Witamy na forum PC Format Zapraszamy do REJESTRACJI


Użytkownicy przeglądający ten wątek: 1 gości

Proszę o sprawdzenie loga.

#1
Proszę o sprawdzenie loga.
Proszę o sprawdzenie loga. Z góry dziękuje!

Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:40, on 2009-06-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\DAP\DAP.EXE
D:\Program Files\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (file missing)
O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nProtect Security Platform 2007] C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe -tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O20 - AppInit_DLLs: ??,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device -   - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: nProtect Security Platform 2007 Service (NSPService) - INCA Internet Co., Ltd. - C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe
O23 - Service: nProtect Security Platform 2007 Update Service (NSPUpdateService) - INCAInternet Co.,Ltd - C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8371 bytes
 System operacyjny: windows_xp_2003 Przeglądarka: opera
#2
RE: Proszę o sprawdzenie loga.
Na wszelki wypadek zapoznaj się z tematem http://forum.pcformat.pl/thread-153714.html
i następnie pokaż log z ComboFix

(możliwe że nie będzie się chciał uruchomić, w skutek działania rootkita tdssserv. Nie dalej jak dwa dni temu był taki przypadek na forum, również z widocznym w logu F2 (...)C:\WINDOWS\system32\sdra64.exe. W takim wypadku pokaż log z GMER: http://www.gmer.net/#files )

BTW w logu widzę dwa zainstalowane antywirusy Chytry
Przy "problemach po aktualizacji do Win10" oraz problemach ze "spadkami FPS w CS:GO"
Nie pomagam.

 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#3
RE: Proszę o sprawdzenie loga.
Próbowałem zrobic loga przez ComboFix ale nie chciał się uruchomić. Zamieszczam loga z Gmera:

Kod:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 14:03:03
Windows 5.1.2600 Dodatek Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x3B        ?                                                                                                                                                            86D3ABF8
INT 0x3B        ?                                                                                                                                                            86D3ABF8
INT 0x3E        ?                                                                                                                                                            86F6CBF8
INT 0x3F        ?                                                                                                                                                            86F6CBF8

Code            86F554F0                                                                                                                                                     ZwEnumerateKey
Code            86CE2AF0                                                                                                                                                     ZwFlushInstructionCache
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                          FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                          IoIsOperationSynchronous
Code            86DEA5CE                                                                                                                                                     IofCallDriver
Code            86E31D56                                                                                                                                                     IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!IofCallDriver                                                                                                                                   804E37C5 5 Bytes  JMP 86DEA5D3
.text           ntoskrnl.exe!IofCompleteRequest                                                                                                                              804E3BF6 5 Bytes  JMP 86E31D5B
.text           ntoskrnl.exe!IoIsOperationSynchronous                                                                                                                        804E8752 5 Bytes  JMP F462A9E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text           ntoskrnl.exe!FsRtlCheckLockForReadAccess                                                                                                                     80503C29 5 Bytes  JMP F462A626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
PAGE            ntoskrnl.exe!ZwEnumerateKey                                                                                                                                  8056EEB0 5 Bytes  JMP 86F554F4
PAGE            ntoskrnl.exe!ZwFlushInstructionCache                                                                                                                         805769EA 5 Bytes  JMP 86CE2AF4
?               spzj.sys                                                                                                                                                     Nie można odnaleźć określonego pliku. !
.text           USBPORT.SYS!DllUnload                                                                                                                                        F6A5480C 5 Bytes  JMP 86D3A1D8

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\ctfmon.exe[124] ntdll.dll!LdrLoadDll                                                                                                     7C9161CA 5 Bytes  JMP 00A2000A
.text           C:\WINDOWS\system32\ctfmon.exe[124] ntdll.dll!LdrUnloadDll                                                                                                   7C91718B 5 Bytes  JMP 00A3000A
.text           C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] ntdll.dll!LdrLoadDll                                                                                                  7C9161CA 5 Bytes  JMP 007B000A
.text           C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] ntdll.dll!LdrUnloadDll                                                                                                7C91718B 5 Bytes  JMP 007C000A
.text           C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] ntdll.dll!LdrLoadDll                                                        7C9161CA 5 Bytes  JMP 0095000A
.text           C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] ntdll.dll!LdrUnloadDll                                                      7C91718B 5 Bytes  JMP 0096000A
.text           C:\WINDOWS\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll                                                                                                   7C9161CA 5 Bytes  JMP 006D000A
.text           C:\WINDOWS\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll                                                                                                 7C91718B 5 Bytes  JMP 006E000A
.text           C:\WINDOWS\system32\services.exe[880] ntdll.dll!LdrLoadDll                                                                                                   7C9161CA 5 Bytes  JMP 006D000A
.text           C:\WINDOWS\system32\services.exe[880] ntdll.dll!LdrUnloadDll                                                                                                 7C91718B 5 Bytes  JMP 006E000A
.text           C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!LdrLoadDll                                                                                                      7C9161CA 5 Bytes  JMP 0076000A
.text           C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!LdrUnloadDll                                                                                                    7C91718B 5 Bytes  JMP 007A000A
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[944] ntdll.dll!LdrLoadDll                                                                                   7C9161CA 5 Bytes  JMP 0081000A
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[944] ntdll.dll!LdrUnloadDll                                                                                 7C91718B 5 Bytes  JMP 0083000A
.text           D:\Program Files\71x11kyu.exe[1160] ntdll.dll!LdrLoadDll                                                                                                     7C9161CA 5 Bytes  JMP 00A9000A
.text           D:\Program Files\71x11kyu.exe[1160] ntdll.dll!LdrUnloadDll                                                                                                   7C91718B 5 Bytes  JMP 00AA000A
.text           C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] ntdll.dll!LdrLoadDll                                                                                                   7C9161CA 5 Bytes  JMP 007E000A
.text           C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] ntdll.dll!LdrUnloadDll                                                                                                 7C91718B 5 Bytes  JMP 007F000A
.text           C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] ntdll.dll!LdrLoadDll                                                                                                   7C9161CA 5 Bytes  JMP 0080000A
.text           C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] ntdll.dll!LdrUnloadDll                                                                                                 7C91718B 5 Bytes  JMP 0081000A
.text           C:\WINDOWS\system32\nvsvc32.exe[1652] ntdll.dll!LdrLoadDll                                                                                                   7C9161CA 5 Bytes  JMP 0077000A
.text           C:\WINDOWS\system32\nvsvc32.exe[1652] ntdll.dll!LdrUnloadDll                                                                                                 7C91718B 5 Bytes  JMP 0078000A
.text           C:\WINDOWS\system32\spoolsv.exe[1760] ntdll.dll!LdrLoadDll                                                                                                   7C9161CA 5 Bytes  JMP 009F000A
.text           C:\WINDOWS\system32\spoolsv.exe[1760] ntdll.dll!LdrUnloadDll                                                                                                 7C91718B 5 Bytes  JMP 00A1000A
.text           C:\WINDOWS\Explorer.EXE[1968] ntdll.dll!LdrLoadDll                                                                                                           7C9161CA 5 Bytes  JMP 00B4000A
.text           C:\WINDOWS\Explorer.EXE[1968] ntdll.dll!LdrUnloadDll                                                                                                         7C91718B 5 Bytes  JMP 00B5000A
.text           C:\Program Files\Opera\opera.exe[1988] ntdll.dll!LdrLoadDll                                                                                                  7C9161CA 5 Bytes  JMP 009F000A
.text           C:\Program Files\Opera\opera.exe[1988] ntdll.dll!LdrUnloadDll                                                                                                7C91718B 5 Bytes  JMP 00A0000A
.text           C:\Program Files\Opera\opera.exe[1988] WS2_32.dll!getaddrinfo                                                                                                71A52A6F 5 Bytes  JMP 00BCFC50 \\?\globalroot\systemroot\system32\UACnsiuswef.dll
.text           C:\Program Files\Opera\opera.exe[1988] WS2_32.dll!connect                                                                                                    71A5406A 5 Bytes  JMP 00BD0B00 \\?\globalroot\systemroot\system32\UACnsiuswef.dll
.text           C:\Program Files\Opera\opera.exe[1988] WS2_32.dll!send                                                                                                       71A5428A 5 Bytes  JMP 00BD09E0 \\?\globalroot\systemroot\system32\UACnsiuswef.dll
.text           C:\Program Files\Opera\opera.exe[1988] WS2_32.dll!gethostbyname                                                                                              71A54FD4 5 Bytes  JMP 00BD0000 \\?\globalroot\systemroot\system32\UACnsiuswef.dll
.text           C:\Program Files\Opera\opera.exe[1988] WS2_32.dll!closesocket                                                                                                71A59639 5 Bytes  JMP 00BD0CC0 \\?\globalroot\systemroot\system32\UACnsiuswef.dll
.text           C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] ntdll.dll!LdrLoadDll                                                     7C9161CA 5 Bytes  JMP 00AF000A
.text           C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] ntdll.dll!LdrUnloadDll                                                   7C91718B 5 Bytes  JMP 00B1000A
.text           C:\WINDOWS\System32\alg.exe[3248] ntdll.dll!LdrLoadDll                                                                                                       7C9161CA 5 Bytes  JMP 0078000A
.text           C:\WINDOWS\System32\alg.exe[3248] ntdll.dll!LdrUnloadDll                                                                                                     7C91718B 5 Bytes  JMP 007A000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[4012] ntdll.dll!LdrLoadDll                                                                                   7C9161CA 5 Bytes  JMP 00B2000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[4012] ntdll.dll!LdrUnloadDll                                                                                 7C91718B 5 Bytes  JMP 00B3000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[4012] WININET.dll!HttpAddRequestHeadersA                                                                     771B40CA 5 Bytes  JMP 00BE000C
.text           C:\Program Files\Internet Explorer\Iexplore.exe[4012] WININET.dll!HttpAddRequestHeadersW                                                                     771BEEF4 5 Bytes  JMP 00CF000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[4012] WS2_32.dll!getaddrinfo                                                                                 71A52A6F 5 Bytes  JMP 00D0FC50 \\?\globalroot\systemroot\system32\UACnsiuswef.dll
.text           C:\Program Files\Internet Explorer\Iexplore.exe[4012] WS2_32.dll!connect                                                                                     71A5406A 5 Bytes  JMP 00D10B00 \\?\globalroot\systemroot\system32\UACnsiuswef.dll
.text           C:\Program Files\Internet Explorer\Iexplore.exe[4012] WS2_32.dll!send                                                                                        71A5428A 5 Bytes  JMP 00D109E0 \\?\globalroot\systemroot\system32\UACnsiuswef.dll
.text           C:\Program Files\Internet Explorer\Iexplore.exe[4012] WS2_32.dll!gethostbyname                                                                               71A54FD4 5 Bytes  JMP 00D10000 \\?\globalroot\systemroot\system32\UACnsiuswef.dll
.text           C:\Program Files\Internet Explorer\Iexplore.exe[4012] WS2_32.dll!closesocket                                                                                 71A59639 5 Bytes  JMP 00D10CC0 \\?\globalroot\systemroot\system32\UACnsiuswef.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                           86FDB2D8
IAT             pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                                                         [F762393C] spzj.sys
IAT             pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                                                            [F7623990] spzj.sys
IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                           [F75F4040] spzj.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                                   [F75F413C] spzj.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                                          [F75F40BE] spzj.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                                  [F75F47FC] spzj.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                          [F75F46D2] spzj.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                           [F7603D92] spzj.sys
IAT             \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                         86D3A2D8

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                      0008528A
IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                                000851D6
IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                    00085171
IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                            0008513F
IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                            0008554F
IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                            000857F9
IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                          000857F9
IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                          0008554F
IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                          000857F9
IAT             C:\WINDOWS\system32\ctfmon.exe[124] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                       0008528A
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                   0013528A
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                             001351D6
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                 00135171
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                         0013513F
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                       001357F9
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                         0013554F
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                         001357F9
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                    0013528A
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                                       001357F9
IAT             C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[500] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                                       0013554F
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]         0013528A
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                   001351D6
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]       00135171
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]               0013513F
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]               0013554F
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]               001357F9
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]             001357F9
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]             0013554F
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]             001357F9
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[624] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]          0013528A
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile]                                                    00FE528A
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                    00FE528A
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                              00FE51D6
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                  00FE5171
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          00FE513F
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                        00FE57F9
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                          00FE554F
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                          00FE57F9
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                     00FE528A
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                                        00FE57F9
IAT             C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                                        00FE554F
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                       00FA528A
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                                 00FA51D6
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                     00FA5171
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                             00FA513F
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll]                                                                   00FA51D6
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                        00FA528A
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll]                                                                   00FA51D6
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress]                                                       00FA5171
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                             00FA554F
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                             00FA57F9
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                           00FA57F9
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                           00FA554F
IAT             C:\WINDOWS\system32\lsass.exe[892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                           00FA57F9
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                    0013528A
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                              001351D6
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                  00135171
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                          0013513F
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                          0013554F
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                          001357F9
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                        001357F9
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                        0013554F
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                        001357F9
IAT             C:\Program Files\Spyware Terminator\sp_rsser.exe[944] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                     0013528A
IAT             C:\WINDOWS\system32\svchost.exe[1060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          00F7513F
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                    00D3528A
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                              00D351D6
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                  00D35171
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          00D3513F
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                          00D3554F
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                          00D357F9
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                        00D357F9
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                        00D3554F
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                        00D357F9
IAT             C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                     00D3528A
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                      0013528A
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                                001351D6
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                    00135171
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                            0013513F
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                          001357F9
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                            0013554F
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                            001357F9
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                       0013528A
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                                          001357F9
IAT             D:\Program Files\71x11kyu.exe[1160] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                                          0013554F
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                    00D3528A
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                              00D351D6
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                  00D35171
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          00D3513F
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                          00D3554F
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                          00D357F9
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                        00D357F9
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                        00D3554F
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                        00D357F9
IAT             C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                     00D3528A
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                    0040528A
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                              004051D6
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                  00405171
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          0040513F
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                          0040554F
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                          004057F9
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                        004057F9
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                        0040554F
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                        004057F9
IAT             C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                     0040528A
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                    0013528A
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                              001351D6
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                  00135171
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          0013513F
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                        001357F9
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                          0013554F
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                          001357F9
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                     0013528A
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                                        001357F9
IAT             C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1416] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                                        0013554F
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                    0013528A
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                              001351D6
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                  00135171
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          0013513F
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                     0013528A
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                        001357F9
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                          0013554F
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                          001357F9
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                                        001357F9
IAT             C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1424] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                                        0013554F
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                    0013528A
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                              001351D6
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                  00135171
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                          0013513F
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                        001357F9
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                          0013554F
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                          001357F9
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                     0013528A
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                                        001357F9
IAT             C:\WINDOWS\system32\nvsvc32.exe[1652] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                                        0013554F
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage]                                                                        018657F9
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                            0186528A
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                                      018651D6
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                          01865171
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                                  0186513F
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                                  0186554F
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                                  018657F9
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                                018657F9
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                                018657F9
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                                0186554F
IAT             C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                             0186528A
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                   0013528A
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                             001351D6
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                 00135171
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                         0013513F
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                       001357F9
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                         0013554F
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                         001357F9
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                    0013528A
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                                                       001357F9
IAT             C:\Program Files\Opera\opera.exe[1988] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                                                       0013554F
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]          0013528A
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                    001351D6
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]        00135171
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                0013513F
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                0013554F
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                001357F9
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]              001357F9
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]              0013554F
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]              001357F9
IAT             C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe[2680] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]           0013528A
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]      0013528A
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                001351D6
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]    00135171
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]            0013513F
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]          001357F9
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]          0013554F
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]          001357F9
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]            0013554F
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]            001357F9
IAT             C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe[2904] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]       0013528A
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                                                        0040528A
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                                                                  004051D6
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                                                      00405171
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                                                              0040513F
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                                                              0040554F
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                                                              004057F9
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                                                         0040528A
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                                                            004057F9
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                                                            0040554F
IAT             C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                                                            004057F9

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                       86F6B1F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\usbohci \Device\USBPDO-0                                                                                                                             86D741F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                                                    86FD91F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                                                      86FD91F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                                                         86FD91F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                                                        86FD91F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                                             86D741F8
Device          \Driver\PCI_PNP6624 \Device\00000053                                                                                                                         spzj.sys
Device          \Driver\PCI_PNP6624 \Device\00000053                                                                                                                         spzj.sys

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                       86F6D1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                                       86F6D1F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                                                 86CD7500
Device          \Driver\Cdrom \Device\CdRom1                                                                                                                                 86CD7500
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                           86F6C1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                           86F6C1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                                                                  86F6C1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                      86D08500

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\sptd \Device\2045377632                                                                                                                              spzj.sys
Device          \Driver\usbohci \Device\USBFDO-0                                                                                                                             86D741F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                                             86D741F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                            86A361F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                                  86A361F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                                             86F6D1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{1277F1C2-A511-4E89-BC06-E847576EE7EF}                                                                                     86D08500
Device          \Driver\a22mci1b \Device\Scsi\a22mci1b1                                                                                                                      86D491F8
Device          \Driver\a22mci1b \Device\Scsi\a22mci1b1                                                                                                                      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\a22mci1b \Device\Scsi\a22mci1b1Port2Path0Target0Lun0                                                                                                 86D491F8
Device          \Driver\a22mci1b \Device\Scsi\a22mci1b1Port2Path0Target0Lun0                                                                                                 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \FileSystem\Cdfs \Cdfs                                                                                                                                       86DCB500
---- Processes - GMER 1.0.15 ----

Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [124]                                                  0x00BE0000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [500]                                               0x00980000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe [624]     0x00B10000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [836]                                                0x007A0000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [880]                                                0x008A0000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [892]                                                   0x00950000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\Program Files\Spyware Terminator\sp_rsser.exe [944]                                0x009E0000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1060]                                                0x00920000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1128]                                                0x00920000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ D:\Program Files\71x11kyu.exe [1160]                                                  0x00C60000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1216]                                                0x00920000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1276]                                                0x00940000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgrsx.exe [1416]                                                0x009B0000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgnsx.exe [1424]                                                0x009D0000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1524]                                                0x00920000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\nvsvc32.exe [1652]                                                0x00940000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1760]                                                0x00BC0000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1968]                                                        0x00C40000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\Program Files\Opera\opera.exe [1988]                                               0x00BC0000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe [2904]  0x00CC0000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3248]                                                    0x00950000                                                                                                          
Library         \\?\globalroot\systemroot\system32\UACnsiuswef.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [4012]                                0x00D00000                                                                                                          

---- EOF - GMER 1.0.15 ----
 System operacyjny: windows_xp_2003 Przeglądarka: opera
#4
RE: Proszę o sprawdzenie loga.
Wklej do notatnika: (bez frazy Kod)
Kod:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.pl/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
Plik-> Zapisz jako-> Zmień rozszerzenie na Wszystkie pliki-> Zapisz pod nazwą FIX.REG-> Uruchom utworzony plik

Pobierz Avenger. W polu Input script here wklej taki tekst: (bez frazy Kod)
Kod:
Files to delete:
C:\WINDOWS\system32\UACnsiuswef.dll
D:\Program Files\71x11kyu.exe
C:\WINDOWS\system32\sdra64.exe
Kliknij Execute.- Komputer uruchomi się ponownie

Potem pokaż log z Random's System Information Tool, nowy log z GMER i raport z Avengera, czyli plik C:\Avenger.txt


Pobierz narzędzie SystemLook

Wklej do programu:
Kod:
:filefind
UAC*
Wciśnij Look

Poczekaj, aż program skończy pracę, następnie pokaż raport z programu
Przy "problemach po aktualizacji do Win10" oraz problemach ze "spadkami FPS w CS:GO"
Nie pomagam.

 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#5
RE: Proszę o sprawdzenie loga.
Log z Random's System Information Tool:
Kod:
Logfile of random's system information tool 1.06 (written by random/random)
Run by ja at 2009-06-29 14:25:16
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 9 GB (29%) free of 31 GB
Total RAM: 1023 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:20, on 2009-06-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe
C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\DAP\DAP.EXE
D:\Program Files\RSIT.exe
D:\Program Files\ja.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (file missing)
O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nProtect Security Platform 2007] C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe -tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O20 - AppInit_DLLs: ??,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device -   - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: nProtect Security Platform 2007 Service (NSPService) - INCA Internet Co., Ltd. - C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8077 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-28 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [2009-05-06 398776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F685C3-20D9-4943-95E4-EB4224056C3F}]
Expressivo - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-06-23 140880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{85F685C3-20D9-4943-95E4-EB4224056C3F} - Expressivo - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Pasek &Crawler - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll []
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll [2009-05-06 529848]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-26 65024]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-06-28 206088]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-28 1948440]
"nProtect Security Platform 2007"=C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe [2009-06-09 911904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-04-10 9818728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-08-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-07-21 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-12-20 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-02-14 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ja^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
C:\PROGRA~1\ivo\UNISPI~1.6\UNI_SP~1.EXE  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="??,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-28 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\Program Files\Gadu-Gadu\gg.exe"="G:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\ja\Pulpit\Ares.exe"="C:\Documents and Settings\ja\Pulpit\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\Ares\Ares.exe"="D:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\hl.exe"="D:\Program Files\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Disabled:Opera Internet Browser"
"C:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\Kolekcja Klasyki\Splinter Cell Pandora Tomorrow\Pandora.exe"="C:\Program Files\Kolekcja Klasyki\Splinter Cell Pandora Tomorrow\Pandora.exe:*:Enabled:Pandora"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Metrin2\metin2.bin"="C:\Program Files\Metrin2\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\ja\Pulpit\Metrin2\metin2.bin"="C:\Documents and Settings\ja\Pulpit\Metrin2\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"D:\Program Files\rohanclient.exe"="D:\Program Files\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.24b\Rohanbot.exe"="C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.24b\Rohanbot.exe:*:Enabled:HookSrv"
"C:\Documents and Settings\ja\Pulpit\METIN2\metin2.bin"="C:\Documents and Settings\ja\Pulpit\METIN2\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.26b\Rohanbot.exe"="C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.26b\Rohanbot.exe:*:Enabled:HookSrv"
"D:\Rohan_Global\rohanclient.exe"="D:\Rohan_Global\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cbd0de0-9fff-11dc-ae09-00304f3b2426}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


======List of files/folders created in the last 1 months======

2165-03-31 14:28:44 ----D---- C:\Documents and Settings\ja\Dane aplikacji\skypePM
2165-03-31 14:22:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2165-03-31 14:01:55 ----HD---- C:\WINDOWS\system32\GroupPolicy
2165-03-30 03:38:42 ----SHD---- C:\WINDOWS\ftpcache
2165-03-09 15:20:48 ----D---- C:\WINDOWS\system32\appmgmt
2009-06-29 14:25:16 ----D---- C:\rsit
2009-06-29 14:20:21 ----D---- C:\Avenger
2009-06-29 14:20:21 ----A---- C:\avenger.txt
2009-06-29 13:17:40 ----D---- C:\!KillBox
2009-06-29 13:13:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-29 13:13:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-06-29 11:56:18 ----A---- C:\WINDOWS\system32\nspsysopt.dll
2009-06-29 11:55:54 ----D---- C:\Program Files\Common Files\INCAInternet
2009-06-29 11:55:54 ----A---- C:\WINDOWS\system32\nspavxml.dll
2009-06-29 11:55:54 ----A---- C:\WINDOWS\system32\nspavcr.dll
2009-06-29 11:55:54 ----A---- C:\WINDOWS\system32\nspavcm.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKTool64.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKTool.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKFsAvHook.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKFsAv64.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKFsAv.dll
2009-06-29 11:55:51 ----A---- C:\WINDOWS\system32\nspupdtxml.dll
2009-06-29 11:55:51 ----A---- C:\WINDOWS\system32\nspupdt.dll
2009-06-29 11:55:50 ----D---- C:\WINDOWS\system32\INCAInternet
2009-06-29 11:55:50 ----A---- C:\WINDOWS\system32\WINHTTP5.DLL
2009-06-29 11:55:50 ----A---- C:\WINDOWS\system32\sn3win.dll
2009-06-29 11:55:50 ----A---- C:\WINDOWS\system32\nspmainxml.dll
2009-06-29 11:55:50 ----A---- C:\WINDOWS\system32\nsplic.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\TKRgFt64.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\TKRgFt.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\TKRgAc64.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\TKRgAc.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\nspcutil.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\nspcrypt.dll
2009-06-29 11:55:48 ----A---- C:\WINDOWS\system32\TKFsFt64.dll
2009-06-29 11:55:48 ----A---- C:\WINDOWS\system32\TKFsFt.dll
2009-06-29 11:55:48 ----A---- C:\WINDOWS\system32\TKFsAc64.dll
2009-06-29 11:55:48 ----A---- C:\WINDOWS\system32\TKFsAc.dll
2009-06-29 11:55:33 ----D---- C:\Program Files\INCAInternet
2009-06-29 11:55:33 ----A---- C:\WINDOWS\system32\dzip32.dll
2009-06-29 11:55:33 ----A---- C:\WINDOWS\system32\dunzip32.dll
2009-06-29 11:34:10 ----D---- C:\Documents and Settings\ja\Dane aplikacji\OpenFM
2009-06-28 18:30:52 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-28 18:30:33 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\AVG Security Toolbar
2009-06-28 18:30:20 ----D---- C:\Program Files\AVG
2009-06-28 18:30:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\avg8
2009-06-28 14:09:43 ----D---- C:\Program Files\Kaspersky Lab
2009-06-28 14:09:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2009-06-28 14:08:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-06-28 12:51:11 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\BC6
2009-06-26 15:57:48 ----D---- C:\Program Files\Games-Masters.com
2009-06-26 14:53:34 ----D---- C:\WINDOWS\system32\NtmsData
2009-06-23 15:15:41 ----D---- C:\download
2009-06-23 15:14:18 ----A---- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
2009-06-23 12:44:18 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2009-06-23 12:21:19 ----D---- C:\Program Files\SpeedBit Video Accelerator
2009-06-23 12:21:07 ----D---- C:\Program Files\SpeedBit Video Downloader
2009-06-23 12:16:10 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-06-23 12:15:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit
2009-06-23 12:15:46 ----D---- C:\Program Files\DAP
2009-06-21 19:55:45 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-21 19:55:44 ----D---- C:\Program Files\DivX
2009-06-20 21:35:53 ----A---- C:\m.txt
2009-06-20 15:46:45 ----D---- C:\Program Files\Common Files\DirectX
2009-06-20 15:27:09 ----D---- C:\Program Files\EA GAMES
2009-06-20 10:10:04 ----D---- C:\Nexon
2009-06-20 10:10:04 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS
2009-06-15 19:58:38 ----D---- C:\Program Files\Fortressmu
2009-06-11 10:46:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\F2E8

======List of files/folders modified in the last 1 months======

2009-06-29 14:23:14 ----D---- C:\WINDOWS\Temp
2009-06-29 14:20:28 ----RD---- C:\Program Files
2009-06-29 14:20:28 ----D---- C:\WINDOWS\system32\drivers
2009-06-29 14:20:28 ----D---- C:\WINDOWS\system32
2009-06-29 14:19:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-29 13:21:03 ----SHD---- C:\WINDOWS\system32\lowsec
2009-06-29 13:11:06 ----D---- C:\Program Files\Spyware Terminator
2009-06-29 13:08:08 ----D---- C:\Program Files\Mozilla Firefox
2009-06-29 13:07:50 ----D---- C:\Documents and Settings\ja\Dane aplikacji\Spyware Terminator
2009-06-29 11:55:54 ----D---- C:\Program Files\Common Files
2009-06-29 11:55:47 ----SHD---- C:\WINDOWS\Installer
2009-06-29 11:55:47 ----D---- C:\Config.Msi
2009-06-29 11:55:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-28 18:29:28 ----D---- C:\WINDOWS
2009-06-28 14:10:11 ----HD---- C:\WINDOWS\inf
2009-06-28 14:09:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-28 12:12:20 ----D---- C:\Program Files\Damian Pasternak
2009-06-27 18:06:36 ----D---- C:\WINDOWS\Prefetch
2009-06-27 17:58:24 ----D---- C:\Program Files\QuickTime
2009-06-27 17:57:36 ----D---- C:\Program Files\CyberLink
2009-06-27 17:56:45 ----D---- C:\Program Files\Gadu-Gadu
2009-06-27 17:49:00 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
2009-06-26 15:19:04 ----SH---- C:\boot.ini
2009-06-26 15:19:04 ----A---- C:\WINDOWS\win.ini
2009-06-26 15:19:04 ----A---- C:\WINDOWS\system.ini
2009-06-26 15:19:03 ----D---- C:\WINDOWS\pss
2009-06-26 14:33:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-24 17:47:20 ----D---- C:\Program Files\Valve
2009-06-23 12:22:58 ----D---- C:\Program Files\Opera
2009-06-20 20:19:03 ----D---- C:\Program Files\Dziobas Rar Player
2009-06-18 13:27:34 ----D---- C:\Documents and Settings\ja\Dane aplikacji\Skype
2009-06-17 15:10:44 ----D---- C:\Program Files\Lx_cats
2009-06-15 18:31:15 ----D---- C:\Program Files\Nowe Gadu-Gadu

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-28 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-28 108552]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-06-28 226832]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 rspndr;Responder odnajdywania topologii warstwy łącza; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-27 611820]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]
R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 TKFsAc;TKFsAc; \??\C:\WINDOWS\system32\TKFsAc2k.sys []
R3 TKFsAv;TKFsAv; \??\C:\WINDOWS\system32\TKFsAv2k.sys []
R3 TKFsFt;TKFsFt; \??\C:\WINDOWS\system32\TKFsFt2k.sys []
R3 TKRgAc;TKRgAc; \??\C:\WINDOWS\system32\TKRgAc2k.sys []
R3 TKRgFt;TKRgFt; \??\C:\WINDOWS\system32\TKRgFtXp.sys []
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-10-23 17152]
R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 aclus9i6;aclus9i6; C:\WINDOWS\system32\drivers\aclus9i6.sys []
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2002-06-29 414543]
S3 ds1;Sterownik karty Yamaha DS1 Audio (WDM); C:\WINDOWS\system32\drivers\ds1wdm.sys [2001-08-17 334208]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 KS-959;Kingsun KS-959 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 19034]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 NTProcDrv;Process creation detector for NT.; \??\C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.26b\NtProcDrv.sys []
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-28 298776]
R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 NSPService;nProtect Security Platform 2007 Service; C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe [2009-06-09 354848]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-06-15 606720]
S2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-06-28 206088]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-02-26 3027706]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Log z GMER:

Kod:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 14:34:55
Windows 5.1.2600 Dodatek Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x3B        ?                                                                                                           86DCDBF8
INT 0x3B        ?                                                                                                           86DCDBF8
INT 0x3E        ?                                                                                                           86FD9BF8
INT 0x3F        ?                                                                                                           86FD9BF8

Code            86CE56E8                                                                                                    ZwEnumerateKey
Code            86E7A9D0                                                                                                    ZwFlushInstructionCache
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                         FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                         IoIsOperationSynchronous
Code            86DCDD0E                                                                                                    IofCallDriver
Code            86D4A2DE                                                                                                    IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!IofCallDriver                                                                                  804E37C5 5 Bytes  JMP 86DCDD13
.text           ntoskrnl.exe!IofCompleteRequest                                                                             804E3BF6 5 Bytes  JMP 86D4A2E3
.text           ntoskrnl.exe!IoIsOperationSynchronous                                                                       804E8752 5 Bytes  JMP F462A9E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text           ntoskrnl.exe!FsRtlCheckLockForReadAccess                                                                    80503C29 5 Bytes  JMP F462A626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
PAGE            ntoskrnl.exe!ZwEnumerateKey                                                                                 8056EEB0 2 Bytes  JMP 86CE56EC
PAGE            ntoskrnl.exe!ZwEnumerateKey + 3                                                                             8056EEB3 2 Bytes  [77, 06] {JA 0x8}
PAGE            ntoskrnl.exe!ZwFlushInstructionCache                                                                        805769EA 5 Bytes  JMP 86E7A9D4
?               xmuxsp.sys                                                                                                  Nie można odnaleźć określonego pliku. !
?               qznc.sys                                                                                                    Nie można odnaleźć określonego pliku. !
?               spcv.sys                                                                                                    Nie można odnaleźć określonego pliku. !
.text           USBPORT.SYS!DllUnload                                                                                       F6A2C80C 5 Bytes  JMP 86DCD1D8

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\NOTEPAD.EXE[148] ntdll.dll!LdrLoadDll                                                   7C9161CA 5 Bytes  JMP 00A0000A
.text           C:\WINDOWS\system32\NOTEPAD.EXE[148] ntdll.dll!LdrUnloadDll                                                 7C91718B 5 Bytes  JMP 00A1000A
.text           C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] ntdll.dll!LdrLoadDll                                                 7C9161CA 5 Bytes  JMP 0079000A
.text           C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] ntdll.dll!LdrUnloadDll                                               7C91718B 5 Bytes  JMP 007A000A
.text           C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[456] ntdll.dll!LdrLoadDll       7C9161CA 5 Bytes  JMP 0093000A
.text           C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe[456] ntdll.dll!LdrUnloadDll     7C91718B 5 Bytes  JMP 0094000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[672] ntdll.dll!LdrLoadDll                                   7C9161CA 5 Bytes  JMP 00B0000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[672] ntdll.dll!LdrUnloadDll                                 7C91718B 5 Bytes  JMP 00B1000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[672] WININET.dll!HttpAddRequestHeadersA                     771B40CA 5 Bytes  JMP 00BC000C
.text           C:\Program Files\Internet Explorer\Iexplore.exe[672] WININET.dll!HttpAddRequestHeadersW                     771BEEF4 5 Bytes  JMP 00CD000A
.text           C:\WINDOWS\system32\NOTEPAD.EXE[800] ntdll.dll!LdrLoadDll                                                   7C9161CA 5 Bytes  JMP 00A0000A
.text           C:\WINDOWS\system32\NOTEPAD.EXE[800] ntdll.dll!LdrUnloadDll                                                 7C91718B 5 Bytes  JMP 00A1000A
.text           C:\WINDOWS\system32\winlogon.exe[844] ntdll.dll!LdrLoadDll                                                  7C9161CA 5 Bytes  JMP 006D000A
.text           C:\WINDOWS\system32\winlogon.exe[844] ntdll.dll!LdrUnloadDll                                                7C91718B 5 Bytes  JMP 006E000A
.text           C:\WINDOWS\system32\ctfmon.exe[864] ntdll.dll!LdrLoadDll                                                    7C9161CA 5 Bytes  JMP 00A1000A
.text           C:\WINDOWS\system32\ctfmon.exe[864] ntdll.dll!LdrUnloadDll                                                  7C91718B 5 Bytes  JMP 00A2000A
.text           C:\WINDOWS\system32\services.exe[888] ntdll.dll!LdrLoadDll                                                  7C9161CA 5 Bytes  JMP 006D000A
.text           C:\WINDOWS\system32\services.exe[888] ntdll.dll!LdrUnloadDll                                                7C91718B 5 Bytes  JMP 006E000A
.text           C:\WINDOWS\system32\lsass.exe[900] ntdll.dll!LdrLoadDll                                                     7C9161CA 5 Bytes  JMP 0076000A
.text           C:\WINDOWS\system32\lsass.exe[900] ntdll.dll!LdrUnloadDll                                                   7C91718B 5 Bytes  JMP 007A000A
.text           C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1284] ntdll.dll!LdrLoadDll                                                  7C9161CA 5 Bytes  JMP 007C000A
.text           C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1284] ntdll.dll!LdrUnloadDll                                                7C91718B 5 Bytes  JMP 007D000A
.text           C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1292] ntdll.dll!LdrLoadDll                                                  7C9161CA 5 Bytes  JMP 007E000A
.text           C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1292] ntdll.dll!LdrUnloadDll                                                7C91718B 5 Bytes  JMP 007F000A
.text           C:\WINDOWS\system32\spoolsv.exe[1720] ntdll.dll!LdrLoadDll                                                  7C9161CA 5 Bytes  JMP 009F000A
.text           C:\WINDOWS\system32\spoolsv.exe[1720] ntdll.dll!LdrUnloadDll                                                7C91718B 5 Bytes  JMP 00A1000A
.text           C:\WINDOWS\system32\nvsvc32.exe[1836] ntdll.dll!LdrLoadDll                                                  7C9161CA 5 Bytes  JMP 0075000A
.text           C:\WINDOWS\system32\nvsvc32.exe[1836] ntdll.dll!LdrUnloadDll                                                7C91718B 5 Bytes  JMP 0076000A
.text           C:\WINDOWS\Explorer.EXE[1888] ntdll.dll!LdrLoadDll                                                          7C9161CA 5 Bytes  JMP 00B4000A
.text           C:\WINDOWS\Explorer.EXE[1888] ntdll.dll!LdrUnloadDll                                                        7C91718B 5 Bytes  JMP 00B5000A
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[1900] ntdll.dll!LdrLoadDll                                 7C9161CA 5 Bytes  JMP 007F000A
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[1900] ntdll.dll!LdrUnloadDll                               7C91718B 5 Bytes  JMP 0081000A
.text           C:\Program Files\Opera\opera.exe[2004] ntdll.dll!LdrLoadDll                                                 7C9161CA 5 Bytes  JMP 009D000A
.text           C:\Program Files\Opera\opera.exe[2004] ntdll.dll!LdrUnloadDll                                               7C91718B 5 Bytes  JMP 009E000A
.text           D:\Program Files\dpl1e6lh.exe[2008] ntdll.dll!LdrLoadDll                                                    7C9161CA 5 Bytes  JMP 00A7000A
.text           D:\Program Files\dpl1e6lh.exe[2008] ntdll.dll!LdrUnloadDll                                                  7C91718B 5 Bytes  JMP 00A8000A
.text           C:\Program Files\DAP\DAP.EXE[2152] ntdll.dll!LdrLoadDll                                                     7C9161CA 5 Bytes  JMP 00EA000A
.text           C:\Program Files\DAP\DAP.EXE[2152] ntdll.dll!LdrUnloadDll                                                   7C91718B 5 Bytes  JMP 00EB000A
.text           C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2288] ntdll.dll!LdrLoadDll                              7C9161CA 5 Bytes  JMP 00B2000A
.text           C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2288] ntdll.dll!LdrUnloadDll                            7C91718B 5 Bytes  JMP 00B3000A
.text           C:\WINDOWS\System32\alg.exe[2804] ntdll.dll!LdrLoadDll                                                      7C9161CA 5 Bytes  JMP 0076000A
.text           C:\WINDOWS\System32\alg.exe[2804] ntdll.dll!LdrUnloadDll                                                    7C91718B 5 Bytes  JMP 0078000A
.text           C:\WINDOWS\system32\NOTEPAD.EXE[3552] ntdll.dll!LdrLoadDll                                                  7C9161CA 5 Bytes  JMP 00A0000A
.text           C:\WINDOWS\system32\NOTEPAD.EXE[3552] ntdll.dll!LdrUnloadDll                                                7C91718B 5 Bytes  JMP 00A1000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[3904] ntdll.dll!LdrLoadDll                                  7C9161CA 5 Bytes  JMP 00B0000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[3904] ntdll.dll!LdrUnloadDll                                7C91718B 5 Bytes  JMP 00B1000A
.text           C:\Program Files\Internet Explorer\Iexplore.exe[3904] WININET.dll!HttpAddRequestHeadersA                    771B40CA 5 Bytes  JMP 00BC000C
.text           C:\Program Files\Internet Explorer\Iexplore.exe[3904] WININET.dll!HttpAddRequestHeadersW                    771BEEF4 5 Bytes  JMP 00CD000A
.text           C:\WINDOWS\notepad.exe[4056] ntdll.dll!LdrLoadDll                                                           7C9161CA 5 Bytes  JMP 00A0000A
.text           C:\WINDOWS\notepad.exe[4056] ntdll.dll!LdrUnloadDll                                                         7C91718B 5 Bytes  JMP 00A1000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                          86F6E2D8
IAT             pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                        [F762393C] spcv.sys
IAT             pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                           [F7623990] spcv.sys
IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                          [F75F4040] spcv.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                  [F75F413C] spcv.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                         [F75F40BE] spcv.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                 [F75F47FC] spcv.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                         [F75F46D2] spcv.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                          [F7603D92] spcv.sys
IAT             \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                        86DCD2D8

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA]           0123BFC0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW]           0123C030
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA]          0123C560
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle]              0123B230
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]           012386C0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]             01239920
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]              01239B90
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]         0123C230
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap]           0123C550
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA]  01239CA0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType]              0123B340
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle]          0123B190
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer]           0123AFF0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA]              0123A3F0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile]                 0123AB80
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW]              0123A830
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile]                0123AFB0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP]                   0123C570
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings]    01239E00
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW]   01239E80
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess]              01239F00
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread]               0123A070
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread]             0123A150
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess]         0123A000
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA]            0123C4C0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW]           0123C470
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]            012386C0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]              01239920
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle]               0123B230
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary]               01239B90
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]              012399A0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW]               0123A830
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock]              0123C170
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock]                0123C1B0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap]            0123C550
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW]            0123C030
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle]           0123B190
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread]              0123A150
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]            01239B00
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW]    01239E80
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent]         0123CAD0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile]                  0123AB80
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer]            0123AFF0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx]           0123B6B0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW]        0123B440
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile]             0123B630
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW]          0123BB10
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile]           0123B820
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]            01239A70
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess]          0123A000
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc]               0123C290
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile]           0123B580
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize]               0123B130
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile]                 0123AFB0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType]               0123B340
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP]                    0123C570
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA]        0123B380
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW]                   0123C810
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW]                 0123C7B0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW]          0123CA00
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW]             0123CAA0
IAT             C:\Program Files\DAP\DAP.EXE[2152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW]                 0123C8D0

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                      86FD81F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\usbohci \Device\USBPDO-0                                                                            86D1D500
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                   86F6C1F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                     86F6C1F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                        86F6C1F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                       86F6C1F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                            86D1D500
Device          \Driver\PCI_PNP8400 \Device\00000053                                                                        spcv.sys
Device          \Driver\PCI_PNP8400 \Device\00000053                                                                        spcv.sys

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                      86FDA1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                      86FDA1F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                86E0D1F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                86E0D1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                          86FD91F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                          sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                          86FD91F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                          sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                 86FD91F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                     86D03500
Device          \Driver\sptd \Device\4155739408                                                                             spcv.sys

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\usbohci \Device\USBFDO-0                                                                            86D1D500
Device          \Driver\usbohci \Device\USBFDO-1                                                                            86D1D500
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                           86A1A1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                 86A1A1F8
Device          \Driver\Ftdisk \Device\FtControl                                                                            86FDA1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{1277F1C2-A511-4E89-BC06-E847576EE7EF}                                    86D03500
Device          \Driver\aclus9i6 \Device\Scsi\aclus9i61Port2Path0Target0Lun0                                                86D27430
Device          \Driver\aclus9i6 \Device\Scsi\aclus9i61Port2Path0Target0Lun0                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\aclus9i6 \Device\Scsi\aclus9i61                                                                     86D27430
Device          \Driver\aclus9i6 \Device\Scsi\aclus9i61                                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \FileSystem\Cdfs \Cdfs                                                                                      86DBB500

---- EOF - GMER 1.0.15 ----

Raport z Avengera:

Kod:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "mrtm" found!
ImagePath:  system32\drivers\xmuxsp.sys
Start Type:  0 (Boot)

Hidden driver "UACd.sys" found!
ImagePath:  \systemroot\system32\drivers\UACfjpmyavb.sys
Start Type:  1 (System)

Rootkit scan completed.


Warning:  Invalid contents in ServiceGroupOrder key!
There may be a driver loading earlier than Avenger!

File "C:\WINDOWS\system32\UACnsiuswef.dll" deleted successfully.
File "D:\Program Files\71x11kyu.exe" deleted successfully.
File "C:\WINDOWS\system32\sdra64.exe" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath:  \systemroot\system32\drivers\UACfjpmyavb.sys
Start Type:  1 (System)

Rootkit scan completed.


Error:  file "C:\WINDOWS\system32\UACnsiuswef.dll" not found!
Deletion of file "C:\WINDOWS\system32\UACnsiuswef.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Program Files\71x11kyu.exe" not found!
Deletion of file "D:\Program Files\71x11kyu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\sdra64.exe" not found!
Deletion of file "C:\WINDOWS\system32\sdra64.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

Raport SystemLook:

Kod:
SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 14:27 on 29/06/2009 by ja (Administrator - Elevation successful)

========== filefind ==========

Searching for "UAC*"
No files found.

-=End Of File=-
 System operacyjny: windows_xp_2003 Przeglądarka: opera
#6
RE: Proszę o sprawdzenie loga.
Czy fix.reg został dodany do rejestru?

Do avengera:
Kod:
Files to delete:
C:\Windows\system32\drivers\UACfjpmyavb.sys
C:\Windows\system32\drivers\xmuxsp.sys

Drivers to delete:
mrtm
UACd.sys
Następnie nowe logi (avenger, RSIT i GMER)
Przy "problemach po aktualizacji do Win10" oraz problemach ze "spadkami FPS w CS:GO"
Nie pomagam.

 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#7
RE: Proszę o sprawdzenie loga.
Tak, fix.reg został dodany do rejestru.

Nowe logi z Avenger:
Kod:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath:  \systemroot\system32\drivers\UACfjpmyavb.sys
Start Type:  4 (Disabled)

Rootkit scan completed.

File "C:\Windows\system32\drivers\UACfjpmyavb.sys" deleted successfully.

Error:  file "C:\Windows\system32\drivers\xmuxsp.sys" not found!
Deletion of file "C:\Windows\system32\drivers\xmuxsp.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\mrtm" not found!
Deletion of driver "mrtm" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Driver "UACd.sys" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Z RSIT:
Kod:
Logfile of random's system information tool 1.06 (written by random/random)
Run by ja at 2009-06-29 15:13:34
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 9 GB (29%) free of 31 GB
Total RAM: 1023 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:11, on 2009-06-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe
C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe
C:\Program Files\Opera\opera.exe
D:\Program Files\RSIT.exe
D:\Program Files\dpl1e6lh.exe
D:\Program Files\ja.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (file missing)
O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nProtect Security Platform 2007] C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe -tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O20 - AppInit_DLLs: ??,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device -   - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: nProtect Security Platform 2007 Service (NSPService) - INCA Internet Co., Ltd. - C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe
O23 - Service: nProtect Security Platform 2007 Update Service (NSPUpdateService) - INCAInternet Co.,Ltd - C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8132 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-28 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [2009-05-06 398776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F685C3-20D9-4943-95E4-EB4224056C3F}]
Expressivo - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-06-23 140880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{85F685C3-20D9-4943-95E4-EB4224056C3F} - Expressivo - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Pasek &Crawler - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll []
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll [2009-05-06 529848]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-26 65024]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-06-28 206088]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-28 1948440]
"nProtect Security Platform 2007"=C:\Program Files\INCAInternet\nProtect Security Platform 2007\nspmain.exe [2009-06-09 911904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-04-10 9818728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-08-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-07-21 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-12-20 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-02-14 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ja^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
C:\PROGRA~1\ivo\UNISPI~1.6\UNI_SP~1.EXE  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="??,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-28 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\Program Files\Gadu-Gadu\gg.exe"="G:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\ja\Pulpit\Ares.exe"="C:\Documents and Settings\ja\Pulpit\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\Ares\Ares.exe"="D:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\hl.exe"="D:\Program Files\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Disabled:Opera Internet Browser"
"C:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\Kolekcja Klasyki\Splinter Cell Pandora Tomorrow\Pandora.exe"="C:\Program Files\Kolekcja Klasyki\Splinter Cell Pandora Tomorrow\Pandora.exe:*:Enabled:Pandora"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Metrin2\metin2.bin"="C:\Program Files\Metrin2\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\ja\Pulpit\Metrin2\metin2.bin"="C:\Documents and Settings\ja\Pulpit\Metrin2\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"D:\Program Files\rohanclient.exe"="D:\Program Files\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.24b\Rohanbot.exe"="C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.24b\Rohanbot.exe:*:Enabled:HookSrv"
"C:\Documents and Settings\ja\Pulpit\METIN2\metin2.bin"="C:\Documents and Settings\ja\Pulpit\METIN2\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.26b\Rohanbot.exe"="C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.26b\Rohanbot.exe:*:Enabled:HookSrv"
"D:\Rohan_Global\rohanclient.exe"="D:\Rohan_Global\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cbd0de0-9fff-11dc-ae09-00304f3b2426}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


======List of files/folders created in the last 3 months======

2165-03-31 14:28:44 ----D---- C:\Documents and Settings\ja\Dane aplikacji\skypePM
2165-03-31 14:22:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2165-03-31 14:01:55 ----HD---- C:\WINDOWS\system32\GroupPolicy
2165-03-30 03:38:42 ----SHD---- C:\WINDOWS\ftpcache
2165-03-09 15:20:48 ----D---- C:\WINDOWS\system32\appmgmt
2009-06-29 15:07:34 ----HD---- C:\$AVG8.VAULT$
2009-06-29 15:04:15 ----A---- C:\avenger.txt
2009-06-29 14:25:16 ----D---- C:\rsit
2009-06-29 14:20:21 ----D---- C:\Avenger
2009-06-29 13:17:40 ----D---- C:\!KillBox
2009-06-29 13:13:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-29 13:13:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-06-29 11:56:18 ----A---- C:\WINDOWS\system32\nspsysopt.dll
2009-06-29 11:55:54 ----D---- C:\Program Files\Common Files\INCAInternet
2009-06-29 11:55:54 ----A---- C:\WINDOWS\system32\nspavxml.dll
2009-06-29 11:55:54 ----A---- C:\WINDOWS\system32\nspavcr.dll
2009-06-29 11:55:54 ----A---- C:\WINDOWS\system32\nspavcm.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKTool64.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKTool.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKFsAvHook.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKFsAv64.dll
2009-06-29 11:55:53 ----A---- C:\WINDOWS\system32\TKFsAv.dll
2009-06-29 11:55:51 ----A---- C:\WINDOWS\system32\nspupdtxml.dll
2009-06-29 11:55:51 ----A---- C:\WINDOWS\system32\nspupdt.dll
2009-06-29 11:55:50 ----D---- C:\WINDOWS\system32\INCAInternet
2009-06-29 11:55:50 ----A---- C:\WINDOWS\system32\WINHTTP5.DLL
2009-06-29 11:55:50 ----A---- C:\WINDOWS\system32\sn3win.dll
2009-06-29 11:55:50 ----A---- C:\WINDOWS\system32\nspmainxml.dll
2009-06-29 11:55:50 ----A---- C:\WINDOWS\system32\nsplic.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\TKRgFt64.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\TKRgFt.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\TKRgAc64.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\TKRgAc.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\nspcutil.dll
2009-06-29 11:55:49 ----A---- C:\WINDOWS\system32\nspcrypt.dll
2009-06-29 11:55:48 ----A---- C:\WINDOWS\system32\TKFsFt64.dll
2009-06-29 11:55:48 ----A---- C:\WINDOWS\system32\TKFsFt.dll
2009-06-29 11:55:48 ----A---- C:\WINDOWS\system32\TKFsAc64.dll
2009-06-29 11:55:48 ----A---- C:\WINDOWS\system32\TKFsAc.dll
2009-06-29 11:55:33 ----D---- C:\Program Files\INCAInternet
2009-06-29 11:55:33 ----A---- C:\WINDOWS\system32\dzip32.dll
2009-06-29 11:55:33 ----A---- C:\WINDOWS\system32\dunzip32.dll
2009-06-29 11:34:10 ----D---- C:\Documents and Settings\ja\Dane aplikacji\OpenFM
2009-06-28 18:30:52 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-28 18:30:33 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\AVG Security Toolbar
2009-06-28 18:30:20 ----D---- C:\Program Files\AVG
2009-06-28 18:30:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\avg8
2009-06-28 14:09:43 ----D---- C:\Program Files\Kaspersky Lab
2009-06-28 14:09:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2009-06-28 14:08:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-06-28 12:51:11 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\BC6
2009-06-26 15:57:48 ----D---- C:\Program Files\Games-Masters.com
2009-06-26 14:53:34 ----D---- C:\WINDOWS\system32\NtmsData
2009-06-23 15:15:41 ----D---- C:\download
2009-06-23 15:14:18 ----A---- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
2009-06-23 12:44:18 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2009-06-23 12:21:19 ----D---- C:\Program Files\SpeedBit Video Accelerator
2009-06-23 12:21:07 ----D---- C:\Program Files\SpeedBit Video Downloader
2009-06-23 12:16:10 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-06-23 12:15:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit
2009-06-23 12:15:46 ----D---- C:\Program Files\DAP
2009-06-21 19:55:45 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-21 19:55:44 ----D---- C:\Program Files\DivX
2009-06-20 21:35:53 ----A---- C:\m.txt
2009-06-20 15:46:45 ----D---- C:\Program Files\Common Files\DirectX
2009-06-20 15:27:09 ----D---- C:\Program Files\EA GAMES
2009-06-20 10:10:04 ----D---- C:\Nexon
2009-06-20 10:10:04 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS
2009-06-15 19:58:38 ----D---- C:\Program Files\Fortressmu
2009-06-11 10:46:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\F2E8
2009-05-22 14:53:55 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\371FC
2009-05-13 23:54:56 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-05-13 23:54:52 ----A---- C:\WINDOWS\system32\divx_xx16.dll
2009-05-13 23:54:52 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2009-05-13 23:54:52 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2009-05-13 23:54:52 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2009-05-13 23:54:52 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2009-05-13 23:54:52 ----A---- C:\WINDOWS\system32\DivX.dll
2009-05-12 17:20:03 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\31DB
2009-05-12 17:16:28 ----D---- C:\Program Files\BearShare Applications
2009-04-07 08:16:06 ----D---- C:\Documents and Settings\ja\Dane aplikacji\Xfire
2009-04-07 08:16:03 ----D---- C:\Program Files\Xfire
2009-04-06 16:02:53 ----A---- C:\dumpconsole.txt
2009-04-06 15:42:37 ----D---- C:\Program Files\css
2009-04-05 17:56:23 ----D---- C:\Program Files\Jufsoft
2009-04-05 16:21:28 ----D---- C:\Program Files\Valve
2009-04-03 09:04:10 ----A---- C:\WINDOWS\system32\uacinit.dll
2009-04-02 09:35:44 ----SHD---- C:\WINDOWS\system32\lowsec
2009-04-02 09:35:37 ----A---- C:\WINDOWS\system32\UACalkdmdbw.dll
2009-04-02 09:35:28 ----A---- C:\WINDOWS\system32\UACrfqxovdl.dll

======List of files/folders modified in the last 3 months======

2009-06-29 15:10:02 ----D---- C:\WINDOWS\Temp
2009-06-29 15:07:36 ----D---- C:\WINDOWS\system32
2009-06-29 15:04:20 ----D---- C:\WINDOWS\system32\drivers
2009-06-29 15:02:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-29 14:20:28 ----RD---- C:\Program Files
2009-06-29 13:52:11 ----D---- C:\Temp
2009-06-29 13:11:06 ----D---- C:\Program Files\Spyware Terminator
2009-06-29 13:08:08 ----D---- C:\Program Files\Mozilla Firefox
2009-06-29 13:07:50 ----D---- C:\Documents and Settings\ja\Dane aplikacji\Spyware Terminator
2009-06-29 11:55:54 ----D---- C:\Program Files\Common Files
2009-06-29 11:55:47 ----SHD---- C:\WINDOWS\Installer
2009-06-29 11:55:47 ----D---- C:\Config.Msi
2009-06-29 11:55:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-28 18:29:28 ----D---- C:\WINDOWS
2009-06-28 14:10:11 ----HD---- C:\WINDOWS\inf
2009-06-28 14:09:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-28 12:12:20 ----D---- C:\Program Files\Damian Pasternak
2009-06-27 18:06:36 ----D---- C:\WINDOWS\Prefetch
2009-06-27 17:58:24 ----D---- C:\Program Files\QuickTime
2009-06-27 17:57:36 ----D---- C:\Program Files\CyberLink
2009-06-27 17:56:45 ----D---- C:\Program Files\Gadu-Gadu
2009-06-27 17:49:00 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
2009-06-26 15:19:04 ----SH---- C:\boot.ini
2009-06-26 15:19:04 ----A---- C:\WINDOWS\win.ini
2009-06-26 15:19:04 ----A---- C:\WINDOWS\system.ini
2009-06-26 15:19:03 ----D---- C:\WINDOWS\pss
2009-06-26 14:33:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-23 12:22:58 ----D---- C:\Program Files\Opera
2009-06-20 20:19:03 ----D---- C:\Program Files\Dziobas Rar Player
2009-06-18 13:27:34 ----D---- C:\Documents and Settings\ja\Dane aplikacji\Skype
2009-06-17 15:10:44 ----D---- C:\Program Files\Lx_cats
2009-06-15 18:31:15 ----D---- C:\Program Files\Nowe Gadu-Gadu
2009-05-01 10:10:56 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-28 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-28 108552]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-06-28 226832]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 rspndr;Responder odnajdywania topologii warstwy łącza; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-27 611820]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]
R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 TKFsAc;TKFsAc; \??\C:\WINDOWS\system32\TKFsAc2k.sys []
R3 TKFsFt;TKFsFt; \??\C:\WINDOWS\system32\TKFsFt2k.sys []
R3 TKRgAc;TKRgAc; \??\C:\WINDOWS\system32\TKRgAc2k.sys []
R3 TKRgFt;TKRgFt; \??\C:\WINDOWS\system32\TKRgFtXp.sys []
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-10-23 17152]
R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 asonbluy;asonbluy; C:\WINDOWS\system32\drivers\asonbluy.sys []
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\ja\USTAWI~1\Temp\aujasnkj.sys []
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2002-06-29 414543]
S3 ds1;Sterownik karty Yamaha DS1 Audio (WDM); C:\WINDOWS\system32\drivers\ds1wdm.sys [2001-08-17 334208]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 KS-959;Kingsun KS-959 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 19034]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 NTProcDrv;Process creation detector for NT.; \??\C:\Documents and Settings\ja\Pulpit\RohanBotEn1.0.26b\NtProcDrv.sys []
S3 TKFsAv;TKFsAv; \??\C:\WINDOWS\system32\TKFsAv2k.sys []
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-28 298776]
R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 NSPService;nProtect Security Platform 2007 Service; C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe [2009-06-09 354848]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-06-15 606720]
R3 NSPUpdateService;nProtect Security Platform 2007 Update Service; C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspupsvc.exe [2009-06-09 813600]
S2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-06-28 206088]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-02-26 3027706]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Z Gmera:
[code]GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 16:56:08
Windows 5.1.2600 Dodatek Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF46131DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xF46137AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xF46151EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xF4614B9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xF4612950]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF4616B7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xF46135AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xF4612D92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xF4612F92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xF4614EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xF4617084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xF46130A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xF4613110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xF4614D5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xF4616620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xF46149F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xF4612AB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xF46133B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xF4616BA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xF46132FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xF4613178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xF4612E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xF4612C5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xF4616888]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xF46125D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xF4615A74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xF4612734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xF4616F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xF46123D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xF461508C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xF46136AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xF461671A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xF4616BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xF4612B08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xF4616CB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xF4616DE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xF461654C]
SSDT \??\C:\WINDOWS\system32\TKFsFt2k.sys (Tachyon File System Filter Driver 1.0/Copyright © INCA Internet. 2000-2009) ZwTerminateProcess [0xB870B360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xF46134F0]

INT 0x3B ? 86D3EBF8
INT 0x3B ? 86D3EBF8
INT 0x3E ? 86FD9BF8
INT 0x3F ? 86FD9BF8

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [B4, 6C, 61, F4, E0, 6D, 61, ...]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP F462A9E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP F462A626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
? getroeux.sys Nie można odnaleźć określonego pliku. !
? spmo.sys Nie można odnaleźć określonego pliku. !
.text USBPORT.SYS!DllUnload F6A5480C 5 Bytes JMP 86D3E1D8
.text asonbluy.SYS F68E2384 1 Byte [20]
.text asonbluy.SYS F68E2384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text asonbluy.SYS F68E23AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text asonbluy.SYS F68E23C4 3 Bytes [00, 00, 00]
.text asonbluy.SYS F68E23C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F6E2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F762393C] spmo.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7623990] spmo.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F75F4040] spmo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F75F413C] spmo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F75F40BE] spmo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75F47FC] spmo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75F46D2] spmo.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7603D92] spmo.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86D3E2D8
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlInitUnicodeString] 9252D2DB
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!swprintf] [804FC5C0] \WINDOWS\system32\ntoskrnl.exe (Jądro i system NT/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeSetEvent] 8E44C8C9
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoCreateSymbolicLink] A475EBF6
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoGetConfigurationInformation] AA7EE6FF
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] B863F1E4
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmFreeMappingAddress] B668FCED
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 0CB1670A
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 02BA6A03
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmUnmapIoSpace] 10A77D18
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 1EAC7011
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IofCompleteRequest] 349D532E
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 3A965E27
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IofCallDriver] 288B493C
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 26804435
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 7CE90F42
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoConnectInterrupt] 72E2024B
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoDetachDevice] 60FF1550
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeWaitForSingleObject] 6EF41859
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeInitializeEvent] 44C53B66
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 4ACE366F
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlInitAnsiString] 58D32174
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 56D82C7D
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoQueueWorkItem] 377A0CA1
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmMapIoSpace] 397101A8
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2B6C16B3
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoReportDetectedDevice] 25671BBA
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0F563885
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 015D358C
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!NlsMbCodePageTag] 13402297
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!PoRequestPowerIrp] 1D4B2F9E
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 472264E9
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 492969E0
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!sprintf] 5B347EFB
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 553F73F2
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ObfDereferenceObject] 7F0E50CD
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 71055DC4
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 63184ADF
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ZwClose] 6D1347D6
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] D7CADC31
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] D9C1D138
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CBDCC623
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C5D7CB2A
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!PoCallDriver] EFE6E815
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoCreateDevice] E1EDE51C
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] F3F0F207
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlQueryRegistryValues] FDFBFF0E
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ZwOpenKey] A792B479
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlFreeUnicodeString] A999B970
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoStartTimer] BB84AE6B
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeInitializeTimer] B58FA362
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoInitializeTimer] 9FBE805D
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeInitializeDpc] 91B58D54
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeInitializeSpinLock] 83A89A4F
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoInitializeIrp] 8DA39746
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ZwCreateKey] 00000063
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 0000007C
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 00000077
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ZwSetValueKey] 0000007B
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000F2
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 0000006B
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoStartPacket] 0000006F
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 000000C5
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 00000030
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoFreeMdl] 00000001
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmUnlockPages] 00000067
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 0000002B
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 000000FE
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 000000D7
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000AB
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000076
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoStartNextPacket] 000000CA
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeBugCheckEx] 00000082
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 000000C9
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeSetTimer] 0000007D
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeCancelTimer] 000000FA
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!_allmul] 00000059
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000047
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!_except_handler3] 000000F0
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!PoSetPowerState] 000000AD
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000D4
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000A2
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!_aulldiv] 000000AF
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!strstr] 0000009C
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!_strupr] 000000A4
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeQuerySystemTime] 00000072
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000C0
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!KeTickCount] 000000B7
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 000000FD
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoDeleteDevice] 00000093
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00000026
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000036
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoAllocateIrp] 0000003F
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoAllocateMdl] 000000F7
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000CC
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmLockPagableDataSection] 00000034
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 000000A5
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 000000E5
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!ExFreePoolWithTag] 000000F1
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoFreeIrp] 00000071
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!IoFreeWorkItem] 000000D8
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!InitSafeBootMode] 00000031
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlCompareMemory] 00000015
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 00000004
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!memmove] 000000C7
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[ntoskrnl.exe!MmHighestUserAddress] 00000023
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!KfRaiseIrql] 1879CE14
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!KfLowerIrql] 3248ED2B
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
IAT \SystemRoot\System32\Drivers\asonbluy.SYS[WMILIB.SYS!WmiSys
 System operacyjny: windows_xp_2003 Przeglądarka: opera
#8
RE: Proszę o sprawdzenie loga.
Czy teraz możesz uruchomić combofix?
Przy "problemach po aktualizacji do Win10" oraz problemach ze "spadkami FPS w CS:GO"
Nie pomagam.

 System operacyjny: windows_xp_2003 Przeglądarka: opera
#9
RE: Proszę o sprawdzenie loga.
Można próbować pobrać Combofix i od razu zapisać go pod inną zmienioną nazwą (i uruchomić przy zmienionej nazwie).
Jak pobieranie nie pójdzie z oficjalnych linków - spróbuj z poniższego:
http://www.2shared.com/file/6504064/c6a0...abbcc.html
Sorry kamel16 za wcinanie się do wątku.
Nie odpowiadam w tematach z działu 'Bezpieczeństwo', w których brakuje pełnego zestawu logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Jeżeli prowadziłem wątek i w nim nie odpowiadam przez 3 dni-proszę o przypomnienie na PW.
Nie pomagam na PW.
Prośba o przetestowanie aplikacji: http://forum.pcformat.pl/Prosba-o-przete...L-OpenGL-t
 System operacyjny: windows_xp_2003 Przeglądarka: seamonkey
#10
RE: Proszę o sprawdzenie loga.
Odinstaluj oba antywirusy a następnie z powrotem zainstaluj jeden z nich.
Często dochodzi do tego, że dwa takie programy nie mogą ze sobą współpracować i ma to jakieś tam negatywne skutki. W języku informatycznym - "gryzą się".
 System operacyjny: windows_xp_2003 Przeglądarka: firefox
Programy: Polecane / Nowe / Inne




Podobne wątki (Proszę o sprawdzenie loga.)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Prośba o sprawdzenie loga ricardo59 2 126 18.02.2020, 19:15
Ostatni post: ricardo59
  Proszę o sprawdzenie loga specyk1990 3 2540 23.08.2019, 15:36
Ostatni post: morderca
  Prośba o sprawdzenie loga ricardo59 2 2582 24.05.2019, 14:10
Ostatni post: ricardo59

Skocz do:


Wybrane wątki (Proszę o sprawdzenie loga.)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Prośba o sprawdzenie logów ricardo59 2 2537 20.11.2018 18:15
Ostatni post: ricardo59
  Prośba o sprawdzenie logów. Cruzen 11 4484 16.11.2018 07:37
Ostatni post: morderca
  Prośba o sprawdzenie logów tomekg56 1 2471 14.11.2018 22:41
Ostatni post: morderca
  zamulony laptop - logi robert14-83 1 2806 12.11.2018 21:21
Ostatni post: morderca
  Komputer samoczynnie sie wyłącza i troche zamula. Vesiga 4 2712 03.11.2018 16:38
Ostatni post: Vesiga
  Yahoo, prośba o sprawdzenie logów Bobson1337 3 2899 08.10.2018 11:14
Ostatni post: morderca
  Prośba o sprawdzenie logów ricardo59 1 2783 08.09.2018 19:12
Ostatni post: morderca
  Komputer barrdzo zwolnił prace bardzo długo sie włącza Vesiga 1 3946 26.08.2018 07:51
Ostatni post: morderca
  Wolniejsza praca komputera oraz dziwne foldery w regedit. malcza 0 2898 25.08.2018 01:07
Ostatni post: malcza
  Problemy, problemy... Wolff 0 3040 30.07.2018 22:20
Ostatni post: Wolff
  Komputer bardzo zwalnia oraz uniemożliwia zapis na pulpicie 2real4game 2 2348 15.07.2018 01:01
Ostatni post: 2real4game
  Problem z autostartem oraz prośba o sprawdzenie logów mesti55 6 3403 12.07.2018 19:11
Ostatni post: mesti55
  rootkit -prośba o sprawdzenie logów ricardo59 4 3305 28.06.2018 08:53
Ostatni post: ricardo59
  prośba o sprawdzenie logów ricardo59 1 3390 23.06.2018 20:06
Ostatni post: morderca
  Prośba o sprawdzenie logów lukkii 1 2721 09.06.2018 08:27
Ostatni post: morderca