12 Sty 2012, 16:54
12 Sty 2012, 16:58
12 Sty 2012, 19:36
13 Sty 2012, 15:24
Ewentualnie możesz spróbować na innej przeglądarce i zobaczysz czy problem się powtarza. Jeżeli tak oznacza to, że błąd jest w systemie a nie samej przeglądarce.
13 Sty 2012, 15:36
13 Sty 2012, 15:42
13 Sty 2012, 15:58
13 Sty 2012, 16:14
13 Sty 2012, 16:30
13 Sty 2012, 16:57
14 Sty 2012, 17:18
OTL logfile created on: 2012-01-14 15:52:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\instal\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
893,48 Mb Total Physical Memory | 285,81 Mb Available Physical Memory | 31,99% Memory free
2,11 Gb Paging File | 1,60 Gb Available in Paging File | 75,74% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 67,60 Gb Free Space | 69,22% Space Free | Partition Type: NTFS
Drive D: | 135,22 Gb Total Space | 96,73 Gb Free Space | 71,54% Space Free | Partition Type: NTFS
Computer Name: PORADNIA | User Name: instal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012-01-14 15:49:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\instal\Pulpit\OTL.exe
PRC - [2012-01-05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2012-01-03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011-08-10 21:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2009-01-26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-06-25 07:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007-06-25 07:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012-01-05 10:48:44 | 000,411,120 | ---- | M] () -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012-01-05 10:48:43 | 003,767,792 | ---- | M] () -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012-01-05 10:47:19 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012-01-05 10:47:18 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012-01-05 10:47:17 | 001,746,432 | ---- | M] () -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012-01-05 08:06:01 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2007-10-04 17:14:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- -- (Hamachi2Svc)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Usługa Google Update (gupdate)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-08-10 21:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011-03-01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010-09-10 16:50:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007-06-25 07:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011-12-30 11:23:12 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-12-29 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120113.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2011-12-29 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011-12-29 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120113.025\NAVENG.SYS -- (NAVENG)
DRV - [2011-12-28 18:35:30 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120113.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011-12-01 03:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011-11-09 19:08:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011-11-04 13:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011-09-27 01:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011-08-09 00:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011-08-03 03:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011-08-03 03:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011-07-26 03:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011-07-26 03:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2011-07-25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011-06-12 10:00:24 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011-01-28 22:04:03 | 000,016,512 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007-11-10 03:20:02 | 000,029,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2007-09-20 19:07:40 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007-09-20 19:07:38 | 000,053,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007-09-19 10:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-06-25 07:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007-06-25 07:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007-06-25 07:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-08-08 13:44:04 | 000,006,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MouseCap.sys -- (MouseCap)
DRV - [2005-08-06 14:13:12 | 000,009,661 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Moufiltr.sys -- (Moufiltr)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\giveio.sys -- (giveio)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.selectedEngine: "Google PL"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011-12-31 11:13:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012-01-14 15:47:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-13 15:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-13 16:25:16 | 000,000,000 | ---D | M]
[2011-02-03 17:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\instal\Dane aplikacji\Mozilla\Extensions
[2012-01-11 12:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\instal\Dane aplikacji\Mozilla\Firefox\Profiles\vtb93ui8.default\extensions
[2011-12-13 15:42:10 | 000,000,000 | ---D | M] (My-Translator) -- C:\Documents and Settings\instal\Dane aplikacji\Mozilla\Firefox\Profiles\vtb93ui8.default\extensions\[email protected]
[2011-09-04 11:31:56 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\instal\Dane aplikacji\Mozilla\Firefox\Profiles\vtb93ui8.default\searchplugins\google-pl-en-pl.xml
[2011-09-04 11:34:33 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\instal\Dane aplikacji\Mozilla\Firefox\Profiles\vtb93ui8.default\searchplugins\google-pl.xml
[2011-09-04 11:33:06 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\instal\Dane aplikacji\Mozilla\Firefox\Profiles\vtb93ui8.default\searchplugins\googletranslate.xml
[2011-08-21 17:26:48 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\instal\Dane aplikacji\Mozilla\Firefox\Profiles\vtb93ui8.default\searchplugins\wrzutapl.xml
[2012-01-13 15:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-12-31 11:13:22 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
[2011-12-11 14:38:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-12-21 09:04:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-12-11 14:38:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-12-21 06:04:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-12-21 06:04:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-12-21 06:04:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-12-21 06:04:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-12-21 06:04:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-12-21 06:04:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2011-08-09 19:33:56 | 000,000,752 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost 127.0.0.1
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\instal\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\..\Toolbar\WebBrowser: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] "C:\Documents and Settings\instal\Pulpit\Stivi server\hamachi-2-ui.exe" --auto-start File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKU\S-1-5-21-1547161642-1897051121-839522115-1006..\Run: [MediaGet2] C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\MediaGet2\mediaget.exe --minimized File not found
O4 - HKU\S-1-5-21-1547161642-1897051121-839522115-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1897051121-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: ????3?? - Reg Error: Value error. File not found
O8 - Extra context menu item: ????3?????? - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\instal\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download ALL with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\instal\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Download remotely with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\instal\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\instal\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296249488513 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296250308453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7671B43E-56A6-4A65-A91B-EA3F8EB9AC59}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-01-28 21:45:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012-01-14 15:49:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\instal\Pulpit\OTL.exe
[2012-01-13 16:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Moje dokumenty
[2012-01-13 15:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Menu Start\Programy\Revo Uninstaller
[2012-01-13 15:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012-01-13 14:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Menu Start\Programy\Google Chrome
[2012-01-11 12:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012-01-11 12:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\AskToolbar
[2012-01-11 12:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PC FORMAT
[2012-01-07 19:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Picasa 3
[2011-12-31 18:28:09 | 000,000,000 | ---D | C] -- C:\Downloads
[2011-12-31 18:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Dane aplikacji\Internet Download Accelerator
[2011-12-31 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\IDA
[2011-12-31 18:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2011-12-31 17:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Dane aplikacji\BITS
[2011-12-31 17:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Dane aplikacji\FlashGet
[2011-12-31 17:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Dane aplikacji\FlashGetBHO
[2011-12-31 14:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Dane aplikacji\Toolbar4
[2011-12-31 14:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\DealBulldog Toolbar
[2011-12-31 14:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HyperCam 2
[2011-12-31 14:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2
[2011-12-31 14:01:31 | 000,000,000 | ---D | C] -- D:\Moje dokumenty\Custom Production Presets 7.0
[2011-12-31 14:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Camtasia Studio 7
[2011-12-31 14:00:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011-12-31 14:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011-12-31 14:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Camtasia Studio 7
[2011-12-31 11:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Menu Start\Programy\Yacc Yet Another CSO Compressor
[2011-12-31 11:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yacc Yet Another CSO Compressor
[2011-12-31 11:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Pulpit\Tekken
[2011-12-30 11:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Menu Start\Programy\Norton
[2011-12-30 11:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Norton
[2011-12-30 11:02:29 | 000,815,072 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\instal\Pulpit\NISDownloader.exe
[2011-12-30 10:58:17 | 000,770,776 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\instal\Pulpit\AutoDetectPkg.exe
[2011-12-29 15:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Pulpit\PSX2PSP
[2011-12-29 12:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Pulpit\Colin McRae Rally 2.0 (E) [SLES-02605]
[2011-12-29 11:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Pulpit\Multi
[2011-12-28 15:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Pulpit\973_PsGUI221beta
[2011-12-21 01:02:26 | 004,448,256 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011-12-20 14:57:22 | 000,309,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2011-12-20 14:57:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2011-12-19 19:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2011-12-19 19:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2011-12-19 19:33:30 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2011-12-16 13:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\instal\Menu Start\Programy\Fraps
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012-01-14 15:55:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-01-14 15:50:17 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\instal\Pulpit\gmer.zip
[2012-01-14 15:49:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\instal\Pulpit\OTL.exe
[2012-01-14 15:46:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-01-14 14:47:09 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2012-01-14 12:37:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1897051121-839522115-1006UA.job
[2012-01-13 16:25:17 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2012-01-13 15:17:10 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2012-01-13 14:37:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1897051121-839522115-1006Core.job
[2012-01-13 14:34:08 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\instal\Pulpit\Google Chrome.lnk
[2012-01-12 18:05:31 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\instal\Pulpit\E-mail.lnk
[2012-01-07 19:10:14 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Picasa 3.lnk
[2012-01-07 19:09:56 | 000,585,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011-12-31 18:28:00 | 000,001,502 | ---- | M] () -- C:\Documents and Settings\instal\Pulpit\Play!.lnk
[2011-12-31 18:00:29 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat
[2011-12-31 17:45:29 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI
[2011-12-31 16:06:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-12-31 14:56:12 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HyperCam 2.lnk
[2011-12-31 14:08:44 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-31 14:00:35 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Camtasia Studio 7.lnk
[2011-12-31 11:57:16 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\instal\Pulpit\Yacc.lnk
[2011-12-31 11:12:32 | 000,001,979 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Norton Internet Security.LNK
[2011-12-30 20:21:49 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011-12-30 11:29:06 | 000,515,660 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-12-30 11:29:06 | 000,455,376 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-12-30 11:29:06 | 000,095,664 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-12-30 11:29:06 | 000,075,350 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-12-30 11:26:23 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\instal\Pulpit\Pliki instalacyjne Norton.lnk
[2011-12-30 11:23:12 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011-12-30 11:23:12 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011-12-30 11:23:12 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011-12-30 11:23:12 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011-12-30 11:02:42 | 000,815,072 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\instal\Pulpit\NISDownloader.exe
[2011-12-30 10:58:27 | 000,770,776 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\instal\Pulpit\AutoDetectPkg.exe
[2011-12-28 14:24:52 | 000,194,885 | ---- | M] () -- C:\Documents and Settings\instal\Pulpit\hjsplit3.0.zip
[2011-12-27 20:10:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-12-21 01:02:26 | 004,448,256 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011-12-20 20:51:39 | 195,687,424 | ---- | M] () -- C:\Documents and Settings\instal\Pulpit\camtasia.msi
[2011-12-16 13:51:34 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\instal\Pulpit\Fraps.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012-01-14 15:50:19 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\gmer.zip
[2012-01-13 16:25:17 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader 9.lnk
[2012-01-13 16:25:17 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2012-01-13 15:17:10 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2012-01-13 15:17:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2012-01-13 14:34:08 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\Google Chrome.lnk
[2012-01-13 14:32:09 | 000,001,136 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1897051121-839522115-1006UA.job
[2012-01-13 14:32:09 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1897051121-839522115-1006Core.job
[2012-01-12 18:05:31 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\E-mail.lnk
[2012-01-11 12:15:51 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-01-07 19:10:14 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Picasa 3.lnk
[2011-12-31 18:28:00 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\Play!.lnk
[2011-12-31 17:54:08 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2011-12-31 17:45:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011-12-31 14:56:12 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HyperCam 2.lnk
[2011-12-31 14:00:34 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Camtasia Studio 7.lnk
[2011-12-31 12:50:51 | 000,378,368 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\cuemaker.exe
[2011-12-31 11:57:16 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\Yacc.lnk
[2011-12-30 11:04:36 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\Pliki instalacyjne Norton.lnk
[2011-12-28 14:24:48 | 000,194,885 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\hjsplit3.0.zip
[2011-12-20 20:37:46 | 195,687,424 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\camtasia.msi
[2011-12-16 13:51:34 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\instal\Pulpit\Fraps.lnk
[2011-11-26 11:17:36 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011-11-20 19:15:05 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini
[2011-11-19 19:57:41 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A7D20FE637.sys
[2011-11-19 19:57:33 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011-09-10 18:03:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011-08-28 10:36:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011-08-20 09:53:01 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2011-08-01 12:42:37 | 000,000,114 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2011-06-12 19:59:57 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011-06-12 19:59:57 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011-06-12 19:59:57 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011-06-09 10:06:18 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\instal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-05 14:42:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011-05-11 19:50:20 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011-03-01 16:29:14 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011-03-01 16:29:14 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011-02-07 19:23:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-01-29 09:57:01 | 000,000,959 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-01-28 23:02:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-01-28 22:30:26 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-01-28 22:29:28 | 000,122,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-01-28 22:11:51 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-01-28 21:46:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-01-28 21:43:02 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007-10-04 09:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-10-04 09:14:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007-10-04 09:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-10-04 09:14:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007-10-04 09:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-10-04 09:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-10-04 09:14:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007-10-04 09:14:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007-10-04 09:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-03-02 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006-03-02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006-03-02 13:00:00 | 000,515,660 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2006-03-02 13:00:00 | 000,455,376 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006-03-02 13:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2006-03-02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006-03-02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006-03-02 13:00:00 | 000,095,664 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2006-03-02 13:00:00 | 000,075,350 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006-03-02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006-03-02 13:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2006-03-02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006-03-02 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-03-02 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006-03-02 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006-03-02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005-08-30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005-08-30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005-08-30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2005-08-08 13:44:04 | 000,006,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\MouseCap.sys
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\giveio.sys
[color=#E56717]========== LOP Check ==========[/color]
[2012-01-08 12:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-02-10 12:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core
[2011-02-10 12:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2011-07-29 08:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2011-11-09 19:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files
[2011-05-14 10:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Solidshield
[2011-12-31 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TechSmith
[2012-01-01 16:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\.minecraft
[2011-12-12 17:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\advantage
[2011-12-31 18:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\BITS
[2011-08-30 11:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\Clickteam
[2011-08-30 11:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011-04-10 11:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\Cool Record Edit Pro
[2011-06-20 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\DAEMON Tools Lite
[2011-08-11 11:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\dp3d
[2011-06-27 14:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\fizzy
[2011-12-31 17:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\FlashGet
[2011-12-31 17:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\FlashGetBHO
[2011-04-10 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\Free Sound Recorder
[2011-06-11 10:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\gtk-2.0
[2011-12-31 18:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\Internet Download Accelerator
[2011-11-21 17:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\InterTrust
[2011-07-29 17:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\IObit
[2011-10-29 14:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\LolClient
[2011-10-29 12:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\Moje pliki Bitwy o Śródziemie™ II
[2011-02-08 09:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\OpenOffice.org
[2011-12-12 17:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\Rovio
[2011-12-31 14:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\Toolbar4
[2011-11-25 20:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\instal\Dane aplikacji\uTorrent
[2011-10-28 14:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laser_le\Dane aplikacji\.minecraft
[2011-10-25 15:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laser_le\Dane aplikacji\.minecraft_xray
[2011-09-19 10:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laser_le\Dane aplikacji\fltk.org
[2011-02-02 17:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laser_le\Dane aplikacji\OpenOffice.org
[2011-07-29 11:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laser_le\Dane aplikacji\TeamViewer
[2011-06-12 10:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oskar\Dane aplikacji\DAEMON Tools Lite
[2012-01-14 15:55:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
14 Sty 2012, 17:19
OTL Extras logfile created on: 2012-01-14 15:52:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\instal\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
893,48 Mb Total Physical Memory | 285,81 Mb Available Physical Memory | 31,99% Memory free
2,11 Gb Paging File | 1,60 Gb Available in Paging File | 75,74% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 67,60 Gb Free Space | 69,22% Space Free | Partition Type: NTFS
Drive D: | 135,22 Gb Total Space | 96,73 Gb Free Space | 71,54% Space Free | Partition Type: NTFS
Computer Name: PORADNIA | User Name: instal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1547161642-1897051121-839522115-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57091:TCP" = 57091:TCP:*:Enabled:Pando Media Booster
"57091:UDP" = 57091:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57091:TCP" = 57091:TCP:*:Enabled:Pando Media Booster
"57091:UDP" = 57091:UDP:*:Enabled:Pando Media Booster
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Bitwa o Śródziemie™ II
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F7D5734-056F-4A0A-A1C7-CA1AAE5BB1EB}" = Angry Birds
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Zwierzaki
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BAD4440-26D7-4A40-B844-066D2AF3550C}" = Colin McRae Rally 2005
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{901C0415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91C0B95B-B83A-4828-A775-BBE2DD421045}" = Nero 7 Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{D8A790CB-CF32-4135-AAAE-6BA5A75C5DBF}" = OSCAR Editor
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0 CE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Air Flashback_is1" = Air Flashback
"Amusive Checkers_is1" = Amusive Checkers
"Arkanoid Activation_is1" = Arkanoid Activation v1.0.7
"Colin McRae 2005 Polish language add-on" = Colin McRae 2005 Polish language add-on
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealBulldog Toolbar" = DealBulldog Toolbar
"DreamWorks Interactive: Neverhood" = The Neverhood
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FlashGet 3.7" = FlashGet 3.7
"FormatFactory" = FormatFactory 2.70
"Fraps" = Fraps (remove only)
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{D8A790CB-CF32-4135-AAAE-6BA5A75C5DBF}" = Anti-Vibrate Oscar Editor
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mad Tracks_is1" = Mad Tracks PL 1.2
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 pl)" = Mozilla Firefox 9.0.1 (x86 pl)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Polanie II" = Polanie II
"Revo Uninstaller" = Revo Uninstaller 1.93
"Słownik angielsko-polski_is1" = Słownik angielsko-polski wersja 2.25
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yacc" = Yacc 0.4.0.3
"Yahoo! Companion" = Yahoo! Companion
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-1547161642-1897051121-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = MyPlayCity Toolbar Updater
"Google Chrome" = Google Chrome
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2011-12-20 14:56:13 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd moviemk.exe, wersja 2.1.4028.0, moduł powodujący
błąd avisplitter.ax, wersja 1.3.1290.0, adres błędu 0x00023918.
Error - 2011-12-20 15:02:41 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd moviemk.exe, wersja 2.1.4028.0, moduł powodujący
błąd avisplitter.ax, wersja 1.3.1290.0, adres błędu 0x00023918.
Error - 2011-12-20 15:16:03 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd moviemk.exe, wersja 2.1.4028.0, moduł powodujący
błąd avisplitter.ax, wersja 1.3.1290.0, adres błędu 0x00023918.
Error - 2011-12-27 15:14:15 | Computer Name = PORADNIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.
Error - 2011-12-27 15:14:15 | Computer Name = PORADNIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Określony serwer nie może wykonać żądanej operacji.
Error - 2012-01-08 07:14:30 | Computer Name = PORADNIA | Source = Microsoft Management Console | ID = 1000
Description =
Error - 2012-01-12 11:29:18 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd stick soldiers ii.exe, wersja 1.0.0.1, moduł
powodujący błąd stick soldiers ii.exe, wersja 1.0.0.1, adres błędu 0x0000984c.
Error - 2012-01-12 11:29:58 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd stick soldiers ii.exe, wersja 1.0.0.1, moduł
powodujący błąd stick soldiers ii.exe, wersja 1.0.0.1, adres błędu 0x000097b9.
Error - 2012-01-12 11:30:26 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd stick soldiers ii.exe, wersja 1.0.0.1, moduł
powodujący błąd stick soldiers ii.exe, wersja 1.0.0.1, adres błędu 0x000097b9.
Error - 2012-01-12 11:30:47 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd stick soldiers ii.exe, wersja 1.0.0.1, moduł
powodujący błąd stick soldiers ii.exe, wersja 1.0.0.1, adres błędu 0x000097b9.
[ Application Events ]
Error - 2011-12-20 14:56:13 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd moviemk.exe, wersja 2.1.4028.0, moduł powodujący
błąd avisplitter.ax, wersja 1.3.1290.0, adres błędu 0x00023918.
Error - 2011-12-20 15:02:41 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd moviemk.exe, wersja 2.1.4028.0, moduł powodujący
błąd avisplitter.ax, wersja 1.3.1290.0, adres błędu 0x00023918.
Error - 2011-12-20 15:16:03 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd moviemk.exe, wersja 2.1.4028.0, moduł powodujący
błąd avisplitter.ax, wersja 1.3.1290.0, adres błędu 0x00023918.
Error - 2011-12-27 15:14:15 | Computer Name = PORADNIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.
Error - 2011-12-27 15:14:15 | Computer Name = PORADNIA | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Określony serwer nie może wykonać żądanej operacji.
Error - 2012-01-08 07:14:30 | Computer Name = PORADNIA | Source = Microsoft Management Console | ID = 1000
Description =
Error - 2012-01-12 11:29:18 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd stick soldiers ii.exe, wersja 1.0.0.1, moduł
powodujący błąd stick soldiers ii.exe, wersja 1.0.0.1, adres błędu 0x0000984c.
Error - 2012-01-12 11:29:58 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd stick soldiers ii.exe, wersja 1.0.0.1, moduł
powodujący błąd stick soldiers ii.exe, wersja 1.0.0.1, adres błędu 0x000097b9.
Error - 2012-01-12 11:30:26 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd stick soldiers ii.exe, wersja 1.0.0.1, moduł
powodujący błąd stick soldiers ii.exe, wersja 1.0.0.1, adres błędu 0x000097b9.
Error - 2012-01-12 11:30:47 | Computer Name = PORADNIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd stick soldiers ii.exe, wersja 1.0.0.1, moduł
powodujący błąd stick soldiers ii.exe, wersja 1.0.0.1, adres błędu 0x000097b9.
[ System Events ]
Error - 2012-01-13 14:59:59 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3
Error - 2012-01-13 14:59:59 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu
następującego błędu: %%3
Error - 2012-01-14 06:18:44 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3
Error - 2012-01-14 06:18:44 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu
następującego błędu: %%3
Error - 2012-01-14 07:34:43 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3
Error - 2012-01-14 07:34:43 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu
następującego błędu: %%3
Error - 2012-01-14 09:38:05 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3
Error - 2012-01-14 09:38:05 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu
następującego błędu: %%3
Error - 2012-01-14 10:46:56 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3
Error - 2012-01-14 10:46:56 | Computer Name = PORADNIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu
następującego błędu: %%3
< End of report >
14 Sty 2012, 17:19
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-14 16:42:23
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 WDC_WD2500AAKS-00VSA0 rev.01.01B01
Running: gmer.exe; Driver: C:\DOCUME~1\instal\USTAWI~1\Temp\pgldapoc.sys
---- System - GMER 1.0.15 ----
SSDT 8468A6D0 ZwAlertResumeThread
SSDT 8468D6D0 ZwAlertThread
SSDT 84681700 ZwAllocateVirtualMemory
SSDT 846746D0 ZwAssignProcessToJobObject
SSDT 852BD780 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF3570980]
SSDT 8465F700 ZwCreateMutant
SSDT 8464B700 ZwCreateSymbolicLinkObject
SSDT 846906F0 ZwCreateThread
SSDT 846766D0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF3570C00]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF3570F10]
SSDT 84686700 ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey [0xF72E80EE]
SSDT sptd.sys ZwEnumerateValueKey [0xF72E847C]
SSDT 8467B700 ZwFreeVirtualMemory
SSDT 846846D0 ZwImpersonateAnonymousToken
SSDT 846876D0 ZwImpersonateThread
SSDT 851DC750 ZwLoadDriver
SSDT 846786F0 ZwMapViewOfSection
SSDT 846826D0 ZwOpenEvent
SSDT sptd.sys ZwOpenKey [0xF72B39C0]
SSDT 8468C700 ZwOpenProcess
SSDT 846986D0 ZwOpenProcessToken
SSDT 8467C6D0 ZwOpenSection
SSDT 84689700 ZwOpenThread
SSDT 8464E700 ZwProtectVirtualMemory
SSDT sptd.sys ZwQueryKey [0xF72E8554]
SSDT sptd.sys ZwQueryValueKey [0xF72E83D4]
SSDT 846916D0 ZwResumeThread
SSDT 846966D0 ZwSetContextThread
SSDT 84673700 ZwSetInformationProcess
SSDT 846796D0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF3571160]
SSDT 8467F6D0 ZwSuspendProcess
SSDT 846936D0 ZwSuspendThread
SSDT 844787D8 ZwTerminateProcess
SSDT 846956D0 ZwTerminateThread
SSDT 846976D0 ZwUnmapViewOfSection
SSDT 8467E700 ZwWriteVirtualMemory
INT 0x83 ? 8562ACB8
INT 0x83 ? 8562ACB8
INT 0x83 ? 8562ACB8
INT 0xB4 ? 8532ECB8
---- Kernel code sections - GMER 1.0.15 ----
PAGE sptd.sys F72D7000 1 Byte [74]
PAGE sptd.sys F72D7004 5 Bytes [40, 73, 2D, F7, A3]
PAGE sptd.sys F72D700C 5 Bytes [50, 74, 2D, F7, 98]
PAGE sptd.sys F72D7014 5 Bytes [B8, 73, 2D, F7, 59] {MOV EAX, 0x59f72d73}
PAGE sptd.sys F72D701C 5 Bytes [78, 72, 2D, F7, 61]
PAGE ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF73510AD]
? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
? SYMDS.SYS Nie można odnaleźć określonego pliku. !
? SYMEFA.SYS Nie można odnaleźć określonego pliku. !
.text USBPORT.SYS!DllUnload F6AED8AC 5 Bytes JMP 8532E1C8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6327360, 0x307F47, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F727922E] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F727871C] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F7278F0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F727871C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7278910] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7278852] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72790EC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7278F0E] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 856291E8
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbohci \Device\USBPDO-0 8531B1E8
Device \Driver\usbehci \Device\USBPDO-1 853571E8
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Cdrom \Device\CdRom0 85361430
Device \Driver\atapi \Device\Ide\IdePort0 [F71F0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71F0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-6 [F71F0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F71F0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-e [F71F0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F71F0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 842211E8
Device \Driver\NetBT \Device\NetbiosSmb 842211E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7671B43E-56A6-4A65-A91B-EA3F8EB9AC59} 842211E8
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbohci \Device\USBFDO-0 8531B1E8
Device \Driver\usbehci \Device\USBFDO-1 853571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 842111E8
Device 842111E8
Device \FileSystem\Cdfs \Cdfs 841611E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Gry\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1E 0x69 0xBE 0x03 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0xC3 0xDD 0x22 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF3 0x23 0x31 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Gry\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0xBD 0x27 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0xC3 0xDD 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x2A 0xA7 0xF5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Gry\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0xBD 0x27 0x1B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0xC3 0xDD 0x22 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x2A 0xA7 0xF5 ...
---- EOF - GMER 1.0.15 ----
14 Sty 2012, 18:27