Skocz do zawartości

Dziwny monit Aviry i nieoczekiwany dalszy rozwój wydarzeń


Rekomendowane odpowiedzi

Witam

 

Zostałem tutaj skierowany przez Filutka78 z forum pclaba, gdzie próbowała mi pomóc.

 

Chciałem wkleić tutaj wszystkie logi, które na jej prośbę wykonałem, ale z jakiegoś powodu wyrzuca mi błąd, więc całość korespondencji wrzuciłem do pliku txt, który załączam do tego posta.

 

Z góry dzięki za pomoc.

Odnośnik do komentarza
Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Niezależnie od tego co się dzieje na obcych forach wymagam logów stworzonych z chwili zakładania tematu u mnie, a zestaw obowiązkowy to OTL + GMER. Twoje logi z OTL w Załączniku to jest aż cały dzień różnicy, a tu wystarczy 5 minut, by sytuacja uległa radykalnej zmianie. Zamiast pliku tekstowego należało podać link do tematu na tamtym forum http://forum.pclab.pl/topic/765907-Dziwny-monit-Aviry/, jest to obowiązek specyfikowany moimi zasadami. Brak przekłamań. Z tym, że tam już zacząłeś wymazywać treść ... i nie za bardzo rozumiem co to ma znaczyć.

 

Co do MBRCheck ... W spokoju to zostawić, nie należało w ogóle podejmować żadnych akcji naprawy MBR, a nic dziwnego, że są awykonalne. W logu świeci TrueCrypt, sam zresztą potwierdzasz, że "masz szyfrowany dysk", to i wyjaśnione "Unknown MBR Code" w MBRCheck.

 

 

Avira przy puszczeniu całego skanu wszystkich partycji w pewnym momencie wyrzuca komunikat, o tym, że wykryła jakiś ukryty plik/program mogący być wirusem lub oprogramowaniem szkodliwym. Pisze, że potrzebny jest CD recovery oraz zaleca przerwanie skanowania.

 

Sięgnij do dzienników skanowania Avira i przeklej ten wynik 1:1 jak jest zapisany.

 

 

 

.

Odnośnik do komentarza

Usuwałem bo lubię dbać o swoją prywatność. Może to przewrażliwienie a może nie, nazwij jak chcesz.

 

W pliku txt masz dokładną kopię wszystkich wykasowanych logów z forum.

 

 

Oto aktualne logi:

 

OTL

 

OTL logfile created on: 2012-02-08 01:40:59 - Run 2
OTL by OldTimer - Version 3.2.31.0	 Folder = D:\Download
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,95% Memory free
4,00 Gb Paging File | 2,67 Gb Available in Paging File | 66,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 35,02 Gb Free Space | 35,90% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 19,29 Gb Free Space | 5,24% Space Free | Partition Type: NTFS
Drive E: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KOMPUTER | User Name: de99ial | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-02-08 01:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
PRC - [2012-02-02 21:14:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-10-11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011-10-11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011-10-11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011-10-11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-09-08 18:30:10 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011-09-08 18:29:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011-09-08 12:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011-06-24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011-03-29 19:56:16 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009-10-09 10:00:44 | 001,699,328 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009-09-24 06:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\totalcmd\TOTALCMD.EXE


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-02-02 21:14:02 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-01-12 01:43:11 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012-01-12 01:43:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011-12-06 18:45:08 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011-10-12 23:48:18 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011-10-12 23:47:09 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011-10-12 19:05:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011-10-12 19:05:17 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011-10-12 19:05:08 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011-10-12 19:05:08 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011-10-12 19:05:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011-10-12 19:04:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011-10-12 19:04:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011-10-12 19:04:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011-10-12 19:04:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011-10-12 19:04:15 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011-10-12 19:04:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011-09-08 12:53:30 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011-09-08 12:41:26 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2010-11-13 03:39:47 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-06-21 12:22:45 | 000,008,192 | ---- | M] () -- C:\Program Files\Spik\idlehk.dll
MOD - [2009-09-02 02:28:04 | 047,628,288 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009-05-07 09:53:18 | 000,106,496 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009-05-07 09:50:46 | 000,073,728 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008-02-14 06:57:00 | 000,094,208 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-10-11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-10-11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-09-08 18:29:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011-09-08 12:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010-05-19 02:00:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-12-08 20:12:50 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-11-24 19:05:10 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011-10-11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011-10-11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011-09-08 19:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011-09-08 19:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011-09-08 17:52:20 | 000,248,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011-06-24 05:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011-06-06 23:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010-12-01 23:02:47 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-06-17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-02-18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009-09-17 12:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009-07-27 08:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009-06-05 01:28:12 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009-05-04 17:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2007-06-29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..network.proxy.backup.ftp: "41.160.185.138"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "41.160.185.138"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "41.160.185.138"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "218.22.80.61"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "218.22.80.61"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "218.22.80.61"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "218.22.80.61"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@kontakt.wp.pl/WPMSGPlugin,version=1.0.1: C:\Program Files\Spik\mozilla\npwpk.dll ( )
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-02 21:14:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-25 18:53:35 | 000,000,000 | ---D | M]

[2010-04-29 17:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\de99ial\AppData\Roaming\mozilla\Extensions
[2012-01-06 11:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\de99ial\AppData\Roaming\mozilla\Firefox\Profiles\fm8fomfk.default\extensions
[2011-12-26 19:07:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\de99ial\AppData\Roaming\mozilla\Firefox\Profiles\fm8fomfk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-03-25 18:53:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-17 10:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\DE99IAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FM8FOMFK.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\DE99IAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FM8FOMFK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012-02-02 21:14:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-06-21 12:47:59 | 000,077,824 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npwpk.dll
[2011-06-24 19:02:58 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-06-24 19:02:58 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-06-24 19:02:58 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-06-24 19:02:58 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-06-24 19:02:58 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-06-24 19:02:58 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 80.244.140.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{224C5BDE-EF94-4AE4-9794-AF8508F7A244}: DhcpNameServer = 217.172.224.160 80.244.140.241
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wpmsg {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-02-07 18:40:08 | 000,000,000 | ---D | C] -- C:\Users\de99ial\AppData\Local\GHISLER
[2012-01-25 19:04:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012-01-25 19:04:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012-01-20 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012-01-11 18:24:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012-01-11 18:24:30 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012-01-11 18:24:30 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012-01-10 23:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[3 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-02-08 01:39:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-02-07 22:34:28 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-02-07 22:34:28 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-02-07 22:27:29 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-02-07 22:27:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-02-07 22:27:07 | 1609,945,088 | -HS- | M] () -- C:\hiberfil.sys
[2012-01-29 00:27:01 | 000,064,512 | ---- | M] () -- C:\Users\de99ial\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012-01-17 02:19:37 | 000,000,124 | ---- | M] () -- C:\Users\de99ial\Documents\ax_files.xml
[2012-01-15 17:43:00 | 000,697,674 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-01-15 17:43:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-01-15 17:43:00 | 000,134,784 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-01-15 17:43:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-01-12 01:54:57 | 000,361,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-10-09 16:39:57 | 000,000,256 | ---- | C] () -- C:\Windows\game.ini
[2011-09-14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011-08-26 15:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011-03-17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011-03-07 18:57:50 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2011-01-03 21:35:16 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010-07-11 15:26:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-06-30 22:03:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010-05-06 21:44:32 | 000,064,512 | ---- | C] () -- C:\Users\de99ial\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-29 22:14:13 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010-04-29 22:14:13 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010-04-29 22:14:13 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010-04-29 13:08:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-02-21 03:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-11-06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-08-16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009-08-02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009-08-02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009-08-02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009-07-14 09:07:57 | 000,697,674 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2009-07-14 09:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2009-07-14 09:07:57 | 000,134,784 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2009-07-14 09:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2009-07-14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 05:33:53 | 000,361,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009-07-14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009-07-14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009-07-14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009-07-14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009-07-14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009-07-14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-06-19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009-05-29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-05-29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007-02-05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[color=#E56717]========== LOP Check ==========[/color]

[2011-09-03 21:00:35 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\1812
[2011-10-23 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Activision
[2012-01-10 23:00:21 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Any Video Converter
[2012-02-05 23:52:12 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\foobar2000
[2010-05-06 17:52:25 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Foxit
[2010-04-29 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\GHISLER
[2011-11-21 19:12:11 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\OpenOffice.org
[2010-04-29 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Spik
[2011-11-26 09:32:30 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\TrueCrypt
[2012-02-08 01:37:49 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\uTorrent
[2011-10-31 01:08:20 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\wargaming.net
[2010-04-29 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\de99ial\AppData\Roaming\Win7codecs
[2011-12-02 18:20:10 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

 

i drugi

OTL Extras logfile created on: 2012-02-08 01:40:59 - Run 2
OTL by OldTimer - Version 3.2.31.0	 Folder = D:\Download
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,95% Memory free
4,00 Gb Paging File | 2,67 Gb Available in Paging File | 66,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 35,02 Gb Free Space | 35,90% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 19,29 Gb Free Space | 5,24% Space Free | Partition Type: NTFS
Drive E: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KOMPUTER | User Name: de99ial | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DACC3F4-2007-A5EE-5FFF-129338EC89E6}" = CCC Help English
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{65DF3688-6EF3-4C86-83DE-54AB46029F07}" = Hellgate
"{6603BC18-EEF7-7936-77BF-76861115E674}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{81B3EF66-BAC7-4C91-B856-3943C0196B4E}" = Duke Nukem - Manhattan Project - 1.0.1 Patch
"{81E19A62-1FD2-1066-7C10-19DD3323E27F}" = AMD Media Foundation Decoders
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{840D2B01-6A05-1D0D-DCD2-59567DE0E0BC}" = AMD Fuel
"{8AA5716D-43F6-F7D5-0DD4-199A8103EC71}" = ATI AVIVO Codecs
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel(TM) - Ultimate Alliance
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4B7D086-851B-8830-2F80-DC5AE26B3918}" = AMD Drag and Drop Transcoding
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91045}" = Nero 8 Essentials
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACC75323-DB4A-4F7F-9AF2-1D1DEFF2D0B4}" = Heroes of Might & Magic V: Kuźnia Przeznaczenia
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC5FA098-131A-5648-31D5-825692C72B2C}" = AMD VISION Engine Control Center
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{EA5700B4-7DD1-68DE-8F44-7C2B48E59572}" = HydraVision
"{EF19211B-DB8D-4EF6-B501-27329E455D2C}" = Heroes of Might and Magic V
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy
"{F99F26DF-CCDE-F5F6-02AD-ABA8AAB51ADE}" = ccc-utility
"7-Zip" = 7-Zip 4.65
"ACDSee" = ACDSee
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Dungeon Keeper_is1" = Dungeon Keeper
"Fallout New Vegas 2011 - Extended HD Edition_is1" = Fallout New Vegas 2011 - Extended HD Edition v1.4.0.525
"foobar2000" = foobar2000 v1.1.1
"Foxit Reader" = Foxit Reader
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"InstallShield_{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel(TM) - Ultimate Alliance
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0 (x86 pl)" = Mozilla Firefox 10.0 (x86 pl)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"Odkurzacz 12.6_is1" = Odkurzacz 12.6
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.2
"Spik" = Spik
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.10

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1812 - Serce Zimy" = 1812 - Serce Zimy
"I-Doser v4" = I-Doser v4

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-01-31 22:39:40 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-02-01 17:58:09 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-02-02 15:43:20 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-02-02 19:07:25 | Computer Name = komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: worldoftanks.exe, wersja: 0.0.0.0,
sygnatura czasowa: 0x4ef4901a  Nazwa modułu powodującego błąd: worldoftanks.exe,
wersja: 0.0.0.0, sygnatura czasowa: 0x4ef4901a  Kod wyjątku: 0xc0000005  Przesunięcie
błędu: 0x007a8b03  Identyfikator procesu powodującego błąd: 0x18e4  Godzina uruchomienia
aplikacji powodującej błąd: 0x01cce1fbd7f67dfd  Ścieżka aplikacji powodującej błąd:
D:\Gry\World_of_Tanks\worldoftanks.exe  Ścieżka modułu powodującego błąd: D:\Gry\World_of_Tanks\worldoftanks.exe
Identyfikator
raportu: ab073e40-4df2-11e1-9d02-40618661e07d

Error - 2012-02-03 14:06:28 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-02-04 05:56:42 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-02-05 06:42:02 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-02-05 16:38:01 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-02-05 22:19:42 | Computer Name = komputer | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku
zasad "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu
3.  Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu
"version" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2012-02-06 14:06:00 | Computer Name = komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 2011-12-31 05:12:50 | Computer Name = komputer | Source = Service Control Manager | ID = 7024
Description = Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla
niej błąd %%-1073473535.

Error - 2011-12-31 05:12:50 | Computer Name = komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2012-01-05 15:13:19 | Computer Name = komputer | Source = Service Control Manager | ID = 7024
Description = Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla
niej błąd %%-1073473535.

Error - 2012-01-05 15:13:19 | Computer Name = komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2012-01-06 01:49:23 | Computer Name = komputer | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie
można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

Error - 2012-01-08 08:08:42 | Computer Name = komputer | Source = Service Control Manager | ID = 7024
Description = Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla
niej błąd %%-1073473535.

Error - 2012-01-08 08:08:42 | Computer Name = komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2012-01-29 21:12:38 | Computer Name = komputer | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie
można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

Error - 2012-01-30 13:14:01 | Computer Name = komputer | Source = Service Control Manager | ID = 7024
Description = Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla
niej błąd %%-1073473535.

Error - 2012-01-30 13:14:01 | Computer Name = komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.


< End of report >

 

GMER

 

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-08 01:48:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD503HI rev.1AJ10001
Running: m58zevwe.exe; Driver: C:\Users\de99ial\AppData\Local\Temp\pgddqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text		   ntkrnlpa.exe!ZwSaveKey + 13D1																						 82E3F369 1 Byte  [06]
.text		   ntkrnlpa.exe!KiDispatchInterrupt + 5A2																			    82E78D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text		   sptd.sys																											  88E3A000 8 Bytes  [34, 02, 22, 83, A0, 67, 21, ...] {XOR AL, 0x2; AND AL, [EBX-0x7cde9860]}
.text		   sptd.sys																											  88E3A009 23 Bytes  [67, 21, 83, 48, 8B, 21, 83, ...]
.text		   sptd.sys																											  88E3A024 4 Bytes  [44, 95, F6, 88]
.text		   sptd.sys																											  88E3A02C 74 Bytes  [51, 66, 06, 83, 48, 29, FE, ...]
.text		   sptd.sys																											  88E3A077 113 Bytes  [83, 2B, 7E, 06, 83, C4, 62, ...]
.text		   ...																												   
.sptd2		  C:\Windows\System32\Drivers\sptd.sys																				  entry point in ".sptd2" section [0x88F31D38]
?			   C:\Windows\System32\Drivers\sptd.sys																				  Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text		   C:\Windows\system32\DRIVERS\atikmdag.sys																			  section is writeable [0x8EA39000, 0x3A3E05, 0xE8000020]
.text		   USBPORT.SYS!DllUnload																								 8F64BDB9 5 Bytes  JMP 860F51D8

---- User code sections - GMER 1.0.15 ----

.text		   C:\Program Files\Mozilla Firefox\plugin-container.exe[2536] USER32.dll!GetWindowInfo								  77804B5E 5 Bytes  JMP 66E0A4E7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text		   C:\Program Files\Mozilla Firefox\plugin-container.exe[2536] USER32.dll!TrackPopupMenu								 77812228 5 Bytes  JMP 66E0AABD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text		   C:\Program Files\Mozilla Firefox\firefox.exe[3364] ntdll.dll!LdrLoadDll											   7792223E 5 Bytes  JMP 66C91B30 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]											  [88E3B0C0] \SystemRoot\System32\Drivers\sptd.sys
IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]											 [88E3BFE0] \SystemRoot\System32\Drivers\sptd.sys
IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]											 [88E3B574] \SystemRoot\System32\Drivers\sptd.sys
IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]									  [88E3C1BC] \SystemRoot\System32\Drivers\sptd.sys
IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]									   [88E3B362] \SystemRoot\System32\Drivers\sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]									   [73FF2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]								  [73FD5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]								 [73FD56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]									    [73FF24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]							  [73FE8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]							    [73FE4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]							   [73FE506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]							  [73FE5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]					 [73FE6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]							   [73FE826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]						  [73FE87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]					    [73FE901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]							  [73FEE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]								  [73FE4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device		  \FileSystem\Ntfs \Ntfs																							    84E621F8
Device		  \Driver\usbohci \Device\USBPDO-0																					  860F61F8
Device		  \Driver\PCI_PNP4532 \Device\00000051																				  sptd.sys
Device		  \Driver\usbohci \Device\USBPDO-1																					  860F61F8
Device		  \Driver\usbehci \Device\USBPDO-2																					  860F71F8
Device		  \Driver\usbohci \Device\USBPDO-3																					  860F61F8
Device		  \Driver\ACPI_HAL \Device\00000047																					 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device		  \Driver\usbohci \Device\USBPDO-4																					  860F61F8
Device		  \Driver\usbehci \Device\USBPDO-5																					  860F71F8
Device		  \Driver\usbohci \Device\USBPDO-6																					  860F61F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1																			    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1																			    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2																			    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2																			    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device		  \Driver\cdrom \Device\CdRom0																						  85F9F430
Device		  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0																		   84E601F8
Device		  \Driver\atapi \Device\Ide\IdePort0																				    84E601F8
Device		  \Driver\atapi \Device\Ide\IdePort1																				    84E601F8
Device		  \Driver\atapi \Device\Ide\IdePort2																				    84E601F8
Device		  \Driver\atapi \Device\Ide\IdePort3																				    84E601F8
Device		  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1																		   84E601F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3																			    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3																			    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device		  \Driver\cdrom \Device\CdRom1																						  85F9F430
Device		  \Driver\NetBT \Device\NetBt_Wins_Export																			   860951F8
Device		  \Driver\usbohci \Device\USBFDO-0																					  860F61F8
Device		  \Driver\NetBT \Device\NetBT_Tcpip_{224C5BDE-EF94-4AE4-9794-AF8508F7A244}											  860951F8
Device		  \Driver\usbohci \Device\USBFDO-1																					  860F61F8
Device		  \Driver\usbehci \Device\USBFDO-2																					  860F71F8
Device		  \Driver\usbohci \Device\USBFDO-3																					  860F61F8
Device		  \Driver\usbohci \Device\USBFDO-4																					  860F61F8
Device		  \Driver\usbehci \Device\USBFDO-5																					  860F71F8
Device		  \Driver\usbohci \Device\USBFDO-6																					  860F61F8
Device		  \Driver\aisqkmsu \Device\Scsi\aisqkmsu1																			   860FC1F8
Device		  \Driver\aisqkmsu \Device\Scsi\aisqkmsu1Port4Path0Target0Lun0														  860FC1F8
Device		  \FileSystem\cdfs \Cdfs																							    85FC91F8

---- Registry - GMER 1.0.15 ----

Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1																    771343423
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2																    285507792
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0																    1
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04									  
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0								   C:\Program Files\Alcohol Soft\Alcohol 52\
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0								   0
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew							    0x3A 0x48 0x7D 0xCA ...
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001						     
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0						  0xA0 0x02 0x00 0x00 ...
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew					   0x67 0xFF 0x3B 0xEB ...
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40					  
Reg			 HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew			    0x41 0x8E 0x54 0xB4 ...
Reg			 HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)				  
Reg			 HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0									   C:\Program Files\Alcohol Soft\Alcohol 52\
Reg			 HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0									   0
Reg			 HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew								    0x3A 0x48 0x7D 0xCA ...
Reg			 HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)	     
Reg			 HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0							  0xA0 0x02 0x00 0x00 ...
Reg			 HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew						   0x67 0xFF 0x3B 0xEB ...
Reg			 HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg			 HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew				    0x41 0x8E 0x54 0xB4 ...

---- EOF - GMER 1.0.15 ----


 

Avirę dam jutro, nie gromadze logów, wybacz.

 

I dzięki za zainteresowanie.

Odnośnik do komentarza

Raport z Aviry

 


Avira Free Antivirus
Report file date: 8 lutego 2012  18:35

Scanning for 3435674 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee	    : Avira AntiVir Personal - Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform	    : Windows 7
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode	   : Normally booted
Username	    : SYSTEM
Computer name   : KOMPUTER

Version information:
BUILD.DAT	   : 12.0.0.872	 41826 Bytes  2011-12-15 17:24:00
AVSCAN.EXE	  : 12.1.0.18	 490448 Bytes  2011-10-25 16:45:53
AVSCAN.DLL	  : 12.1.0.17	  54224 Bytes  2011-09-23 11:34:56
LUKE.DLL	    : 12.1.0.17	  68304 Bytes  2011-10-11 13:00:17
AVSCPLR.DLL	 : 12.1.0.21	  99536 Bytes  2011-12-08 19:12:51
AVREG.DLL	   : 12.1.0.27	 227536 Bytes  2011-12-09 20:04:34
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  2009-11-06 18:18:34
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  2010-12-14 09:07:39
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  2011-12-20 18:26:04
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  2012-02-01 17:27:43
VBASE004.VDF    : 7.11.21.239	 2048 Bytes  2012-02-01 17:27:43
VBASE005.VDF    : 7.11.21.240	 2048 Bytes  2012-02-01 17:27:44
VBASE006.VDF    : 7.11.21.241	 2048 Bytes  2012-02-01 17:27:44
VBASE007.VDF    : 7.11.21.242	 2048 Bytes  2012-02-01 17:27:44
VBASE008.VDF    : 7.11.21.243	 2048 Bytes  2012-02-01 17:27:47
VBASE009.VDF    : 7.11.21.244	 2048 Bytes  2012-02-01 17:27:49
VBASE010.VDF    : 7.11.21.245	 2048 Bytes  2012-02-01 17:27:49
VBASE011.VDF    : 7.11.21.246	 2048 Bytes  2012-02-01 17:27:49
VBASE012.VDF    : 7.11.21.247	 2048 Bytes  2012-02-01 17:27:49
VBASE013.VDF    : 7.11.22.33   1486848 Bytes  2012-02-03 18:52:17
VBASE014.VDF    : 7.11.22.56    687616 Bytes  2012-02-03 18:52:19
VBASE015.VDF    : 7.11.22.92    178176 Bytes  2012-02-06 18:51:52
VBASE016.VDF    : 7.11.22.93	  2048 Bytes  2012-02-06 18:51:53
VBASE017.VDF    : 7.11.22.94	  2048 Bytes  2012-02-06 18:51:53
VBASE018.VDF    : 7.11.22.95	  2048 Bytes  2012-02-06 18:51:53
VBASE019.VDF    : 7.11.22.96	  2048 Bytes  2012-02-06 18:51:53
VBASE020.VDF    : 7.11.22.97	  2048 Bytes  2012-02-06 18:51:53
VBASE021.VDF    : 7.11.22.98	  2048 Bytes  2012-02-06 18:51:53
VBASE022.VDF    : 7.11.22.99	  2048 Bytes  2012-02-06 18:51:53
VBASE023.VDF    : 7.11.22.100	 2048 Bytes  2012-02-06 18:51:53
VBASE024.VDF    : 7.11.22.101	 2048 Bytes  2012-02-06 18:51:53
VBASE025.VDF    : 7.11.22.102	 2048 Bytes  2012-02-06 18:51:53
VBASE026.VDF    : 7.11.22.103	 2048 Bytes  2012-02-06 18:51:53
VBASE027.VDF    : 7.11.22.104	 2048 Bytes  2012-02-06 18:51:53
VBASE028.VDF    : 7.11.22.105	 2048 Bytes  2012-02-06 18:51:54
VBASE029.VDF    : 7.11.22.106	 2048 Bytes  2012-02-06 18:51:54
VBASE030.VDF    : 7.11.22.107	 2048 Bytes  2012-02-06 18:51:54
VBASE031.VDF    : 7.11.22.138   106496 Bytes  2012-02-07 21:27:54
Engineversion   : 8.2.8.48  
AEVDF.DLL	   : 8.1.2.2	   106868 Bytes  2011-10-25 16:45:51
AESCRIPT.DLL    : 8.1.4.3	   438649 Bytes  2012-02-03 18:52:28
AESCN.DLL	   : 8.1.8.2	   131444 Bytes  2012-01-27 17:03:11
AESBX.DLL	   : 8.2.4.5	   434549 Bytes  2011-12-01 19:13:39
AERDL.DLL	   : 8.1.9.15	  639348 Bytes  2011-09-08 21:16:06
AEPACK.DLL	  : 8.2.16.2	  799095 Bytes  2012-01-27 17:03:11
AEOFFICE.DLL    : 8.1.2.25	  201084 Bytes  2011-12-30 21:25:06
AEHEUR.DLL	  : 8.1.3.24	 4387190 Bytes  2012-02-03 18:52:27
AEHELP.DLL	  : 8.1.19.0	  254327 Bytes  2012-01-19 21:51:36
AEGEN.DLL	   : 8.1.5.21	  409971 Bytes  2012-02-03 18:52:24
AEEMU.DLL	   : 8.1.3.0	   393589 Bytes  2011-09-01 21:46:01
AECORE.DLL	  : 8.1.25.3	  201079 Bytes  2012-01-27 17:03:05
AEBB.DLL	    : 8.1.1.0	    53618 Bytes  2011-09-01 21:46:01
AVWINLL.DLL	 : 12.1.0.17	  27344 Bytes  2011-10-11 13:00:11
AVPREF.DLL	  : 12.1.0.17	  51920 Bytes  2011-10-11 13:00:09
AVREP.DLL	   : 12.1.0.17	 179408 Bytes  2011-10-11 13:00:09
AVARKT.DLL	  : 12.1.0.19	 208848 Bytes  2011-12-08 19:12:45
AVEVTLOG.DLL    : 12.1.0.17	 169168 Bytes  2011-10-11 13:00:08
SQLITE3.DLL	 : 3.7.0.0	   398288 Bytes  2011-10-11 13:00:22
AVSMTP.DLL	  : 12.1.0.17	  62928 Bytes  2011-10-11 13:00:10
NETNT.DLL	   : 12.1.0.17	  17104 Bytes  2011-10-11 13:00:18
RCIMAGE.DLL	 : 12.1.0.17    4450000 Bytes  2011-10-11 13:00:31
RCTEXT.DLL	  : 12.1.1.16	  96208 Bytes  2011-12-22 18:58:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+JOKE,+PFS,+SPR,

Start of the scan: 8 lutego 2012  18:35

Starting master boot sector scan:
Master boot sector HD0
   [iNFO]	  No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
   [iNFO]	  No virus was found!
Boot sector 'D:\'
   [iNFO]	  No virus was found!

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\AppDomains\Communications.CCC.exe.CCC.3136
 [NOTE]	  The registry entry is invisible.
HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\AppDomains\Communications.MOM.exe.MOM.2860
 [NOTE]	  The registry entry is invisible.
HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Processes\2860
 [NOTE]	  The registry entry is invisible.
HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Processes\3136
 [NOTE]	  The registry entry is invisible.
HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime HydraVision Caste Initialize
 [NOTE]	  The registry entry is invisible.
HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Constructor ProcTime
 [NOTE]	  The registry entry is invisible.
HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste HotKey
 [NOTE]	  The registry entry is invisible.
HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Initialize
 [NOTE]	  The registry entry is invisible.
HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
 [NOTE]	  The registry entry is invisible.
Hidden driver
 [NOTE]	  A memory modification has been detected, which could potentially be used to hide file access attempts.

The scan of running processes will be started
Scan process 'taskeng.exe' - '26' Module(s) have been scanned
Scan process 'TOTALCMD.EXE' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '79' Module(s) have been scanned
Scan process 'Spik.exe' - '133' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '47' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '35' Module(s) have been scanned
Scan process 'CCC.exe' - '238' Module(s) have been scanned
Scan process 'taskhost.exe' - '35' Module(s) have been scanned
Scan process 'MOM.exe' - '67' Module(s) have been scanned
Scan process 'avgnt.exe' - '75' Module(s) have been scanned
Scan process 'XBoxStat.exe' - '32' Module(s) have been scanned
Scan process 'VDeck.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '145' Module(s) have been scanned
Scan process 'Dwm.exe' - '33' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '48' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '108' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '34' Module(s) have been scanned
Scan process 'Fuel.Service.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'sched.exe' - '41' Module(s) have been scanned
Scan process 'spoolsv.exe' - '77' Module(s) have been scanned
Scan process 'svchost.exe' - '71' Module(s) have been scanned
Scan process 'atieclxx.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '151' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'avguard.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1697' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\'


End of the scan: 8 lutego 2012  20:07
Used time:  1:32:00 Hour(s)

The scan has been done completely.

 26164 Scanned directories
756492 Files were scanned
  0 Viruses and/or unwanted programs were found
  0 Files were classified as suspicious
  0 Files were deleted
  0 Viruses and unwanted programs were repaired
  0 Files were moved to quarantine
  0 Files were renamed
  0 Files cannot be scanned
756492 Files not concerned
  5987 Archives were scanned
  0 Warnings
 10 Notes
378552 Objects were scanned with rootkit scan
 10 Hidden objects were found

Odnośnik do komentarza

GMER zrobiony w niewłaściwych warunkach - czynny emulator SPTD, nie wykonałeś obowiązkowego ogłoszenia (KLIK). A ten sterownik to zaraz będzie osadzony w odpowiednim kontekście, bo ma dużo do rzeczy przy detekcjach Avira.

 

I od tego pytania należało zacząć = jak przedstawia to dokładny raport z Aviry. To od razu by ucięło wszelkie spekulacje i nie doprowadziłoby do próby wyszukiwania infekcji i napraw nieistniejących problemów. Nastąpiła tu strata czasu.

 

HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\AppDomains\Communications.CCC.exe.CCC.3136

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\AppDomains\Communications.MOM.exe.MOM.2860

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Processes\2860

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Processes\3136

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime HydraVision Caste Initialize

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Constructor ProcTime

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste HotKey

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Initialize

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2605484181-3698063399-456057694-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

[NOTE] The registry entry is invisible.

Hidden driver

[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

 

Avira widzi wpisy konfiguracji ATI oraz MRU Direct3D jako ukryte, wyniki te nie są infekcją. Odczyt z "Hidden driver" to prawie na pewno chodzi o SPTD (sterownik emulacji napędów ma działanie para-rootkit). Potwierdzenie czy to on uzyskasz wyłączając SPTD za pomocą Defogger + restart, sprawdzian czy Avira nadal notuje "Hidden driver". Jeśli nie, sprawa w pełni wyjaśniona.

 

 

Usuwałem bo lubię dbać o swoją prywatność. Może to przewrażliwienie a może nie, nazwij jak chcesz.

 

Powiem wprost co o tym sądzę: sprzeczność z zakładaniem kont w sieci, zaśmiecanie forum i brak liczenia się z tym, że komuś nabijasz puste rekordy w bazie danych. Poza tym ... czy Ty naprawdę sądzisz, że dobry Administrator serwisu nie ma kopii zapasowych?

 

 

 

.

Odnośnik do komentarza

Defogger pomógł, Avira nie zgłasza tego od czego się zaczęło.

 

Dzięki za pomoc i przepraszam za stratę czasu.

 

Pozdrawiam

 

 

 

PS. Admin to nie byle user, który może sobie wejść i poczytać. To, że jak ktoś bardzo chce to znajdzie - wiem. Chodzi mi o typowego usera, nie Admina ;)

 

Konta w sieci wiedzą tyle ile im podam.

Odnośnik do komentarza
Defogger pomógł, Avira nie zgłasza tego od czego się zaczęło.

 

To był tylko test potwierdzający na 100%, że to fałszywy alarm Avira na sterowniku emulatora. Korzystasz z programu Alcohol 52 do emulacji napędów (widzę wpisy w starcie), Alcohol 52 nie będzie działać bez SPTD ani też bez czynnego SPTD nawet go nie odinstalujesz (Alcohol powinien zwrócić wtedy błąd plecący coś o "naruszeniu integracji instalacji"). W takiej sytuacji musisz przywrócić stan SPTD za pomocą Defogger, a to co mówi Avira (obudzi się po ponownej aktywacji SPTD) po prostu zignorować.

 

 

Dzięki za pomoc i przepraszam za stratę czasu.

 

Ja to nie do Ciebie kieruję, adresatem jest pomoc na tamtym forum. Dlatego ja w zasadach działu robię nacisk na wyciągi z dzienników skanerów, dymki antywirusa to nie to samo.

 

 

Chodzi mi o typowego usera, nie Admina

 

Mnie przecież też. Admin przywraca wymazaną treść, staje się ona ponownie dostępna dla "typowych". Dlatego uważam wymazywanie za mało sensowne.

 

 

.

Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...