Ciągle wirusy


(Iksremu) #1

Witam !

Mój problem dotyczy ciągle pojawiających się wirusów na komputerze. Uruchamiam antyvirus robię skan usuwa wszystko co znajdzie i jest wszystko dobrze aż do ponownego uruchomienia pcta bo wtedy wirusy znowu się pokazują.

Oto mój log:

http://wklej.org/id/212530/


(deFco247) #2

Pokaż logi:

:arrow: OTL

Przestawiasz w nim Processes i Modules na All oraz wklejasz w dolne białe okienko Custom Scans/Fixes :

Klikasz Run Scan.

:arrow: GMER

W GMER nic nie zmieniamy -> wciskamy Szukaj (skan potrwa kilkadziesiąt minut) -> po skanie Kopiuj.

W przypadku restartu w czasie skanowania odznacz Urządzenia.

:arrow: System Repair Engineer


(Iksremu) #3

OTL Log:

OTL Extras logfile created on: 2009-11-22 12:19:35 - Run 1

OTL by OldTimer - Version 3.1.6.3 Folder = C:\Documents and Settings\Jakub\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465,75 Gb Total Space | 296,43 Gb Free Space | 63,65% Space Free | Partition Type: NTFS

Drive D: | 74,52 Gb Total Space | 14,77 Gb Free Space | 19,82% Space Free | Partition Type: NTFS

Drive E: | 575,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: UMERSKI

Current User Name: Jakub

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found


[HKEY_CURRENT_USER\SOFTWARE\Classes\]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DoNotAllowExceptions" = 0

"EnableFirewall" = 1

"DisableNotifications" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"8461:TCP" = 8461:TCP:*:Enabled:GoD High Port

"8462:TCP" = 8462:TCP:*:Enabled:GoD Low Port

"10480:TCP" = 10480:TCP:*:Enabled:SWAT4

"10480:UDP" = 10480:UDP:*:Enabled:SWAT4

"10482:TCP" = 10482:TCP:*:Enabled:SWAT4

"10482:UDP" = 10482:UDP:*:Enabled:SWAT4

"10483:TCP" = 10483:TCP:*:Enabled:SWAT4

"10483:UDP" = 10483:UDP:*:Enabled:SWAT4


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()

"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()

"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)

"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- ()

"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)

"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)

"C:\Program Files\Autodesk\backburner\monitor.exe" = C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)

"C:\Program Files\Autodesk\backburner\manager.exe" = C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)

"C:\Program Files\Autodesk\backburner\server.exe" = C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)

"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat:*:Enabled:Command & Conquer 3 Wojny o tyberium(tm) -- (Electronic Arts Inc.)

"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)

"D:\Program Files\1.0 S\SWAT 4\Content\System\Swat4.exe" = D:\Program Files\1.0 S\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4 -- (Sierra Entertainment, Inc.)

"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()

"C:\Program Files\Ubisoft\THE SETTLERS - Narodziny Imperium\base\bin\Settlers6.exe" = C:\Program Files\Ubisoft\THE SETTLERS - Narodziny Imperium\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Narodziny Imperium -- (Blue Byte GmbH)

"C:\Program Files\VUGames\SWAT 4\Content\System\Swat4.exe" = C:\Program Files\VUGames\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4 -- (Sierra Entertainment, Inc.)

"C:\Program Files\VUGames\SWAT 4\Content\System\Swat4DedicatedServer.exe" = C:\Program Files\VUGames\SWAT 4\Content\System\Swat4DedicatedServer.exe:*:Enabled:Dedykowany serwer SWAT 4 -- (Sierra Entertainment, Inc.)

"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)

"C:\Program Files\Electronic Arts\Command & Conquer 3 Gniew Kane'a\RetailExe\1.0\cnc3ep1.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3 Gniew Kane'a\RetailExe\1.0\cnc3ep1.dat:*:Enabled:Command & Conquer(tm) 3: Gniew Kane'a -- (Electronic Arts Inc.)

"C:\Program Files\WaterProof\PHPEdit\2.12.0\Extensions\DBG\DbgListener.exe" = C:\Program Files\WaterProof\PHPEdit\2.12.0\Extensions\DBG\DbgListener.exe:*:Enabled:Listener for php debugger DBG -- (NuSphere Corp., http://www.nusphere.com)

"C:\Program Files\WaterProof\PHPEdit\2.12.0\PHPEdit.exe" = C:\Program Files\WaterProof\PHPEdit\2.12.0\PHPEdit.exe:*:Enabled:PHPEdit - The PHP IDE -- (PHPEdit project)

"C:\Program Files\VUGames\SWAT 4\ContentExpansion\System\Swat4X.exe" = C:\Program Files\VUGames\SWAT 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - Syndykat -- (Sierra Entertainment, Inc.)

"C:\Program Files\VUGames\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe" = C:\Program Files\VUGames\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:Dedykowany serwer SWAT 4 - Syndykat -- (Sierra Entertainment, Inc.)

"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)

"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"D:\Program Files\1.1 S\SWAT4\Content\System\Swat4.exe" = D:\Program Files\1.1 S\SWAT4\Content\System\Swat4.exe:*:Enabled:SWAT 4 -- (Sierra Entertainment, Inc.)

"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)

"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)

"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)

"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)

"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)

"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)

"C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe" = C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander -- (Gas Powered Games)

"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander -- (Gas Powered Games)

"C:\Program Files\TmUnitedForever\TmForever.exe" = C:\Program Files\TmUnitedForever\TmForever.exe:*:Enabled:TmForever -- ()

"C:\Program Files\Migajek Software\HateML\DbgListener\DbgListener.exe" = C:\Program Files\Migajek Software\HateML\DbgListener\DbgListener.exe:*:Enabled:Listener for php debugger DBG -- (NuSphere Corp., http://www.nusphere.com)

"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)

"C:\Program Files\Codemasters\DiRT\DiRT.exe" = C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable -- (Codemasters)

"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe" = C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited -- (Eden Games)

"C:\Documents and Settings\Jakub\Ustawienia lokalne\Dane aplikacji\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Jakub\Ustawienia lokalne\Dane aplikacji\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()

"C:\Program Files\Anno 1404\tools\Anno4Web.exe" = C:\Program Files\Anno 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web -- ()

"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club

"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common

"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility

"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA (2720)

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK

"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8

"{2D834635-CAC8-4938-BADF-6CFF1C33EFD5}" = Hex Workshop v5.1

"{3470101E-A698-4B27-9532-5528B02A5FE0}" = Alias SketchBook Pro 2.0

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager

"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner

"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0

"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software

"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation

"{4908C75E-E5E2-43F7-B1DF-023CBA831045}" = Nero 7 Premium

"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 

"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0

"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT

"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.3 

"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK

"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor

"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings

"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New

"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3

"{6DE46C58-4440-468b-8120-9DCCEDF41AE4}" = PHPEdit 2.12.0

"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7

"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25

"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3

"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2

"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0520.1

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder

"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light

"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes

"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90170415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk

"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009

"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition

"{AB3F9176-E74A-4F28-9A09-4F22349B145E}" = livebox tp

"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish

"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup

"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Gniew Kane'a

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Narodziny Imperium

"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3

"{DED9407B-7104-4AD3-BC2D-97A35F015BA1}" = SWAT 4 - Syndykat

"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4851D03-553C-4ACE-ADBD-CA6BE8451072}" = Singles2

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3

"Aleo Flash Intro Banner Maker_is1" = Aleo Flash Intro Banner Maker 3.1

"All ATI Software" = ATI - Software Uninstall Utility

"Anno 1404_is1" = Anno 1404 v1.0 Eng

"Artisteer 2" = Artisteer 2

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"Browser Defender_is1" = Browser Defender 2.0.6.10

"Cities XL" = Cities XL

"ClassicPro" = ClassicPro© v1.11

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Football Manager 2010" = Football Manager 2010

"HateML_is1" = HateML 1.1 build 05

"HijackThis" = HijackThis 2.0.2

"IconPackager" = IconPackager

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)

"LetsFun FLV Converter_is1" = LetsFun FLV Converter V6.0

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nowe Gadu-Gadu" = Nowe Gadu-Gadu

"PictureItSuite_v11" = Microsoft Digital Image Suite 2006

"PremiumSoft Navicat 8.0 Lite for MySQL_is1" = PremiumSoft Navicat 8.0 Lite for MySQL

"PunkBusterSvc" = PunkBuster Services

"RealAlt_is1" = Real Alternative 2.0.0

"Restorator2007PL_is1" = Restorator 2007 PL

"Spyware Doctor" = Spyware Doctor 7.0

"Swat4 TSS Dedicated server setup" = Swat4 TSS Dedicated server setup

"SysInfo" = Creative System Information

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2

"TeamViewer 4" = TeamViewer 4

"TmUnited_is1" = TrackMania United 0.2.0.8

"TmUnitedForever_is1" = TmUnitedForever

"Total Video Converter 3.02_is1" = Total Video Converter 3.02

"Totalcmd" = Total Commander (Remove or Repair)

"Tropico3" = Tropico 3 1.00

"UAC SWAT4 version" = UAC SWAT4 version

"USB/PS2 Vibration Pad" = USB/PS2 Vibration Pad

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinGimp-2.0_is1" = GIMP 2.4.6

"WinPcapInst" = WinPcap 2.3

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0


[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Folder Lock" = Folder Lock

"FolderLock6" = Folder Lock

"Web Button Maker Deluxe" = Web Button Maker Deluxe


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[Application Events]

Error - 2009-11-12 11:23:33 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-13 15:17:41 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-15 08:39:16 | Computer Name = UMERSKI | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1356.0, moduł powodujący

 błąd mfc71.dll, wersja 7.10.3077.0, adres błędu 0x00028f1d.


Error - 2009-11-15 08:39:20 | Computer Name = UMERSKI | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1356.0, moduł powodujący

 błąd mfc71.dll, wersja 7.10.3077.0, adres błędu 0x00028f1d.


Error - 2009-11-15 08:39:21 | Computer Name = UMERSKI | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1356.0, moduł powodujący

 błąd mfc71.dll, wersja 7.10.3077.0, adres błędu 0x00028f1d.


Error - 2009-11-15 08:39:22 | Computer Name = UMERSKI | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1356.0, moduł powodujący

 błąd mfc71.dll, wersja 7.10.3077.0, adres błędu 0x00028f1d.


Error - 2009-11-19 07:14:54 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-19 07:14:54 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-21 08:41:30 | Computer Name = UMERSKI | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca swdoctor.exe, wersja 4.0.0.2618, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2009-11-22 06:44:57 | Computer Name = UMERSKI | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd TFService.exe, wersja 4.9.10.8, moduł powodujący

 błąd msvcr80.dll, wersja 8.0.50727.4053, adres błędu 0x000173d0.


[OSession Events]

Error - 2009-01-25 11:40:26 | Computer Name = UMERSKI | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0

 seconds with 0 seconds of active time. This session ended with a crash.


Error - 2009-03-28 09:59:01 | Computer Name = UMERSKI | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 

lasted 1175 seconds with 60 seconds of active time. This session ended with a crash.


[System Events]

Error - 2009-11-22 05:32:22 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego 

lub systemowego: Beep


Error - 2009-11-22 06:44:53 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7034

Description = Usługa PC Tools Security Service niespodziewanie zakończyła pracę.

 Wystąpiło to razy: 1.


Error - 2009-11-22 06:45:04 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7034

Description = Usługa ThreatFire niespodziewanie zakończyła pracę. Wystąpiło to razy:

 1.


Error - 2009-11-22 06:50:33 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7034

Description = Usługa PC Tools Security Service niespodziewanie zakończyła pracę.

 Wystąpiło to razy: 2.


Error - 2009-11-22 07:00:28 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

 z usługą PEVSystemStart.


Error - 2009-11-22 07:00:28 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Aktualizacje automatyczne z powodu następującego

 błędu: %%2


Error - 2009-11-22 07:00:28 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego 

lub systemowego: Beep


Error - 2009-11-22 07:01:48 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

 z usługą PEVSystemStart.


Error - 2009-11-22 07:01:48 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Aktualizacje automatyczne z powodu następującego

 błędu: %%2


Error - 2009-11-22 07:01:48 | Computer Name = UMERSKI | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego 

lub systemowego: Beep



< End of report >

GMER Log:

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-11-22 15:16:05

Windows 5.1.2600 Dodatek Service Pack 3

Running: 0mxzhgvi.exe; Driver: C:\DOCUME~1\Jakub\USTAWI~1\Temp\kftdapob.sys



---- System - GMER 1.0.15 ----


SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile [0xBA3DC36A]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xB9EA9A1C]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9EBECDC]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9EBEECE]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xB9EA9C10]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xB9EA9CB6]

SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile [0xBA3DCCD8]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xB9EA990C]

SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile [0xBA3DC842]

SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess [0xBA3D91E0]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EDED30]

SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile [0xBA3DD142]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xB9EA9E52]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xB9EABB30]


Code \??\C:\DOCUME~1\Jakub\USTAWI~1\Temp\catchme.sys pIofCallDriver


---- Kernel code sections - GMER 1.0.15 ----


.xreloc C:\WINDOWS\system32\drivers\ps6ah4nb.sys unknown last section [0xB9F46000, 0x99C, 0x40000040]

.xreloc C:\WINDOWS\system32\drivers\ps6ah4nb.sys unknown last section [0xB9F46000, 0x99C, 0x40000040]

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9720000, 0x21F557, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9720000, 0x21F557, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA4A82300, 0x3AE88, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA4A82300, 0x3AE88, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3C0300, 0x1B7E, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3C0300, 0x1B7E, 0xE8000020]

? C:\DOCUME~1\Jakub\USTAWI~1\Temp\catchme.sys Nie można odnaleźć określonego pliku. !

? C:\DOCUME~1\Jakub\USTAWI~1\Temp\catchme.sys Nie można odnaleźć określonego pliku. !

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. !

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. !


---- Devices - GMER 1.0.15 ----


AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)


Device \Driver\USB_RNDIS \Device\{85F41E83-4944-49B4-93FC-F44FCB2B159C} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation)


AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)


---- Registry - GMER 1.0.15 ----


Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0xF8 0x84 0xF1 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x84 0x94 0xE6 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x70 0x84 0x23 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4B 0x74 0xD6 0xFE ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0xF8 0x84 0xF1 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x84 0x94 0xE6 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x70 0x84 0x23 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4B 0x74 0xD6 0xFE ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0xF8 0x84 0xF1 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x84 0x94 0xE6 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x70 0x84 0x23 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4B 0x74 0xD6 0xFE ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x45 0xF8 0x84 0xF1 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x84 0x94 0xE6 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x70 0x84 0x23 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4B 0x74 0xD6 0xFE ...

(deFco247) #4

Nie wklejaj logów na forum, tylko na wklej.org lub wklej.to.

Z OTL-a wstawiłeś nie ten log co trzeba.

Potrzebny mi jest ten drugi (OTL.txt).


(Iksremu) #5

Skopiowane z pliku OTL.txt

http://wklej.org/id/212916/


(deFco247) #6

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.


(Iksremu) #7

Log z usuwania:

http://wklej.org/id/212950/

Nowy log ( po restarcie systemu ):

http://wklej.org/id/212953/


(deFco247) #8

Nic już nie ma.

W OTL kliknij CleanUp.

Wykonaj pełny skan Malwarebytes' Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport po usuwaniu.

Wyczyść rejestr i dysk CCleaner.

Usuń zbędniki z autostartu.


(Iksremu) #9

Malwarebytes' Anti-Malware

http://wklej.org/id/213102/

Wersja którą podałeś wymaga zakupu aby móc skorzystać z opcji "Usuń".

Zaraz będe czyścił CCleanerem.


(deFco247) #10

To jest darmowy skaner, płatna w nim jest tylko ochrona rzeczywista.

Znalezione obiekty usuń.