UWAGA – wystartowała IV edycja konkursu FAQ PC Format. Wszelkie potrzebne informację znajdziecie w TYM WĄTKU.

Odpowiedz 

IEXPLORER.EXE keyloger

Autor Wiadomość
majooo999 Offline
Nowy użytkownik
*

Liczba postów: 43
Dołączył: XII 2008
Poziom ostrzeżeń: 0%
Post: #1
IEXPLORER.EXE keyloger
IEXPLORER.EXE zachowanie :keyloger cos taKIEGO pokazuje mi sie co jakis czas jako wykryte przez kasperskiego , ale skanowalem i nic nie wykrylo.OCB?
oto mój LOG .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:39:03, on 2009-05-20
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\devldr32.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Game\Metin2\metin2.bin
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\reg.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = "http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = "http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = "http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = "http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = "http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [V0330Mon.exe] D:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Install program\AdobeReader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [l33t] D:\WINDOWS\system\iexplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\INSTAL~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\INSTAL~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.d​ll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5146 bytes
(Ten post był ostatnio modyfikowany: 19 maj 2009 16:29 przez majooo999.)
19 maj 2009 16:29
Znajdź wszystkie posty użytkownika Odpowiedz cytując ten post  System operacyjny: windows_xp_2003 Przeglądarka: firefox
tomobo
Niezarejestrowany

 
Post: #2
RE: IEXPLORER.EXE keyloger
Zaznacz fajki ptzy podanych wpisach i kliknij FIX
O4 - HKLM\..\Run: [l33t] D:\WINDOWS\system\iexplore.exe
Ale myślę, że to nie wszystko. Poczekaj na Pawła lub Kamela.
19 maj 2009 16:39
Odpowiedz cytując ten post  System operacyjny: windows_xp_2003 Przeglądarka: firefox
Paweł01 Offline
Prowadzący
Prowadzący

Liczba postów: 8971
Dołączył: IV 2008
Post: #3
RE: IEXPLORER.EXE keyloger
Pokaż log z RSIT.exe lub OTListIt2 (po zaznaczeniu Scan All Users) plus log z GMERa wykonany na dwa sposoby:
1) zakładka rootkit, szukaj, kopiuj, wklej
2) zakładka rootkit, odznacz "Sekcje", zaznacz "Pokaż wszystko", kopiuj, wklej.

Nie odpowiadam w tematach z działu 'Bezpieczeństwo', w których brakuje pełnego zestawu logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Jeżeli prowadziłem wątek i w nim nie odpowiadam przez 3 dni-proszę o przypomnienie na PW.
Nie pomagam na PW.
Prośba o przetestowanie aplikacji: http://forum.pcformat.pl/Prosba-o-przete...L-OpenGL-t
19 maj 2009 16:58
Odwiedź stronę użytkownika Znajdź wszystkie posty użytkownika Odpowiedz cytując ten post  System operacyjny: windows_xp_2003 Przeglądarka: seamonkey
majooo999 Offline
Nowy użytkownik
*

Liczba postów: 43
Dołączył: XII 2008
Poziom ostrzeżeń: 0%
Post: #4
RE: IEXPLORER.EXE keyloger
OTList1 LOG:



OTListIt logfile created on: 2009-05-20 10:23:13 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Download ;D
Windows XP Professional Edition Service Pack 3, v.5657 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

511,49 Mb Total Physical Memory | 31,48 Mb Available Physical Memory | 6,16% Memory free
1,22 Gb Paging File | 0,83 Gb Available in Paging File | 67,99% Paging File free
Paging file location(s): D:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 78,13 Gb Total Space | 69,10 Gb Free Space | 88,45% Space Free | Partition Type: NTFS
Drive D: | 70,91 Gb Total Space | 56,45 Gb Free Space | 79,60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PATRICK-E0D0E07
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008-12-01 22:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- D:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008-12-01 22:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- D:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009-03-26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008-09-24 15:32:48 | 00,935,208 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-04-27 20:03:42 | 00,066,872 | ---- | M] () -- D:\WINDOWS\system32\PnkBstrA.exe
PRC - [2007-12-01 01:27:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wscntfy.exe
PRC - [2007-12-29 15:52:24 | 00,336,768 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\WgaTray.exe
PRC - [2007-12-01 01:26:26 | 01,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2007-04-30 03:03:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- D:\WINDOWS\V0330Mon.exe
PRC - [2009-04-02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009-02-27 18:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Install program\AdobeReader\Reader\Reader_sl.exe
PRC - [2001-08-18 00:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\system32\devldr32.exe
PRC - [2009-04-02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe
PRC - [2009-04-29 06:23:40 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-04-20 16:56:20 | 09,818,728 | ---- | M] (GG Network S.A.) -- C:\Install program\Nowe Gadu-Gadu\gg.exe
PRC - [2009-04-20 16:08:38 | 00,077,824 | ---- | M] () -- C:\Install program\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-05-20 10:22:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Download ;D\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-03-26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008-12-01 22:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- D:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008-12-01 14:35:00 | 00,593,920 | ---- | M] () -- D:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009-03-17 21:16:41 | 00,206,088 | ---- | M] (Kaspersky Lab) -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
SRV - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-03-23 21:03:52 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - [2007-12-01 01:25:52 | 00,038,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009-04-02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009-04-04 15:12:37 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2008-09-24 15:32:48 | 00,935,208 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009-04-27 20:03:42 | 00,066,872 | ---- | M] () -- D:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2006-10-18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2003-04-01 11:51:30 | 00,719,052 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2008-12-02 00:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.) -- D:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2001-08-17 14:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\system32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Running])
DRV - [2001-08-17 14:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
DRV - [2001-08-17 14:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
DRV - [2007-11-30 19:31:16 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009-03-19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008-07-21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009-05-04 19:07:03 | 00,033,808 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009-03-17 21:16:41 | 00,226,832 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008-04-30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2009-03-17 18:45:49 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- D:\WINDOWS\system32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- D:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004-03-01 19:31:14 | 00,062,848 | ---- | M] (Ralink Technology Inc.) -- D:\WINDOWS\system32\DRIVERS\RT2400.sys -- (RT2400 [On_Demand | Running])
DRV - [2001-08-17 14:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- D:\WINDOWS\system32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Stopped])
DRV - [2007-11-30 16:21:50 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001-08-17 14:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
DRV - [2007-08-08 07:48:18 | 00,157,696 | R--- | M] (Creative Technology Ltd.) -- D:\WINDOWS\system32\DRIVERS\V0330Vid.sys -- (V0330VID [On_Demand | Stopped])
DRV - [2006-01-13 15:00:52 | 00,015,872 | ---- | M] (Flint Incorporation) -- D:\WINDOWS\System32\drivers\vd_filedisk.sys -- (VD_FileDisk [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = "http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = "http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = "http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = "http://ie.search.msn.com/{SUB_RFC1766}/s...chcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = "http://ie.search.msn.com/{SUB_RFC1766}/s...chasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = "http://www.microsoft.com/isapi/redir.dll...r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://www.microsoft.com/isapi/redir.dll...ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = "http://www.microsoft.com/isapi/redir.dll...r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://www.microsoft.com/isapi/redir.dll...ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-776561741-790525478-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-776561741-790525478-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = "http://www.microsoft.com/isapi/redir.dll...r=iesearch
IE - HKU\S-1-5-21-776561741-790525478-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-776561741-790525478-1417001333-1003\S-1-5-21-776561741-790525478-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-790525478-1417001333-1003\S-1-5-21-776561741-790525478-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-04-04 15:12:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-15 09:36:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-12 14:00:49 | 00,000,000 | ---D | M]

[2009-03-17 20:49:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\User\Application Data\mozilla\Extensions
[2009-03-17 20:49:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-03-17 20:49:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\ght04x81.default\extensions
[2009-05-20 10:19:48 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2009-04-29 06:23:49 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-21 19:08:02 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009-04-04 15:14:55 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-04-29 06:23:40 | 00,023,032 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-04-29 06:23:40 | 00,134,648 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-03-29 17:59:04 | 00,000,896 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-03-29 17:59:04 | 00,001,406 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-03-29 17:59:04 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-03-29 17:59:04 | 00,000,917 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-03-29 17:59:04 | 00,000,858 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-03-29 17:59:04 | 00,001,183 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-03-29 17:59:04 | 00,001,683 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Install program\AdobeReader\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
O4 - HKLM..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [l33t] D:\WINDOWS\system\iexplore.exe ()
O4 - HKLM..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [V0330Mon.exe] D:\WINDOWS\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-790525478-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-790525478-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-790525478-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-790525478-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-776561741-790525478-1417001333-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\INSTAL~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Install program\Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "http://fpdownload.macromedia.com/get/fla...rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - D:\WINDOWS\system32\klogon.dll - D:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-17 18:25:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e77ebb38-1312-11de-9e20-0050ba3497b9}\Shell - "" = AutoRun
O33 - MountPoints2\{e77ebb38-1312-11de-9e20-0050ba3497b9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e77ebb38-1312-11de-9e20-0050ba3497b9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-05-20 10:18:23 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files]
[2009-05-20 09:28:34 | 00,189,847 | ---- | C] () -- D:\Documents and Settings\User\Desktop\artixxx.JPG
[2009-05-20 08:38:36 | 00,001,734 | ---- | C] () -- D:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009-05-20 08:38:35 | 00,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2009-05-20 04:03:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\Desktop\xxxxx
[2009-05-20 04:03:01 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\My Documents\Live! Cam Center
[2009-05-20 04:02:45 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\Application Data\Creative
[2009-05-20 04:02:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ptpusb.dll
[2009-05-20 04:02:00 | 00,159,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ptpusd.dll
[2009-05-20 04:02:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\usbscan.sys
[2009-05-20 04:02:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbscan.sys
[2009-05-19 10:49:09 | 00,017,920 | ---- | C] () -- D:\WINDOWS\System\smss.exe
[2009-05-19 10:49:08 | 00,034,820 | ---- | C] () -- D:\WINDOWS\System\iexplore.exe
[2009-05-19 10:48:45 | 00,403,047 | ---- | C] () -- D:\WINDOWS\Fishing_beta_1.3.1.exe
[2009-05-19 10:48:45 | 00,000,152 | ---- | C] () -- D:\WINDOWS\l33td.ini
[2009-05-18 12:38:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\My Documents\Version Cue
[2009-05-18 12:38:31 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\My Documents\AdobeStockPhotos
[2009-05-18 03:35:21 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\Desktop\Mateusz
[2009-05-17 13:32:05 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\My Documents\Adobe Scripts
[2009-05-16 08:18:50 | 00,010,036 | ---- | C] () -- D:\Documents and Settings\User\Desktop\tempdecal.wad
[2009-05-16 08:15:13 | 00,000,000 | ---D | C] -- D:\Program Files\Robster Productions
[2009-05-16 08:12:32 | 00,424,854 | ---- | C] () -- D:\Documents and Settings\User\My Documents\Graff.bmp
[2009-05-14 08:30:21 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\My Documents\CD - prezentacja2
[2009-05-14 08:29:06 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\My Documents\CD - prezentacja
[2009-05-14 08:17:59 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\Desktop\Prezentacja D
[2009-05-14 08:09:32 | 00,000,023 | ---- | C] () -- D:\WINDOWS\System32\sysmwwod.dll
[2009-05-14 08:08:35 | 01,703,936 | ---- | C] (NCT Company) -- D:\WINDOWS\System32\NCTAudioFile.dll
[2009-05-14 08:08:35 | 00,360,448 | ---- | C] (NCT Company) -- D:\WINDOWS\System32\NCTWMAFile.dll
[2009-05-14 08:08:35 | 00,233,472 | ---- | C] () -- D:\WINDOWS\System32\lame_enc.dll
[2009-05-14 08:08:35 | 00,209,608 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\Tabctl32.ocx
[2009-05-14 08:08:34 | 00,376,832 | ---- | C] () -- D:\WINDOWS\System32\actskin4.ocx
[2009-05-14 08:08:34 | 00,140,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\Comdlg32.ocx
[2009-05-14 08:08:34 | 00,040,960 | ---- | C] (DGP) -- D:\WINDOWS\System32\DGPNorm.ocx
[2009-05-13 11:47:03 | 00,028,672 | -HS- | C] () -- D:\Documents and Settings\User\Desktop\Thumbs.db
[2009-05-13 10:14:28 | 00,035,840 | ---- | C] () -- D:\Documents and Settings\User\Desktop\Izotony.doc
[2009-05-12 14:02:18 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\Application Data\Apple Computer
[2009-05-12 14:02:05 | 00,002,137 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009-05-12 14:01:37 | 00,000,000 | ---D | C] -- D:\Program Files\iPod
[2009-05-12 14:01:27 | 00,000,000 | ---D | C] -- D:\Program Files\iTunes
[2009-05-12 14:01:27 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-05-12 14:00:31 | 00,001,604 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009-05-12 14:00:12 | 00,000,000 | ---D | C] -- D:\Program Files\QuickTime
[2009-05-12 14:00:09 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Apple Computer
[2009-05-12 13:59:47 | 00,000,284 | ---- | C] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-05-12 13:59:37 | 00,000,000 | ---D | C] -- D:\Program Files\Apple Software Update
[2009-05-12 13:59:10 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\DRVSTORE
[2009-05-12 13:58:40 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Apple
[2009-05-12 13:58:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Apple
[2009-05-11 09:27:15 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\Application Data\Media Player Classic
[2009-05-08 12:19:48 | 00,000,673 | ---- | C] () -- D:\Documents and Settings\User\Desktop\Super Fast Shutdown.lnk
[2009-05-08 12:19:48 | 00,000,666 | ---- | C] () -- D:\Documents and Settings\User\Desktop\Super Fast Reboot.lnk
[2009-05-05 10:31:17 | 00,003,974 | ---- | C] () -- D:\Documents and Settings\User\My Documents\config.cfg
[2009-05-03 16:00:44 | 00,000,503 | ---- | C] () -- D:\Documents and Settings\User\Desktop\Shortcut to ET Minimalizer.lnk
[2009-04-28 16:56:32 | 00,021,504 | ---- | C] () -- D:\Documents and Settings\User\Desktop\PONIEDZIAŁEK.doc
[2009-04-27 20:04:01 | 00,138,512 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-04-27 20:03:52 | 00,201,440 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrB.exe
[2009-04-27 20:03:42 | 00,066,872 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrA.exe
[2009-04-27 19:50:30 | 00,000,477 | ---- | C] () -- D:\Documents and Settings\User\Desktop\Wolfenstein - Enemy Territory.lnk
[2009-04-27 18:23:02 | 00,149,504 | ---- | C] () -- D:\Documents and Settings\User\Desktop\zestaw3.xls
[2009-04-24 15:13:58 | 00,000,623 | ---- | C] () -- D:\Documents and Settings\User\Desktop\Counter-Strike.lnk
[2009-04-24 13:33:45 | 00,000,000 | ---D | C] -- D:\Documents and Settings\User\Application Data\OpenFM
[2009-03-30 10:08:32 | 00,005,376 | ---- | C] () -- D:\WINDOWS\System32\antiwpa.dll
[2009-03-26 17:54:55 | 00,168,448 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2009-03-26 17:54:52 | 03,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2009-03-26 17:54:52 | 00,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009-03-26 17:54:52 | 00,130,048 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009-03-26 17:54:50 | 00,067,584 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2009-03-26 17:54:50 | 00,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-03-23 19:02:29 | 00,000,412 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009-03-23 09:15:40 | 00,004,767 | ---- | C] () -- D:\WINDOWS\Irremote.ini
[2009-03-21 10:05:37 | 00,000,010 | ---- | C] () -- D:\WINDOWS\WININIT.INI
[2009-03-17 19:19:47 | 00,000,164 | ---- | C] () -- D:\WINDOWS\avrack.ini
[2009-03-17 18:45:43 | 00,086,016 | ---- | C] () -- D:\WINDOWS\System32\install.dll
[2009-03-17 18:45:43 | 00,045,056 | ---- | C] () -- D:\WINDOWS\System32\DEDriverDLL.dll
[2009-03-17 18:45:43 | 00,032,768 | ---- | C] () -- D:\WINDOWS\System32\SmartInstallCfg2.dll
[2004-08-04 13:00:00 | 00,676,224 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.DLL
[2004-08-04 13:00:00 | 00,000,603 | ---- | C] () -- D:\WINDOWS\win.ini
[2004-08-04 13:00:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini
[2003-04-08 12:40:22 | 00,005,679 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files]
[3 D:\WINDOWS\*.tmp files]
[2009-05-20 10:17:56 | 00,000,152 | ---- | M] () -- D:\WINDOWS\l33td.ini
[2009-05-20 10:17:52 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009-05-20 10:17:38 | 00,000,062 | -HS- | M] () -- D:\Documents and Settings\User\Local Settings\desktop.ini
[2009-05-20 10:17:27 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009-05-20 10:17:24 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009-05-20 10:13:15 | 02,949,664 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox.dat
[2009-05-20 10:13:15 | 00,589,856 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox2.dat
[2009-05-20 10:13:15 | 00,025,172 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox.idx
[2009-05-20 10:13:15 | 00,004,144 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox2.idx
[2009-05-20 09:28:36 | 00,189,847 | ---- | M] () -- D:\Documents and Settings\User\Desktop\artixxx.JPG
[2009-05-20 08:38:36 | 00,001,734 | ---- | M] () -- D:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009-05-20 08:26:50 | 00,403,047 | ---- | M] () -- D:\WINDOWS\Fishing_beta_1.3.1.exe
[2009-05-20 08:21:15 | 00,017,920 | ---- | M] () -- D:\WINDOWS\System\smss.exe
[2009-05-20 08:21:14 | 00,034,820 | ---- | M] () -- D:\WINDOWS\System\iexplore.exe
[2009-05-19 10:07:04 | 00,002,075 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009-05-18 09:17:25 | 00,001,550 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009-05-16 13:00:20 | 00,459,246 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2009-05-16 13:00:20 | 00,395,336 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2009-05-16 13:00:20 | 00,059,576 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2009-05-16 08:18:56 | 00,010,036 | ---- | M] () -- D:\Documents and Settings\User\Desktop\tempdecal.wad
[2009-05-16 08:12:32 | 00,424,854 | ---- | M] () -- D:\Documents and Settings\User\My Documents\Graff.bmp
[2009-05-16 05:33:43 | 00,138,512 | ---- | M] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-05-16 05:33:29 | 00,201,440 | ---- | M] () -- D:\WINDOWS\System32\PnkBstrB.exe
[2009-05-14 08:09:32 | 00,000,023 | ---- | M] () -- D:\WINDOWS\System32\sysmwwod.dll
[2009-05-13 11:47:12 | 00,028,672 | -HS- | M] () -- D:\Documents and Settings\User\Desktop\Thumbs.db
[2009-05-13 10:14:28 | 00,035,840 | ---- | M] () -- D:\Documents and Settings\User\Desktop\Izotony.doc
[2009-05-12 14:04:11 | 00,002,137 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009-05-12 14:00:31 | 00,001,604 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009-05-12 13:59:48 | 00,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-05-11 06:23:40 | 00,002,267 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009-05-08 12:19:48 | 00,000,673 | ---- | M] () -- D:\Documents and Settings\User\Desktop\Super Fast Shutdown.lnk
[2009-05-08 12:19:48 | 00,000,666 | ---- | M] () -- D:\Documents and Settings\User\Desktop\Super Fast Reboot.lnk
[2009-05-07 09:16:11 | 00,004,096 | ---- | M] () -- D:\WINDOWS\System32\crash
[2009-05-05 10:31:17 | 00,003,974 | ---- | M] () -- D:\Documents and Settings\User\My Documents\config.cfg
[2009-05-04 19:07:03 | 00,033,808 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\System32\drivers\klbg.sys
[2009-05-04 19:06:57 | 00,101,287 | ---- | M] () -- D:\WINDOWS\System32\drivers\klin.dat
[2009-05-04 19:06:57 | 00,089,601 | ---- | M] () -- D:\WINDOWS\System32\drivers\klick.dat
[2009-05-03 16:00:45 | 00,000,503 | ---- | M] () -- D:\Documents and Settings\User\Desktop\Shortcut to ET Minimalizer.lnk
[2009-04-29 06:24:46 | 00,000,603 | ---- | M] () -- D:\WINDOWS\win.ini
[2009-04-29 06:24:46 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009-04-28 16:56:33 | 00,021,504 | ---- | M] () -- D:\Documents and Settings\User\Desktop\PONIEDZIAŁEK.doc
[2009-04-27 20:03:42 | 00,066,872 | ---- | M] () -- D:\WINDOWS\System32\PnkBstrA.exe
[2009-04-27 19:50:30 | 00,000,477 | ---- | M] () -- D:\Documents and Settings\User\Desktop\Wolfenstein - Enemy Territory.lnk
[2009-04-27 18:23:03 | 00,149,504 | ---- | M] () -- D:\Documents and Settings\User\Desktop\zestaw3.xls
[2009-04-24 15:13:59 | 00,000,623 | ---- | M] () -- D:\Documents and Settings\User\Desktop\Counter-Strike.lnk
< End of report >



OtList2:


OTListIt Extras logfile created on: 2009-05-20 10:23:13 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Download ;D
Windows XP Professional Edition Service Pack 3, v.5657 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

511,49 Mb Total Physical Memory | 31,48 Mb Available Physical Memory | 6,16% Memory free
1,22 Gb Paging File | 0,83 Gb Available in Paging File | 67,99% Paging File free
Paging file location(s): D:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 78,13 Gb Total Space | 69,10 Gb Free Space | 88,45% Space Free | Partition Type: NTFS
Drive D: | 70,91 Gb Total Space | 56,45 Gb Free Space | 79,60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PATRICK-E0D0E07
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [At = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [At = htmlfile] -- D:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [At = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [At = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-776561741-790525478-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [At = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007-11-30 18:44:54 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007-11-30 18:44:54 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009-05-08 10:14:27 | 00,812,544 | ---- | M] () -- C:\Game\Metin2\metin2.bin:*:Enabled:metin2
[2009-04-20 16:56:20 | 09,818,728 | ---- | M] (GG Network S.A.) -- C:\Install program\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu
File not found -- C:\Game\Steam\steamapps\azerty639\counter-strike source\hl2.exe:*:Enabled:hl2
File not found -- C:\Game\cs 1.6\hl.exe:*:Enabled:Half-Life Launcher
File not found -- C:\Game\cs... 1.6\hl.exe:*:Enabled:Half-Life Launcher
File not found -- C:\Game\cs... 1.6\Cs 1.6\hl.exe:*:Enabled:Half-Life Launcher
[2009-04-04 15:12:36 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary
[2009-05-19 10:09:38 | 00,086,077 | ---- | M] (Valve) -- C:\Game\Steam\steamapps\majooo999519\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
[2003-05-27 14:44:36 | 01,396,808 | ---- | M] () -- C:\Game\ET\ET.exe:*:EnabledSzczerbolT
[2009-03-11 13:00:54 | 24,095,528 | R--- | M] (Skype Technologies S.A.) -- D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009-04-02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9198A23F-C33C-4907-9715-96DE7D4AF27D}" = RT2400 Wireless LAN Card
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1.1 - Polish
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{c3432ef8-b854-478c-b7e3-dfaba185a16a}" = Nero 9
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ALLPlayer_is1" = ALLPlayer V3.X
"ATI Display Driver" = ATI Display Driver
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00)
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.0
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"Steam App 10" = Counter-Strike
"Super Fast Shutdown_is1" = Super Fast Shutdown 1.0
"SysInfo" = Creative System Information
"TC UP" = Total Commander Ultima Prime 4.7.0.0
"Vista System Properties" = Vista System Properties
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 2009-05-20 01:16:06 | Computer Name = PATRICK-E0D0E07 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2009-05-20 01:16:09 | Computer Name = PATRICK-E0D0E07 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2009-05-20 01:16:13 | Computer Name = PATRICK-E0D0E07 | Source = Service Control Manager | ID = 7031
Description = The Nero BackItUp Scheduler 4.0 service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 500
milliseconds: Restart the service.

Error - 2009-05-20 02:45:56 | Computer Name = PATRICK-E0D0E07 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2009-05-20 02:45:58 | Computer Name = PATRICK-E0D0E07 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2009-05-20 02:46:13 | Computer Name = PATRICK-E0D0E07 | Source = Service Control Manager | ID = 7031
Description = The Nero BackItUp Scheduler 4.0 service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 500
milliseconds: Restart the service.

Error - 2009-05-20 04:17:27 | Computer Name = PATRICK-E0D0E07 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2009-05-20 04:17:40 | Computer Name = PATRICK-E0D0E07 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2009-05-20 04:18:02 | Computer Name = PATRICK-E0D0E07 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2009-05-20 04:19:11 | Computer Name = PATRICK-E0D0E07 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).


< End of report >



Gmer: Mam problem bo szuka i po pewnym czasie wyskakuje blad ;/
o to co z gmera udalo sie wyciagnac na tym sie blad pojawia :

GMER 1.0.15.14972 - "http://www.gmer.net
Rootkit scan 2009-05-20 13:27:34
Windows 5.1.2600 Service Pack 3, v.5657


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAA7891DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xAA7897AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xAA78B1EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xAA78AB9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xAA788950]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAA78CB7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xAA7895AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xAA788D92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xAA788F92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xAA78AEAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xAA78D084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xAA7890A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xAA789110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xAA78AD5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xAA78C620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xAA78A9F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xAA788AB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xAA7893B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xAA78CBA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xAA7892FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xAA789178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xAA788E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xAA788C5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xAA78C888]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xAA7885D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xAA78BA74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xAA788734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xAA78CF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xAA7883D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xAA78B08C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xAA7896AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xAA78C71A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xAA78CBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xAA788B08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xAA78CCB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xAA78CDE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xAA78C54C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xAA78947E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xAA7894F0]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + C8 804E2724 4 Bytes JMP F2AA78B1
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [B4, CC, 78, AA, E0, CD, 78, ...] {MOV AH, 0xcc; JS 0xffffffffffffffae; LOOPNZ 0xffffffffffffffd3; JS 0xffffffffffffffb2; DEC ESP; LDS EDI, DWORD [EAX-0x56]}
.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP AA7A09E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP AA7A0626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

---- User code sections - GMER 1.0.15 ----

? D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[456] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[456] USER32.dll!VRipOutput + FFFA4BCF 7E412A80 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
? D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2096] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2096] USER32.dll!VRipOutput + FFFA4BCF 7E412A80 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7F37530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7F37530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F7F37400] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!
(Ten post był ostatnio modyfikowany: 19 maj 2009 21:09 przez majooo999.)
19 maj 2009 18:21
Znajdź wszystkie posty użytkownika Odpowiedz cytując ten post  System operacyjny: windows_xp_2003 Przeglądarka: firefox
Paweł01 Offline
Prowadzący
Prowadzący

Liczba postów: 8971
Dołączył: IV 2008
Post: #5
RE: IEXPLORER.EXE keyloger
Przeczytaj regulamin i sprawdź jak prezentować logi.
Cytat:Gmer: Mam problem bo szuka i po pewnym czasie wyskakuje blad ;/
Oczywiście nie napisałeś jaki...

Nie odpowiadam w tematach z działu 'Bezpieczeństwo', w których brakuje pełnego zestawu logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Jeżeli prowadziłem wątek i w nim nie odpowiadam przez 3 dni-proszę o przypomnienie na PW.
Nie pomagam na PW.
Prośba o przetestowanie aplikacji: http://forum.pcformat.pl/Prosba-o-przete...L-OpenGL-t
20 maj 2009 01:56
Odwiedź stronę użytkownika Znajdź wszystkie posty użytkownika Odpowiedz cytując ten post  System operacyjny: windows_xp_2003 Przeglądarka: seamonkey
majooo999 Offline
Nowy użytkownik
*

Liczba postów: 43
Dołączył: XII 2008
Poziom ostrzeżeń: 0%
Post: #6
RE: IEXPLORER.EXE keyloger
taki ze wystapil blad aplikacji i trzeba bylo ja zamknąć.
20 maj 2009 06:37
Znajdź wszystkie posty użytkownika Odpowiedz cytując ten post  System operacyjny: windows_xp_2003 Przeglądarka: firefox
tomobo
Niezarejestrowany

 
Post: #7
RE: IEXPLORER.EXE keyloger
Prawy klawisz na mój kompter/zarządzaj/podgląd zdarzeń/aplikacje lub system - tam powinno być o tym błędzie. Najlepiej pokaż screen'a z niego.
20 maj 2009 17:52
Odpowiedz cytując ten post  System operacyjny: windows_xp_2003 Przeglądarka: firefox
Paweł01 Offline
Prowadzący
Prowadzący

Liczba postów: 8971
Dołączył: IV 2008
Post: #8
RE: IEXPLORER.EXE keyloger
W takim razie wklej logi wg regulaminu, a przede wszystkim tak, żeby się całe zmieściły...odnośnie GMERa - sprawdź jak się będzie zachowywał przy wyłączonej rezydentnej ochronie antywirusowej. Spróbuj go pobrać na nowo.

Nie odpowiadam w tematach z działu 'Bezpieczeństwo', w których brakuje pełnego zestawu logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Jeżeli prowadziłem wątek i w nim nie odpowiadam przez 3 dni-proszę o przypomnienie na PW.
Nie pomagam na PW.
Prośba o przetestowanie aplikacji: http://forum.pcformat.pl/Prosba-o-przete...L-OpenGL-t
20 maj 2009 18:22
Odwiedź stronę użytkownika Znajdź wszystkie posty użytkownika Odpowiedz cytując ten post  System operacyjny: linux Przeglądarka: firefox
Programy: Polecane / Nowe / Inne
Odpowiedz 


Podobne wątki (IEXPLORER.EXE keyloger)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Keyloger mrk101 3 619 15 styczeń 2011 20:33
Ostatni post: BarnaS
  Wyskakujące reklamy, iexplorer.exe, minimalizowanie. etotoja 3 1297 5 grudzień 2010 17:32
Ostatni post: dumbass
  Keyloger? wojt3kk 3 828 5 luty 2010 21:37
Ostatni post: Flash999



Skocz do:


Wybrane wątki (IEXPLORER.EXE keyloger)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Blokada stron producentow antywirusów, komenta cmd nie dziala itp. rayssa 1 1270 28 listopad 2012 20:20
Ostatni post: broda99
  skróty zamiast folderów w pendrive - logi kornel145 13 3269 28 listopad 2012 17:29
Ostatni post: broda99
  Samoczynne otwieranie sie stron z reklamami,grami sjaniel 10 15990 28 listopad 2012 13:18
Ostatni post: sjaniel
  problem z pojawiającym się komunikatem Browser Settings Change ziemniak 5 2464 27 listopad 2012 23:03
Ostatni post: broda99
  Norton - odnowienie licencji Pangratt 4 1956 27 listopad 2012 13:35
Ostatni post: Pangratt
  BasicScan w Google Chrome plus prawdopodobnie jakiś syf w "Win32" [wydzielone] Miszo 0 890 26 listopad 2012 17:27
Ostatni post: Miszo
  Nie moge pobrać/zainstalować antywirusa. samsung18cal 1 1424 25 listopad 2012 16:52
Ostatni post: Paweł01
  iexplore.exe, notepad.exe AndreWLD 8 1305 25 listopad 2012 03:46
Ostatni post: AndreWLD
  JS Redirector proszę o sprawdzenie strony www aleksander 1 896 24 listopad 2012 13:46
Ostatni post: Gmen
  Nowy abonament internetowy z własnym IP arckadius 0 528 24 listopad 2012 11:46
Ostatni post: arckadius
  Proszę o sprawdzenie logów. Mako 3 1191 24 listopad 2012 11:26
Ostatni post: broda99
  Skróty zamiast plików dysk USB + logi Trompka 4 1365 23 listopad 2012 15:52
Ostatni post: Trompka
  System Progressive Security Maiwyn 3 1048 23 listopad 2012 02:23
Ostatni post: Paweł01
  Wirus "UKASH" biały ekran. MidwayDota 5 2417 22 listopad 2012 22:36
Ostatni post: broda99
  Dużo procesów svhost.exe MrGohut 1 1354 22 listopad 2012 12:01
Ostatni post: broda99