPEdit project)
"C:\Program Files\VUGames\SWAT 4\ContentExpansion\System\Swat4X.exe" = C:\Program Files\VUGames\SWAT 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - Syndykat -- (Sierra Entertainment, Inc.)
"C:\Program Files\VUGames\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe" = C:\Program Files\VUGames\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:Dedykowany serwer SWAT 4 - Syndykat -- (Sierra Entertainment, Inc.)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\1.1 S\SWAT4\Content\System\Swat4.exe" = D:\Program Files\1.1 S\SWAT4\Content\System\Swat4.exe:*:Enabled:SWAT 4 -- (Sierra Entertainment, Inc.)
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe" = C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander -- (Gas Powered Games)
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander -- (Gas Powered Games)
"C:\Program Files\TmUnitedForever\TmForever.exe" = C:\Program Files\TmUnitedForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Program Files\Migajek Software\HateML\DbgListener\DbgListener.exe" = C:\Program Files\Migajek Software\HateML\DbgListener\DbgListener.exe:*:Enabled:Listener for php debugger DBG -- (NuSphere Corp., http://www.nusphere.com)
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)
"C:\Program Files\Codemasters\DiRT\DiRT.exe" = C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable -- (Codemasters)
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe" = C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited -- (Eden Games)
"C:\Documents and Settings\Jakub\Ustawienia lokalne\Dane aplikacji\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Jakub\Ustawienia lokalne\Dane aplikacji\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()
"C:\Program Files\Anno 1404\tools\Anno4Web.exe" = C:\Program Files\Anno 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web -- ()
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common
"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA (2720)
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D834635-CAC8-4938-BADF-6CFF1C33EFD5}" = Hex Workshop v5.1
"{3470101E-A698-4B27-9532-5528B02A5FE0}" = Alias SketchBook Pro 2.0
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software
"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation
"{4908C75E-E5E2-43F7-B1DF-023CBA831045}" = Nero 7 Premium
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.3
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6DE46C58-4440-468b-8120-9DCCEDF41AE4}" = PHPEdit 2.12.0
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0520.1
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90170415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AB3F9176-E74A-4F28-9A09-4F22349B145E}" = livebox tp
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish
"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Gniew Kane'a
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Narodziny Imperium
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DED9407B-7104-4AD3-BC2D-97A35F015BA1}" = SWAT 4 - Syndykat
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4851D03-553C-4ACE-ADBD-CA6BE8451072}" = Singles2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3
"Aleo Flash Intro Banner Maker_is1" = Aleo Flash Intro Banner Maker 3.1
"All ATI Software" = ATI - Software Uninstall Utility
"Anno 1404_is1" = Anno 1404 v1.0 Eng
"Artisteer 2" = Artisteer 2
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Browser Defender_is1" = Browser Defender 2.0.6.10
"Cities XL" = Cities XL
"ClassicPro" = ClassicPro© v1.11
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Football Manager 2010" = Football Manager 2010
"HateML_is1" = HateML 1.1 build 05
"HijackThis" = HijackThis 2.0.2
"IconPackager" = IconPackager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"LetsFun FLV Converter_is1" = LetsFun FLV Converter V6.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"PictureItSuite_v11" = Microsoft Digital Image Suite 2006
"PremiumSoft Navicat 8.0 Lite for MySQL_is1" = PremiumSoft Navicat 8.0 Lite for MySQL
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.0
"Restorator2007PL_is1" = Restorator 2007 PL
"Spyware Doctor" = Spyware Doctor 7.0
"Swat4 TSS Dedicated server setup" = Swat4 TSS Dedicated server setup
"SysInfo" = Creative System Information
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TeamViewer 4" = TeamViewer 4
"TmUnited_is1" = TrackMania United 0.2.0.8
"TmUnitedForever_is1" = TmUnitedForever
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"Totalcmd" = Total Commander (Remove or Repair)
"Tropico3" = Tropico 3 1.00
"UAC SWAT4 version" = UAC SWAT4 version
"USB/PS2 Vibration Pad" = USB/PS2 Vibration Pad
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinPcapInst" = WinPcap 2.3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Folder Lock" = Folder Lock
"FolderLock6" = Folder Lock
"Web Button Maker Deluxe" = Web Button Maker Deluxe
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[Application Events]
Error - 2009-11-12 11:23:33 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-13 15:17:41 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-15 08:39:16 | Computer Name = UMERSKI | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1356.0, moduł powodujący
błąd mfc71.dll, wersja 7.10.3077.0, adres błędu 0x00028f1d.
Error - 2009-11-15 08:39:20 | Computer Name = UMERSKI | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1356.0, moduł powodujący
błąd mfc71.dll, wersja 7.10.3077.0, adres błędu 0x00028f1d.
Error - 2009-11-15 08:39:21 | Computer Name = UMERSKI | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1356.0, moduł powodujący
błąd mfc71.dll, wersja 7.10.3077.0, adres błędu 0x00028f1d.
Error - 2009-11-15 08:39:22 | Computer Name = UMERSKI | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1356.0, moduł powodujący
błąd mfc71.dll, wersja 7.10.3077.0, adres błędu 0x00028f1d.
Error - 2009-11-19 07:14:54 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-19 07:14:54 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-21 08:41:30 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-22 06:44:57 | Computer Name = UMERSKI | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd TFService.exe, wersja 4.9.10.8, moduł powodujący
błąd msvcr80.dll, wersja 8.0.50727.4053, adres błędu 0x000173d0.
[OSession Events]
Error - 2009-01-25 11:40:26 | Computer Name = UMERSKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2009-03-28 09:59:01 | Computer Name = UMERSKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1175 seconds with 60 seconds of active time. This session ended with a crash.
[System Events]
Error - 2009-11-22 05:32:22 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Beep
Error - 2009-11-22 06:44:53 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7034
Description = Usługa PC Tools Security Service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.
Error - 2009-11-22 06:45:04 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7034
Description = Usługa ThreatFire niespodziewanie zakończyła pracę. Wystąpiło to razy:
1.
Error - 2009-11-22 06:50:33 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7034
Description = Usługa PC Tools Security Service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 2.
Error - 2009-11-22 07:00:28 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą PEVSystemStart.
Error - 2009-11-22 07:00:28 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Aktualizacje automatyczne z powodu następującego
błędu: %%2
Error - 2009-11-22 07:00:28 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Beep
Error - 2009-11-22 07:01:48 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą PEVSystemStart.
Error - 2009-11-22 07:01:48 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Aktualizacje automatyczne z powodu następującego
błędu: %%2
Error - 2009-11-22 07:01:48 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Beep
< End of report >
GMER Log:
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-22 15:16:05
Windows 5.1.2600 Dodatek Service Pack 3
Running: 0mxzhgvi.exe; Driver: C:\DOCUME~1\Jakub\USTAWI~1\Temp\kftdapob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile [0xBA3DC36A]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xB9EA9A1C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9EBECDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9EBEECE]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xB9EA9C10]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xB9EA9CB6]
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile [0xBA3DCCD8]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xB9EA990C]
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile [0xBA3DC842]
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess [0xBA3D91E0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EDED30]
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile [0xBA3DD142]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xB9EA9E52]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xB9EABB30]
Code \??\C:\DOCUME~1\Jakub\USTAWI~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
.xreloc C:\WINDOWS\system32\drivers\ps6ah4nb.sys unknown last section [0xB9F46000, 0x99C, 0x40000040]
.xreloc C:\WINDOWS\system32\drivers\ps6ah4nb.sys unknown last section [0xB9F46000, 0x99C, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9720000, 0x21F557, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9720000, 0x21F557, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA4A82300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA4A82300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3C0300, 0x1B7E, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3C0300, 0x1B7E, 0xE8000020]
? C:\DOCUME~1\Jakub\USTAWI~1\Temp\catchme.sys Nie można odnaleźć określonego pliku. !
? C:\DOCUME~1\Jakub\USTAWI~1\Temp\catchme.sys Nie można odnaleźć określonego pliku. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
Device \Driver\USB_RNDIS \Device\{85F41E83-4944-49B4-93FC-F44FCB2B159C} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0xF8 0x84 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x84 0x94 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x70 0x84 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4B 0x74 0xD6 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0xF8 0x84 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x84 0x94 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x70 0x84 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4B 0x74 0xD6 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0xF8 0x84 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x84 0x94 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x70 0x84 0x23 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4B 0x74 0xD6 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0xF8 0x84 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x84 0x94 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x70 0x84 0x23 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4B 0x74 0xD6 0xFE ...Nie wklejaj logów na forum, tylko na wklej.org lub wklej.to.
Z OTL-a wstawiłeś nie ten log co trzeba.
Potrzebny mi jest ten drugi (OTL.txt).
W białe dolne okno Custom Scans/Fixes w OTL wklej:
Run Fix. Restart, jeśli będzie potrzebny.
Potem log z usuwania oraz nowy log robiony opcją Run Scan.
Log z usuwania:
Nowy log ( po restarcie systemu ):
Nic już nie ma.
W OTL kliknij CleanUp.
Wykonaj pełny skan Malwarebytes’ Anti-Malware - znalezione obiekty usuń.
Gdy będą wirusy pokaż raport po usuwaniu.
Wyczyść rejestr i dysk CCleaner.
Usuń zbędniki z autostartu.
Malwarebytes’ Anti-Malware
Wersja którą podałeś wymaga zakupu aby móc skorzystać z opcji “Usuń”.
Zaraz będe czyścił CCleanerem.
To jest darmowy skaner, płatna w nim jest tylko ochrona rzeczywista.
Znalezione obiekty usuń.