Magg66 utworzono 6 października 2009 utworzono 6 października 2009 Witam, miałem jakiegoś wirusa którego avast niby usunął ale teraz jak chce wejść na dysk to włącza się okno uruchom za pomocą. W związku z tym proszę o sprawdzenie logów: OTL: [log]OTL logfile created on: 2009-10-06 13:43:54 - Run 1 OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Magg\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,62% Memory free 3,85 Gb Paging File | 3,30 Gb Available in Paging File | 85,68% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,78 Gb Total Space | 1,37 Gb Free Space | 4,59% Space Free | Partition Type: NTFS Drive D: | 156,52 Gb Total Space | 138,21 Gb Free Space | 88,31% Space Free | Partition Type: NTFS Drive E: | 186,30 Gb Total Space | 48,90 Gb Free Space | 26,25% Space Free | Partition Type: NTFS Drive F: | 2,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 931,51 Gb Total Space | 168,44 Gb Free Space | 18,08% Space Free | Partition Type: NTFS Computer Name: LAPTOP Current User Name: Magg Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2008-04-14 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-09-23 18:55:23 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe PRC - [2009-06-05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2007-09-23 19:27:16 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2007-11-11 19:51:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2007-02-25 21:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-02-05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2007-09-23 18:40:33 | 16,384,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2007-09-23 18:49:23 | 00,888,832 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2006-04-12 16:31:20 | 00,638,976 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe PRC - [2007-06-01 05:40:54 | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe PRC - [2006-02-09 13:47:08 | 00,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe PRC - [2005-12-27 13:06:32 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TDispVol.exe PRC - [2005-06-06 09:58:44 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\ZoomingHook.exe PRC - [2007-09-23 18:49:22 | 00,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2006-02-19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe PRC - [2006-10-27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-06-05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2005-04-11 11:26:06 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe PRC - [2007-07-09 09:39:12 | 02,119,104 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2009-04-23 15:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2007-05-22 16:57:26 | 02,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2006-02-19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2009-06-05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2007-02-27 20:21:10 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2006-01-23 23:14:10 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2007-04-26 14:53:38 | 00,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2006-02-19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe PRC - [2009-09-12 13:32:43 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-10-06 13:37:35 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magg\Desktop\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2007-09-23 18:55:23 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running]) SRV - [2009-06-05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2007-09-23 19:27:16 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-04-14 14:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2009-06-05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007-11-11 19:51:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped]) SRV - [2007-02-25 21:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running]) SRV - [2006-10-18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2007-09-23 18:55:23 | 01,161,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-02-05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - [2009-03-19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) DRV - [2008-04-14 14:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2006-04-12 09:34:40 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) DRV - [2006-04-12 09:34:40 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) DRV - [2006-04-12 09:34:40 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) DRV - [2007-09-23 18:40:36 | 04,603,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2007-03-20 11:33:26 | 00,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys -- (libusb0 [On_Demand | Running]) DRV - [2007-09-23 19:27:16 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running]) DRV - [2007-06-21 04:43:26 | 02,208,512 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running]) DRV - [2007-11-11 19:51:00 | 07,433,504 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2008-04-14 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2007-09-23 18:47:39 | 00,090,880 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2008-04-14 14:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-05-20 14:28:29 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2007-09-23 18:49:22 | 00,209,312 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running]) DRV - [2007-07-25 18:07:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running]) DRV - [2006-10-10 19:33:00 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys -- (tosporte [On_Demand | Running]) DRV - [2007-04-24 13:20:06 | 00,113,920 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\DRIVERS\tosrfbd.sys -- (tosrfbd [On_Demand | Stopped]) DRV - [2006-11-20 17:55:16 | 00,036,480 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys -- (tosrfbnp [On_Demand | Stopped]) DRV - [2005-08-01 16:45:00 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys -- (Tosrfcom [System | Running]) DRV - [2006-10-23 16:32:20 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Running]) DRV - [2007-03-01 16:53:12 | 00,073,728 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys -- (Tosrfhid [On_Demand | Stopped]) DRV - [2005-01-06 13:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys -- (tosrfnds [On_Demand | Stopped]) DRV - [2007-01-22 10:43:26 | 00,053,376 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\drivers\tosrfsnd.sys -- (TosRfSnd [On_Demand | Stopped]) DRV - [2007-04-24 19:36:00 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\DRIVERS\tosrfusb.sys -- (tosrfusb [On_Demand | Stopped]) DRV - [2006-06-22 16:27:12 | 00,011,264 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\System32\drivers\TPwSav.sys -- (TPwSav [System | Running]) DRV - [2009-05-03 09:13:17 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped]) DRV - [2009-06-05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) DRV - [2008-04-14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped]) DRV - [2007-04-16 10:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003\S-1-5-21-1482476501-1292428093-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003\S-1-5-21-1482476501-1292428093-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.interia.pl" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {a3b24d40-bac4-11dc-95ff-0800200c9a66}:0.2.2 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 20:20:41 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-04-16 21:02:32 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-13 13:26:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-13 13:26:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-09-13 13:26:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009-04-16 20:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\mozilla\Extensions [2009-04-16 20:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-10-06 13:15:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\mozilla\Firefox\Profiles\73jww6bp.default\extensions [2009-09-03 18:58:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\mozilla\Firefox\Profiles\73jww6bp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-05-28 12:56:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\mozilla\Firefox\Profiles\73jww6bp.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2009-06-02 20:35:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\mozilla\Firefox\Profiles\73jww6bp.default\extensions\moveplayer@movenetworks.com [2009-10-06 13:34:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-09-12 13:32:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-05-03 06:15:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009-04-16 21:02:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-05-11 11:11:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-09-06 14:46:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-09-12 13:32:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-09-12 13:32:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-09-12 13:32:44 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2006-01-28 02:57:22 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-09-13 13:26:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-09-13 13:26:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-09-13 13:26:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-09-13 13:26:18 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-09-13 13:26:18 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-09-13 13:26:18 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-09-13 13:26:18 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2006-01-28 02:56:18 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-25 00:09:45 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA) O4 - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003..\Run: [cdoosoft] C:\Documents and Settings\Magg\Local Settings\Temp\herss.exe () O4 - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} http://www.eska.pl/streamplayers/OggX.ocx (OggX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-04-15 20:48:48 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-07-14 11:26:40 | 00,000,043 | R--- | M] () - F:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - I:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{1adbe4ff-29fa-11de-859f-806d6172696f}\Shell\AutoRun\command - "" = ctu8r.exe O33 - MountPoints2\{1adbe4ff-29fa-11de-859f-806d6172696f}\Shell\open\Command - "" = ctu8r.exe O33 - MountPoints2\{1adbe500-29fa-11de-859f-806d6172696f}\Shell\AutoRun\command - "" = D:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{1adbe500-29fa-11de-859f-806d6172696f}\Shell\open\Command - "" = D:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{1adbe501-29fa-11de-859f-806d6172696f}\Shell\AutoRun\command - "" = E:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{1adbe501-29fa-11de-859f-806d6172696f}\Shell\open\Command - "" = E:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{837a5a46-9f00-11de-b80c-0016d4fa35b0}\Shell\AutoRun\command - "" = G:\sp1jensi.exe -- File not found O33 - MountPoints2\{837a5a46-9f00-11de-b80c-0016d4fa35b0}\Shell\open\Command - "" = G:\sp1jensi.exe -- File not found O33 - MountPoints2\{b403f128-2aab-11de-b762-b3d539eebec4}\Shell\AutoRun\command - "" = I:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{b403f128-2aab-11de-b762-b3d539eebec4}\Shell\open\Command - "" = I:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{ef3d5dc2-29fb-11de-b75f-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{ef3d5dc2-29fb-11de-b75f-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ef3d5dc2-29fb-11de-b75f-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009-07-14 11:26:40 | 00,111,880 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [4 C:\WINDOWS\System32\*.tmp files] [2009-09-13 13:27:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009-09-16 22:21:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Application Data\Activision [2009-09-13 14:39:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Application Data\ToneFXsCreator [2009-09-30 19:25:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Local Settings\Application Data\Cranium_Consulting_and_Cu [2009-09-19 01:40:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2009-09-19 01:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2009-09-13 13:29:32 | 00,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility [2009-09-30 19:25:07 | 00,000,000 | ---D | C] -- C:\Program Files\iPhoneBrowser [2009-09-19 01:41:53 | 00,000,000 | ---D | C] -- C:\Program Files\iPod [2009-09-19 01:41:49 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes [2009-09-19 00:18:33 | 00,000,000 | ---D | C] -- C:\Program Files\LibUSB-Win32 [2009-09-13 13:25:42 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009-09-13 14:39:16 | 00,000,000 | ---D | C] -- C:\Program Files\ToneFXsCreator [2009-10-06 13:37:34 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Magg\Desktop\OTL.exe [2009-09-20 16:20:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\Gra w kolory [2009-09-19 01:27:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2009-09-19 01:24:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\iTunesSetup.zip [2009-09-19 01:09:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\SharePod [2009-09-19 00:18:33 | 00,043,520 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll [2009-09-19 00:18:33 | 00,028,672 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys [2009-09-19 00:18:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\iRecoveryWin32 [2009-09-17 22:12:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\Apollo.DVD.To.iPod.v4.1.Incl.Keygen-BLiZZARD [2009-09-17 20:21:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\Poczta w INTERIA.PL - konto e-mail o nieograniczonej pojemności_pliki [2009-09-16 22:21:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\My Documents\Activision [2009-09-14 00:07:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\fotki [2009-09-13 14:35:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\tonefxscreator_pc [2009-09-13 13:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\New Folder (5) [2009-09-13 12:58:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\New Folder (4) [2009-09-12 14:57:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magg\Desktop\z lg [2006-12-12 11:13:20 | 00,032,768 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\All Users\Application Data\EBLib.dll [2006-07-28 16:25:26 | 00,019,456 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\All Users\Application Data\LPCFilter.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [4 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-10-06 13:45:48 | 00,000,057 | RHS- | M] () -- C:\autorun.inf [2009-10-06 13:38:43 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\k408d3c0.exe [2009-10-06 13:37:35 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magg\Desktop\OTL.exe [2009-10-06 13:03:54 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-10-06 13:03:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-06 13:03:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () -- C:\ctu8r.exe [2009-10-05 18:01:06 | 00,189,952 | ---- | M] () -- C:\Documents and Settings\Magg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-05 09:24:46 | 00,117,453 | RHS- | M] () -- C:\sp1jensi.exe [2009-10-01 07:02:12 | 00,002,026 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009-09-30 18:56:12 | 01,227,013 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\100_2220.JPG [2009-09-30 18:55:43 | 01,024,916 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\100_2219.JPG [2009-09-30 18:55:27 | 00,990,769 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\100_2218.JPG [2009-09-30 18:55:11 | 01,213,227 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\100_2217.JPG [2009-09-30 18:49:10 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2009-09-19 01:08:30 | 01,136,806 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\SharePod.zip [2009-09-19 00:16:14 | 00,418,298 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\iRecoveryWin32.zip [2009-09-18 21:17:48 | 00,000,099 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI [2009-09-17 20:21:34 | 00,031,080 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\Poczta w INTERIA.PL - konto e-mail o nieograniczonej pojemności.htm [2009-09-16 20:58:27 | 00,000,445 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Marvel(TM) - Ultimate Alliance.lnk [2009-09-16 20:58:00 | 00,000,265 | ---- | M] () -- C:\WINDOWS\game.ini [2009-09-13 14:39:16 | 00,000,577 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\ToneFXsCreator.lnk [2009-09-13 14:35:20 | 01,527,586 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\tonefxscreator_pc.zip [2009-09-12 20:32:45 | 00,040,881 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\NalepkaUwagaszklo.jpg [2009-09-12 20:32:45 | 00,040,881 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\NalepkaUwagaszkl.jpg [2009-09-12 15:00:13 | 00,075,416 | ---- | M] () -- C:\Documents and Settings\Magg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009-09-10 19:32:07 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Magg\Desktop\Podanie.doc [2009-09-09 18:47:36 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [color=#E56717]========== Files - No Company Name ==========[/color] [2009-10-06 13:38:43 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\k408d3c0.exe [2009-10-06 13:04:24 | 00,118,651 | RHS- | C] () -- C:\ctu8r.exe [2009-10-05 21:43:49 | 00,117,453 | RHS- | C] () -- C:\sp1jensi.exe [2009-10-05 21:43:49 | 00,000,057 | RHS- | C] () -- C:\autorun.inf [2009-09-30 18:51:25 | 01,227,013 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\100_2220.JPG [2009-09-30 18:51:19 | 01,024,916 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\100_2219.JPG [2009-09-30 18:51:15 | 00,990,769 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\100_2218.JPG [2009-09-30 18:51:11 | 01,213,227 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\100_2217.JPG [2009-09-19 01:07:12 | 01,136,806 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\SharePod.zip [2009-09-19 00:16:12 | 00,418,298 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\iRecoveryWin32.zip [2009-09-17 20:21:32 | 00,031,080 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\Poczta w INTERIA.PL - konto e-mail o nieograniczonej pojemności.htm [2009-09-16 20:58:27 | 00,000,445 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Marvel(TM) - Ultimate Alliance.lnk [2009-09-16 20:58:00 | 00,000,265 | ---- | C] () -- C:\WINDOWS\game.ini [2009-09-13 14:39:16 | 00,000,577 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\ToneFXsCreator.lnk [2009-09-13 14:35:37 | 00,137,507 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\Why_So_Serious.mp3 [2009-09-13 14:35:17 | 01,527,586 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\tonefxscreator_pc.zip [2009-09-12 20:34:19 | 00,040,881 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\NalepkaUwagaszklo.jpg [2009-09-12 20:30:37 | 00,040,881 | ---- | C] () -- C:\Documents and Settings\Magg\Desktop\NalepkaUwagaszkl.jpg [2009-08-15 20:43:00 | 00,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2009-08-11 19:06:48 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-08-09 15:49:30 | 01,046,400 | ---- | C] () -- C:\Documents and Settings\Magg\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2 [2009-06-16 17:34:01 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini [2009-06-16 17:32:00 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgpdf2.dll [2009-05-20 14:28:29 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-05-08 17:33:29 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2009-05-08 17:30:10 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009-05-01 17:04:57 | 00,075,416 | ---- | C] () -- C:\Documents and Settings\Magg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009-04-20 00:19:09 | 00,189,952 | ---- | C] () -- C:\Documents and Settings\Magg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-04-16 21:01:43 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-04-16 21:01:41 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-04-16 21:01:41 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-04-16 21:01:41 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-04-16 21:01:39 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-04-16 21:01:39 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-04-16 20:51:04 | 00,002,026 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-04-16 20:21:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2009-04-16 19:54:48 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll [2009-04-16 19:51:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL [2009-04-16 19:40:45 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2009-04-16 19:40:45 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2009-04-16 19:40:45 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2009-04-16 19:40:45 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2009-04-15 23:12:07 | 04,839,902 | -H-- | C] () -- C:\Documents and Settings\Magg\Local Settings\Application Data\IconCache.db [2009-04-15 22:29:10 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2009-04-15 21:37:51 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Magg\Application Data\desktop.ini [2009-04-05 23:32:27 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-04-05 23:32:27 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009-04-05 23:32:27 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-04-05 23:32:27 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2009-04-05 23:32:27 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009-04-05 23:32:13 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2009-01-04 13:16:16 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\chckshll.dll [2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-04-14 14:00:00 | 00,000,617 | ---- | C] () -- C:\WINDOWS\win.ini [2008-04-14 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2006-12-05 13:05:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2006-01-05 18:49:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll [2006-01-05 17:36:22 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll [2005-11-23 13:55:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll [2005-07-22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2005-05-25 22:06:26 | 00,119,296 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll [2001-07-07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [color=#E56717]========== LOP Check ==========[/color] [2009-09-13 13:27:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009-09-13 13:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009-06-20 12:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009-05-20 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2009-04-16 19:51:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64 [2009-04-16 19:58:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP [2009-04-15 22:29:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data [2009-04-15 20:52:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data [2009-09-16 22:21:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Magg\Application Data [2009-09-16 22:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\Activision [2009-05-20 14:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\DAEMON Tools Lite [2009-08-29 17:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\dvdcss [2009-04-16 20:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\Gadu-Gadu [2009-06-20 20:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\GetRightToGo [2009-08-18 21:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\gtk-2.0 [2009-08-13 20:21:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\Image Zone Express [2009-06-05 20:02:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\Move Networks [2009-04-16 20:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\Thunderbird [2009-09-13 15:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magg\Application Data\ToneFXsCreator [2009-04-15 20:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data [2008-04-14 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-10-06 13:03:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] GMER: [log]GMER 1.0.15.15125 - http://www.gmer.net Rootkit scan 2009-10-06 15:21:28 Windows 5.1.2600 Service Pack 3 Running: k408d3c0.exe; Driver: C:\DOCUME~1\Magg\LOCALS~1\Temp\uxtdapow.sys ---- System - GMER 1.0.15 ---- INT 0x62 ? 8A5B5BF8 INT 0x63 ? 8A36AE90 INT 0x82 ? 8A5B5BF8 INT 0x83 ? 8A36AE90 INT 0x94 ? 8A36AE90 INT 0xA4 ? 8A36AE90 ---- Kernel code sections - GMER 1.0.15 ---- ? spkf.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload B72398AC 5 Bytes JMP 8A36A470 .text aoapy3c8.SYS B5F0D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aoapy3c8.SYS B5F0D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aoapy3c8.SYS B5F0D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text aoapy3c8.SYS B5F0D3C9 1 Byte [30] .text aoapy3c8.SYS B5F0D3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5BB2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spkf.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spkf.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spkf.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spkf.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spkf.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spkf.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spkf.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A36A570 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] spkf.sys IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!swprintf] 001CB286 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IofCallDriver] 001CB986 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!sprintf] 968D5140 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoStartTimer] 00002230 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ZwCreateKey] C6000000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoStartPacket] 538B0000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoFreeMdl] E8500000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeSetTimer] F6317300 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!_allmul] 74070647 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!_except_handler3] 05578A0B IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!_aulldiv] 03087408 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!strstr] 72F93B3F IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!_strupr] 8A09EBDA IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!KeTickCount] 88084B8A IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!PoCallDriver] 002157E8 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!memmove] 18C48300 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\aoapy3c8.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1160] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002 IAT C:\WINDOWS\system32\services.exe[1160] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A5B31F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Fastfat \FatCdrom 8589F1F8 Device \FileSystem\Udfs \UdfsCdRom 8A17C3A0 Device \FileSystem\Udfs \UdfsDisk 8A17C3A0 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\USBSTOR \Device\0000009d 8A0C33A0 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\USBSTOR \Device\0000009e 8A0C33A0 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\NetBT \Device\NetBT_Tcpip_{40AD022C-BB71-4210-875E-4B33DAB9A25F} 8A235500 Device \Driver\usbuhci \Device\USBPDO-0 8A3681F8 Device \Driver\usbuhci \Device\USBPDO-1 8A3681F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5B61F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A5B61F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A5B61F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A5B61F8 Device \Driver\usbuhci \Device\USBPDO-2 8A3681F8 Device \Driver\usbuhci \Device\USBPDO-3 8A3681F8 Device \Driver\PCI_PNP2646 \Device\00000047 spkf.sys Device \Driver\PCI_PNP2646 \Device\00000047 spkf.sys Device \Driver\usbehci \Device\USBPDO-4 8A2BA1F8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5B71F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5B71F8 Device \Driver\Cdrom \Device\CdRom0 8A1901F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5B71F8 Device \Driver\Cdrom \Device\CdRom1 8A1901F8 Device \Driver\atapi \Device\Ide\IdePort0 [F7A40B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7A40B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdePort1 [F7A40B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7A40B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F7A40B40] atapi.sys[unknown section] Device \Driver\Ftdisk \Device\HarddiskVolume4 8A5B71F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A235500 Device \Driver\NetBT \Device\NetbiosSmb 8A235500 Device \Driver\USBSTOR \Device\00000095 8A0C33A0 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\USBSTOR \Device\00000097 8A0C33A0 Device \Driver\usbuhci \Device\USBFDO-0 8A3681F8 Device \Driver\usbuhci \Device\USBFDO-1 8A3681F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A0DC500 Device \Driver\usbuhci \Device\USBFDO-2 8A3681F8 Device \Driver\sptd \Device\1175587646 spkf.sys Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A0DC500 Device \Driver\usbuhci \Device\USBFDO-3 8A3681F8 Device \Driver\usbehci \Device\USBFDO-4 8A2BA1F8 Device \Driver\Ftdisk \Device\FtControl 8A5B71F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{64AACEC7-F1E0-485F-9F2F-4B2786FCAD17} 8A235500 Device \Driver\aoapy3c8 \Device\Scsi\aoapy3c81 8A115500 Device \Driver\aoapy3c8 \Device\Scsi\aoapy3c81Port2Path0Target0Lun0 8A115500 Device \FileSystem\Fastfat \Fat 8589F1F8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Cdfs \Cdfs 8A047500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0xC2 0xF1 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xFF 0xB6 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x96 0xF1 0x97 0x22 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0xC2 0xF1 0x30 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xFF 0xB6 0xBB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x96 0xF1 0x97 0x22 ... ---- EOF - GMER 1.0.15 ---- [/log] GMER Usługi: [log]GMER 1.0.15.15125 - http://www.gmer.net Rootkit scan 2009-10-06 15:22:03 Windows 5.1.2600 Service Pack 3 Running: k408d3c0.exe; Driver: C:\DOCUME~1\Magg\LOCALS~1\Temp\uxtdapow.sys ---- Services - GMER 1.0.15 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/ALWIL Software) [SYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI Service C:\WINDOWS\system32\DRIVERS\ACPIEC.sys (ACPI Embedded Controller Driver/Microsoft Corporation) [BOOT] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD Service C:\WINDOWS\system32\agrsmsvc.exe (Agere Soft Modem Call Progress Service/Agere Systems) [AUTO] AgereModemAudio Service C:\WINDOWS\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) [MANUAL] AgereSoftModem Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt Service C:\WINDOWS\system32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_2.0.50727 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state Service C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (avast! File System Access Blocking Driver/ALWIL Software) [AUTO] aswFsBlk Service (avast! File System Filter Driver for Windows XP/ALWIL Software) [AUTO] aswMon2 Service (avast! TDI RDR Driver/ALWIL Software) [MANUAL] aswRdr Service (avast! self protection module/ALWIL Software) [SYSTEM] aswSP Service (avast! TDI Filter Driver/ALWIL Software) [SYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Antivirus updating service/ALWIL Software) [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service/ALWIL Software) [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service/ALWIL Software) [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner/ALWIL Software) [MANUAL] avast! Web Scanner Service (Battery Class Driver/Microsoft Corporation) BattC Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE Service [DISABLED] cd20xrnt Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Service of ConfigFree./TOSHIBA CORPORATION) [AUTO] CFSvcs Service [SYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32 Service C:\WINDOWS\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt Service [DISABLED] CmdIde Service C:\WINDOWS\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [BOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility Service (Floppy Disk Controller Driver/Microsoft Corporation) [SYSTEM] Fdc Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips Service (Floppy Driver/Microsoft Corporation) [SYSTEM] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0 Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc Service [DISABLED] hpn Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412 Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12 Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12 Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter Service [SYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] intelppm Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [SYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LanmanServer Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation Service [SYSTEM] lbrtfdc Service ldap Service C:\WINDOWS\system32\drivers\libusb0.sys (LibUSB-Win32 - Kernel Driver/http://libusb-win32.sourceforge.net) [MANUAL] libusb0 Service LicenseService Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [MANUAL] mnmsrvc Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass Service C:\WINDOWS\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC Service MSDTC Bridge 3.0.0.0 Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\DRIVERS\netdevio.sys (Network Device Usermode I/O protocol/TOSHIBA Corporation.) [AUTO] Netdevio Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing Service C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] NETw4x32 Service C:\WINDOWS\system32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394 Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 169.09 /NVIDIA Corporation) [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 169.09/NVIDIA Corporation) [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394 Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose Service Outlook Service (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI Service [SYSTEM] PCIDump Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde Service C:\WINDOWS\system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [BOOT] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [AUTO] Pml Driver HPZ12 Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr Service RDPNP Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTLE8023xp Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS Service (Serial Device Driver/Microsoft Corporation) [AUTO] Serial Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service C:\WINDOWS\system32\DRIVERS\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk Service C:\WINDOWS\system32\DRIVERS\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP Service SMSvcHost 3.0.0.0 Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [BOOT] sr Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes Service C:\WINDOWS\system32\drivers\tifm21.sys (tifm21.sys/Texas Instruments) [MANUAL] tifm21 Service C:\WINDOWS\system32\tlntsvr.exe (Telnet/Microsoft Corporation) [DISABLED] TlntSvr Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Bluetooth Service/TOSHIBA CORPORATION) [AUTO] TOSHIBA Bluetooth Service Service [DISABLED] TosIde Service C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Bluetooth Port Emulation Driver/TOSHIBA Corporation) [MANUAL] tosporte Service C:\WINDOWS\system32\DRIVERS\tosrfbd.sys (Bluetooth RF Bus Driver/TOSHIBA CORPORATION) [MANUAL] tosrfbd Service C:\WINDOWS\System32\Drivers\tosrfbnp.sys (Bluetooth RFBNEP Driver/TOSHIBA Corporation) [MANUAL] tosrfbnp Service C:\WINDOWS\System32\Drivers\tosrfcom.sys (Bluetooth RFCOMM Driver/TOSHIBA Corporation) [SYSTEM] Tosrfcom Service C:\WINDOWS\system32\DRIVERS\tosrfec.sys (TOSHIBA Bluetooth EC Driver/TOSHIBA Corporation) [MANUAL] tosrfec Service C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (Bluetooth HID Driver from TOSHIBA/TOSHIBA Corporation.) [MANUAL] Tosrfhid Service C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (Bluetooth BNEP Driver/TOSHIBA Corporation.) [MANUAL] tosrfnds Service C:\WINDOWS\system32\drivers\tosrfsnd.sys (Bluetooth Audio Driver (WDM)/TOSHIBA Corporation) [MANUAL] TosRfSnd Service C:\WINDOWS\system32\DRIVERS\tosrfusb.sys (Bluetooth USB Miniport Driver/TOSHIBA CORPORATION) [MANUAL] tosrfusb Service C:\WINDOWS\system32\drivers\TPwSav.sys (IO Driver/TOSHIBA ) [SYSTEM] TPwSav Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (TVicHW32 Driver for Windows NT/2000/XP/EnTech Taiwan) [MANUAL] TVICHW32 Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci Service C:\WINDOWS\System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo Service C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS (UVCFTR_S.sys/Chicony Electronics Co., Ltd.) [MANUAL] UVCFTR Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave Service [DISABLED] ViaIde Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient Service Windows Workflow Foundation 3.0.0.0 Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc Service (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov Service {40AD022C-BB71-4210-875E-4B33DAB9A25F} Service {64AACEC7-F1E0-485F-9F2F-4B2786FCAD17} Service {670877EB-2176-4514-BD42-8A6BB18FC244} Service {B92E4E04-84F8-4BAC-A102-E4FA960DA8E0} Service {F5B27DD0-8C1E-4E26-A16C-2874F9D456B2} ---- EOF - GMER 1.0.15 ---- [/log]
MarekM25 komentarz 6 października 2009 komentarz 6 października 2009 Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: [code] :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O4 - HKLM..\Run: [TFncKy] File not found O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-07-14 11:26:40 | 00,000,043 | R--- | M] () - F:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - I:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{1adbe4ff-29fa-11de-859f-806d6172696f}\Shell\AutoRun\command - "" = ctu8r.exe O33 - MountPoints2\{1adbe4ff-29fa-11de-859f-806d6172696f}\Shell\open\Command - "" = ctu8r.exe O33 - MountPoints2\{1adbe500-29fa-11de-859f-806d6172696f}\Shell\AutoRun\command - "" = D:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{1adbe500-29fa-11de-859f-806d6172696f}\Shell\open\Command - "" = D:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{1adbe501-29fa-11de-859f-806d6172696f}\Shell\AutoRun\command - "" = E:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{1adbe501-29fa-11de-859f-806d6172696f}\Shell\open\Command - "" = E:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{837a5a46-9f00-11de-b80c-0016d4fa35b0}\Shell\AutoRun\command - "" = G:\sp1jensi.exe -- File not found O33 - MountPoints2\{837a5a46-9f00-11de-b80c-0016d4fa35b0}\Shell\open\Command - "" = G:\sp1jensi.exe -- File not found O33 - MountPoints2\{b403f128-2aab-11de-b762-b3d539eebec4}\Shell\AutoRun\command - "" = I:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{b403f128-2aab-11de-b762-b3d539eebec4}\Shell\open\Command - "" = I:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{ef3d5dc2-29fb-11de-b75f-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{ef3d5dc2-29fb-11de-b75f-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ef3d5dc2-29fb-11de-b75f-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009-07-14 11:26:40 | 00,111,880 | R--- | M] (Microsoft Corporation) :Files C:\ctu8r.exe C:\sp1jensi.exe :Commands [emptytemp] [start explorer] [Reboot][/code] Kliknij w Run Fix. Zatwierdź restart komputera.
Magg66 komentarz 6 października 2009 Autor komentarz 6 października 2009 Dzięki bardzo już działa. [quote name='MarekM25' date='06 październik 2009 - 15:42 ' timestamp='1254836559' post='875037'] Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: [code] :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O4 - HKLM..\Run: [TFncKy] File not found O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-07-14 11:26:40 | 00,000,043 | R--- | M] () - F:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2009-10-06 13:44:07 | 00,000,057 | RHS- | M] () - I:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{1adbe4ff-29fa-11de-859f-806d6172696f}\Shell\AutoRun\command - "" = ctu8r.exe O33 - MountPoints2\{1adbe4ff-29fa-11de-859f-806d6172696f}\Shell\open\Command - "" = ctu8r.exe O33 - MountPoints2\{1adbe500-29fa-11de-859f-806d6172696f}\Shell\AutoRun\command - "" = D:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{1adbe500-29fa-11de-859f-806d6172696f}\Shell\open\Command - "" = D:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{1adbe501-29fa-11de-859f-806d6172696f}\Shell\AutoRun\command - "" = E:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{1adbe501-29fa-11de-859f-806d6172696f}\Shell\open\Command - "" = E:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{837a5a46-9f00-11de-b80c-0016d4fa35b0}\Shell\AutoRun\command - "" = G:\sp1jensi.exe -- File not found O33 - MountPoints2\{837a5a46-9f00-11de-b80c-0016d4fa35b0}\Shell\open\Command - "" = G:\sp1jensi.exe -- File not found O33 - MountPoints2\{b403f128-2aab-11de-b762-b3d539eebec4}\Shell\AutoRun\command - "" = I:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{b403f128-2aab-11de-b762-b3d539eebec4}\Shell\open\Command - "" = I:\ctu8r.exe -- [2009-10-05 21:44:07 | 00,118,651 | RHS- | M] () O33 - MountPoints2\{ef3d5dc2-29fb-11de-b75f-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{ef3d5dc2-29fb-11de-b75f-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ef3d5dc2-29fb-11de-b75f-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009-07-14 11:26:40 | 00,111,880 | R--- | M] (Microsoft Corporation) :Files C:\ctu8r.exe C:\sp1jensi.exe :Commands [emptytemp] [start explorer] [Reboot][/code] Kliknij w Run Fix. Zatwierdź restart komputera. [/quote]
MarekM25 komentarz 6 października 2009 komentarz 6 października 2009 Kroki końcowe: 1. Użyj narzędzia [url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash DisInfector[/url]. Jeżeli posiadasz jakąś pamięć przenośną niech będzie w tym czasie podłączona. Niektóre antywirusy wykrywają te narzędzie jako wirusa, ale oczywiście Flash DisInfector nim nie jest. 2. Uruchom otl i wybierz opcję CleanUp.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.