Choroaz utworzono 4 października 2009 utworzono 4 października 2009 (edytowane) Mam problemy z kompem. Po starcie wyskajują różne błędy : błedzy aplikacji explorer czy autorun. Nie moge zrobic loga z OTL ponieważ przy scanie program zacina się przy "Loking for newly created files c:\5241.902.exe...". Combo fix też nie działa pewnie jakiś wirus uszkadza go już przy sciaganiu. innych programów do robienia logów też nie moge sciagnac, bo wchodzac na strone do pobierania wyskakuje blad firefoxa "nie mozna wyświeltic strony". Jeszcze dodam ze avast wykrywa mi virusa typu zakraplacz i nie moge go usunąć Prosze o pomoc [log] GMER 1.0.15.15087 - http://www.gmer.net Rootkit scan 2009-10-04 12:42:12 Windows 5.1.2600 Dodatek Service Pack 3 Running: bq72czwq.exe; Driver: C:\DOCUME~1\Bartek\USTAWI~1\Temp\agkyqkob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB13DF6B8] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9EA8514] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E97282] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E97474] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9EA8D00] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9EA8FB8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB13DF14C] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9EA73FA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB13DF08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB13DF0F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB13DF76E] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EA9422] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB13DF72E] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9EA87D8] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9E96F32] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2420 80501C48 8 Bytes JMP 69C49106 ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01340001 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[500] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\brsvc01a.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\brsvc01a.exe[524] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DF0001 .text C:\WINDOWS\system32\brsvc01a.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\brsvc01a.exe[524] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\brss01a.exe[540] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\brss01a.exe[540] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001 .text C:\WINDOWS\system32\brss01a.exe[540] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\brss01a.exe[540] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[544] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\spoolsv.exe[544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001 .text C:\WINDOWS\system32\spoolsv.exe[544] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\spoolsv.exe[544] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01560001 .text C:\WINDOWS\system32\csrss.exe[552] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\csrss.exe[552] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\winlogon.exe[584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016A0001 .text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001 .text C:\WINDOWS\system32\services.exe[628] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\services.exe[628] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FF9476D .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FF947FC .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FF94809 .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FF94A8D .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FF947F2 .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FF9484A .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001 .text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .rsrc C:\WINDOWS\system32\svchost.exe[696] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040] .rsrc C:\WINDOWS\system32\svchost.exe[696] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100564C] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[788] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\Ati2evxx.exe[788] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01210001 .text C:\WINDOWS\system32\Ati2evxx.exe[788] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\Ati2evxx.exe[788] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00790001 .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[796] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .rsrc C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040] .rsrc C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100564C] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001 .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .rsrc C:\WINDOWS\system32\svchost.exe[932] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040] .rsrc C:\WINDOWS\system32\svchost.exe[932] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100564C] .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001 .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\Program Files\Alwil Software\Avast4\setup\avast.setup[992] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Alwil Software\Avast4\setup\avast.setup[992] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Alwil Software\Avast4\setup\avast.setup[992] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Alwil Software\Avast4\setup\avast.setup[992] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Alwil Software\Avast4\setup\avast.setup[992] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Alwil Software\Avast4\setup\avast.setup[992] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .rsrc C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040] .rsrc C:\WINDOWS\System32\svchost.exe[1016] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x0100564C] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01E00001 .text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016B0001 .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[1064] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .rsrc C:\WINDOWS\system32\svchost.exe[1116] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040] .rsrc C:\WINDOWS\system32\svchost.exe[1116] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100564C] .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001 .text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1148] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\Ati2evxx.exe[1148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E60001 .text C:\WINDOWS\system32\Ati2evxx.exe[1148] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1148] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .rsrc C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040] .rsrc C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100564C] .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E60001 .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1416] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1416] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1416] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1416] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1416] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1416] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1472] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1472] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1472] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1472] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1472] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1472] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Spyware Doctor\pctsSvc.exe[1596] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Spyware Doctor\pctsSvc.exe[1596] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Spyware Doctor\pctsSvc.exe[1596] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Spyware Doctor\pctsSvc.exe[1596] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Spyware Doctor\pctsSvc.exe[1596] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Spyware Doctor\pctsSvc.exe[1596] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Spyware Doctor\pctsSvc.exe[1596] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools) .reloc C:\WINDOWS\Explorer.EXE[1600] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE0000040] .reloc C:\WINDOWS\Explorer.EXE[1600] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x0110340A] .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016C0001 .text C:\WINDOWS\Explorer.EXE[1600] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\Explorer.EXE[1600] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[1612] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\FastNetSrv.exe[1724] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\FastNetSrv.exe[1724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015C0001 .text C:\WINDOWS\system32\FastNetSrv.exe[1724] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\FastNetSrv.exe[1724] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1812] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1812] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1812] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1812] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1812] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1812] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009A0001 .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[1824] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04340001 .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools) .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\pctsTray.exe[1844] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01980001 .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\DOCUME~1\Bartek\USTAWI~1\Temp\dfhaegeh.exe[1904] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001 .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe[2192] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008C0001 .text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D .text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .rsrc C:\WINDOWS\system32\svchost.exe[2600] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040] .rsrc C:\WINDOWS\system32\svchost.exe[2600] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100564C] .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2600] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[2600] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001 .text C:\WINDOWS\system32\svchost.exe[2600] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[2600] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wdfmgr.exe[2676] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\wdfmgr.exe[2676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 005E0001 .text C:\WINDOWS\system32\wdfmgr.exe[2676] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\wdfmgr.exe[2676] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA476D .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA47FC .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA4809 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [05, 5F] .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtDeviceIoControlFile 7C90D260 5 Bytes CALL 7FFA4A8D .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA484A .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [0B, 5F] .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[4068] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[628] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00610002 IAT C:\WINDOWS\system32\services.exe[628] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00610000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.15 ---- [/log]
MarekM25 komentarz 4 października 2009 komentarz 4 października 2009 Jak sytuacja wygląda w awaryjnym? Czy można tam wykonać logi? Co wyskakuje przy próbie włączenia combofixa? Przeskanuj komputer Dr Webem CureIT.
Choroaz komentarz 4 października 2009 Autor komentarz 4 października 2009 W awaryjnym zaraz spróbuje. Przy właczaniu ComcoFixa wyskakuje komunikat: "C:\Cocuments and Settings/.../pulpit/ComboFix nie jest prawidłową aplikacją Win32"dało sie zrobić przeskanować OTL w trybie awaryjnym oto log [log] OTL logfile created on: 2009-10-04 15:36:31 - Run 3 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Bartek\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,25 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 74,95% Memory free 2,98 Gb Paging File | 2,78 Gb Available in Paging File | 93,21% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 82,49 Gb Free Space | 84,47% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Unable to calculate disk information. Drive F: | 135,22 Gb Total Space | 114,46 Gb Free Space | 84,64% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: QWERTY-AB9229BC Current User Name: Bartek Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-01-07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe PRC - [2009-01-21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe PRC - [2008-04-14 22:51:52 | 00,238,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008-04-14 22:51:18 | 01,055,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-09-01 12:23:50 | 00,534,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bartek\Moje dokumenty\Pobieranie\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-08-17 17:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Stopped]) SRV - [2008-03-29 05:54:05 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped]) SRV - [2008-03-28 21:05:00 | 00,614,400 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2009-08-17 18:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped]) SRV - [2009-08-17 18:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped]) SRV - [2009-08-17 18:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped]) SRV - [2002-04-12 00:00:00 | 00,077,824 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Stopped]) SRV - [2001-10-26 17:27:34 | 00,046,592 | ---- | M] (X-Ways Software Technology) -- C:\WINDOWS\System32\BtwSrv.dll -- (BtwSrv [Auto | Stopped]) SRV - File not found -- -- (DcomLaunchhelpsvc [Auto | Stopped]) SRV - [2001-10-26 17:27:34 | 00,114,688 | ---- | M] (Sigma Designs Inc) -- C:\WINDOWS\System32\FastNetSrv.exe -- (fastnetsrv [Auto | Stopped]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-04-14 22:50:34 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Stopped]) SRV - [2009-06-05 22:13:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped]) SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped]) SRV - [2009-04-20 20:38:00 | 00,000,000 | ---D | M] -- C:\WINDOWS\System32\MsDtc -- (MSDTC [On_Demand | Stopped]) SRV - [2006-09-12 21:55:36 | 00,745,472 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2009-01-07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running]) SRV - [2009-01-21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running]) SRV - [2008-04-07 09:17:30 | 00,450,560 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) SRV - [2005-01-28 13:44:28 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-10-04 15:31:56 | 00,078,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\3b2ce8dd.sys -- (3b2ce8dd [System | Stopped]) DRV - [2009-08-17 18:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Stopped]) DRV - [2009-08-17 18:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Stopped]) DRV - [2009-08-17 18:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Stopped]) DRV - [2009-08-17 18:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped]) DRV - [2009-08-17 18:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Stopped]) DRV - [2009-08-17 18:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Stopped]) DRV - [2008-03-29 08:21:53 | 02,873,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped]) DRV - [2004-10-15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped]) DRV - [2001-09-28 06:50:00 | 00,280,720 | R--- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped]) DRV - [2001-08-17 22:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped]) DRV - [2008-04-14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped]) DRV - [2001-08-17 23:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped]) DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped]) DRV - [2004-06-03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running]) DRV - [2004-05-17 14:00:52 | 00,033,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped]) DRV - [2004-05-17 14:00:54 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Stopped]) DRV - [2004-06-03 10:40:50 | 00,068,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvraid.sys -- (nvraid [Boot | Running]) DRV - [2004-04-02 15:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running]) DRV - [2009-07-11 12:19:58 | 00,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys -- (oreans32 [System | Stopped]) DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2009-04-03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running]) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Stopped]) DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2007-06-28 11:46:54 | 00,083,208 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716bus.sys -- (s716bus [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716mdfl.sys -- (s716mdfl [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,108,552 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716mdm.sys -- (s716mdm [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,100,360 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716mgmt.sys -- (s716mgmt [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,023,176 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716nd5.sys -- (s716nd5 [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,098,568 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716obex.sys -- (s716obex [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,098,952 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716unic.sys -- (s716unic [On_Demand | Stopped]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-04-14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-329068152-115176313-725345543-1003\S-1-5-21-329068152-115176313-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-05 22:13:52 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-22 19:05:28 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-11 19:10:41 | 00,000,000 | ---D | M] [2009-04-21 21:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\mozilla\Extensions [2009-04-21 21:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-10-04 10:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\mozilla\Firefox\Profiles\vrrdhy9c.default\extensions [2009-04-21 21:28:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\mozilla\Firefox\Profiles\vrrdhy9c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-04-21 21:28:28 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Bartek\Dane aplikacji\Mozilla\FireFox\Profiles\vrrdhy9c.default\searchplugins\winamp-search.xml [2009-10-04 11:06:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-09-11 19:10:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-22 18:47:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009-06-05 22:14:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-09-11 19:10:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-09-11 19:10:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-06-05 22:13:51 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-09-11 19:10:40 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007-05-10 22:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-08-29 18:42:57 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-08-29 18:42:57 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-08-29 18:42:58 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-08-29 18:42:58 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-08-29 18:42:58 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-08-29 18:42:58 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-08-29 18:42:58 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Bartek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-329068152-115176313-725345543-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [dfhaegeh] C:\Documents and Settings\Bartek\Ustawienia lokalne\Temp\dfhaegeh.exe () O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [restorer32_a] C:\WINDOWS\TEMP\VRT14.tmp File not found O4 - HKU\S-1-5-18..\Run: [restorer32_a] C:\WINDOWS\TEMP\VRT14.tmp File not found O4 - HKU\S-1-5-21-329068152-115176313-725345543-1003..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe () O4 - HKU\S-1-5-21-329068152-115176313-725345543-1003..\Run: [12CFG214-K641-24SF-N84P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe () O4 - HKU\S-1-5-21-329068152-115176313-725345543-1003..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-329068152-115176313-725345543-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKLM..\RunOnce: [] File not found O4 - HKLM..\RunOnce: [GrpConv] C:\WINDOWS\System32\grpconv.exe (Microsoft Corporation) F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\S-1-5-21-329068152-115176313-725345543-1003 WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\S-1-5-21-329068152-115176313-725345543-1003 WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4807991907-5091787089-387432523-0530\wnzip32.exe) - C:\RECYCLER\S-1-5-21-4807991907-5091787089-387432523-0530\wnzip32.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-04-20 20:41:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-10-04 15:16:08 | 00,078,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\3b2ce8dd.sys [2009-10-04 15:16:03 | 00,062,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX [2009-10-04 15:15:22 | 00,258,048 | ---- | C] (-) -- C:\8654,733.exe [2009-10-04 15:15:16 | 00,061,440 | ---- | C] (USA) -- C:\WINDOWS\System32\msxm192z.dll [2009-10-04 15:15:11 | 00,150,528 | ---- | C] (MainConcept CO,.@FileDescription) -- C:\3806,661.exe [2009-10-04 15:15:08 | 00,000,812 | ---- | C] () -- C:\7732,66.exe [2009-10-04 15:15:03 | 00,416,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.cfexe [2009-10-04 15:14:55 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009-10-04 15:14:24 | 02,871,189 | R--- | C] () -- C:\Documents and Settings\Bartek\Pulpit\ComboFix.exe [2009-10-04 10:22:59 | 00,258,048 | ---- | C] (-) -- C:\9665,476.exe [2009-10-04 10:22:47 | 00,150,528 | ---- | C] (MainConcept CO,.@FileDescription) -- C:\3173,574.exe [2009-10-04 10:22:44 | 00,000,812 | ---- | C] () -- C:\391,199.exe [2009-10-04 10:14:14 | 00,258,048 | ---- | C] (-) -- C:\6706,644.exe [2009-10-04 10:13:28 | 00,150,528 | ---- | C] (MainConcept CO,.@FileDescription) -- C:\8588,308.exe [2009-10-04 10:13:01 | 00,000,812 | ---- | C] () -- C:\2373,316.exe [2009-10-04 09:25:15 | 00,311,808 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe [2009-10-04 09:11:52 | 00,150,528 | ---- | C] (MainConcept CO,.@FileDescription) -- C:\9753,163.exe [2009-10-04 09:11:50 | 00,000,812 | ---- | C] () -- C:\3767,053.exe [2009-10-04 07:50:31 | 00,258,048 | ---- | C] (-) -- C:\5241,902.exe [2009-10-04 07:50:29 | 00,000,740 | ---- | C] () -- C:\4036,066.exe [2009-10-03 17:43:25 | 00,195,706 | ---- | C] () -- C:\bxim.exe [2009-10-03 17:43:22 | 00,285,534 | ---- | C] () -- C:\qdgavjh.exe [2009-10-03 17:43:22 | 00,130,048 | ---- | C] () -- C:\dgqosg.exe [2009-10-03 17:42:16 | 00,130,048 | ---- | C] () -- C:\pamunry.exe [2009-10-03 17:42:02 | 00,192,951 | ---- | C] () -- C:\oauseukx.exe [2009-10-03 17:41:58 | 00,285,534 | ---- | C] () -- C:\mcdcffmk.exe [2009-10-03 11:56:20 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\g.doc [2009-10-03 03:04:58 | 00,000,740 | ---- | C] () -- C:\9119,837.exe [2009-10-02 06:38:08 | 00,000,740 | ---- | C] () -- C:\6101,19.exe [2009-10-01 21:53:30 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\ang.doc [2009-10-01 17:54:49 | 01,436,906 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\MFD-instrukcja.pdf [2009-10-01 15:56:52 | 00,000,740 | ---- | C] () -- C:\142,023.exe [2009-09-30 06:43:20 | 00,106,496 | ---- | C] () -- C:\9816,508.exe [2009-09-30 06:41:25 | 00,000,724 | ---- | C] () -- C:\5315,363.exe [2009-09-29 21:31:14 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Bartek\Pulpit\~$geo.doc [2009-09-29 20:43:31 | 00,828,888 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\World_map_of_countries_by_rate_of_unemployment.png [2009-09-29 20:43:01 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2009-09-29 20:24:09 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\geo.doc [2009-09-29 10:27:15 | 00,258,048 | ---- | C] (-) -- C:\8025,563.exe [2009-09-29 10:27:11 | 00,000,724 | ---- | C] () -- C:\8069,574.exe [2009-09-28 20:42:42 | 00,000,613 | --S- | C] () -- C:\WINDOWS\System32\1088390442.dat [2009-09-28 19:10:56 | 00,477,748 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\20090928109.jpg [2009-09-28 18:57:57 | 00,998,484 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\20090928107.jpg [2009-09-28 18:20:10 | 00,047,616 | ---- | C] () -- C:\2128,977.exe [2009-09-28 18:15:08 | 00,000,716 | ---- | C] () -- C:\3959,467.exe [2009-09-27 17:40:06 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\geografia.doc [2009-09-27 08:21:12 | 00,000,716 | ---- | C] () -- C:\1374,628.exe [2009-09-26 08:17:02 | 00,000,724 | ---- | C] () -- C:\6622,125.exe [2009-09-25 06:26:39 | 00,000,724 | ---- | C] () -- C:\6564,905.exe [2009-09-24 22:38:16 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\grA.doc [2009-09-24 16:00:37 | 00,000,724 | ---- | C] () -- C:\7244,227.exe [2009-09-23 17:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Pulpit\hist [2009-09-23 17:44:54 | 00,074,752 | ---- | C] () -- C:\1996,073.exe [2009-09-23 17:44:29 | 00,000,724 | ---- | C] () -- C:\2730,677.exe [2009-09-22 16:35:49 | 00,000,724 | ---- | C] () -- C:\7918,665.exe [2009-09-21 06:49:24 | 00,000,744 | ---- | C] () -- C:\4579,126.exe [2009-09-18 15:52:52 | 00,046,592 | ---- | C] () -- C:\8326,944.exe [2009-09-18 15:47:21 | 00,000,744 | ---- | C] () -- C:\6076,166.exe [2009-09-17 15:50:20 | 00,046,592 | ---- | C] () -- C:\5338,511.exe [2009-09-17 15:49:42 | 00,000,744 | ---- | C] () -- C:\660,5166.exe [2009-09-16 17:45:49 | 00,046,592 | ---- | C] () -- C:\1474,833.exe [2009-09-16 17:37:32 | 00,000,712 | ---- | C] () -- C:\4006,616.exe [2009-09-15 22:51:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Dane aplikacji\Thinstall [2009-09-15 22:48:57 | 54,245,019 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bartek\Pulpit\WORD 2003.exe [2009-09-15 17:27:05 | 00,046,592 | ---- | C] () -- C:\5055,337.exe [2009-09-15 17:02:17 | 00,151,040 | ---- | C] (MainConcept AG`FileDescription) -- C:\7661,794.exe [2009-09-15 17:02:14 | 00,000,868 | ---- | C] () -- C:\4027,368.exe [2009-09-14 16:56:12 | 00,046,592 | ---- | C] () -- C:\2573,19.exe [2009-09-14 16:54:07 | 00,151,040 | ---- | C] (MainConcept AG`FileDescription) -- C:\9931,996.exe [2009-09-14 16:54:03 | 00,000,868 | ---- | C] () -- C:\4869,959.exe [2009-09-13 20:11:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2009-09-13 16:06:26 | 00,235,887 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\Quantic - Apricot Morning.jpg [2009-09-13 15:37:44 | 00,000,000 | ---D | C] -- C:\ComboFix [2009-09-13 15:37:43 | 00,416,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29256.exe [2009-09-13 09:33:57 | 00,046,592 | ---- | C] () -- C:\3030,344.exe [2009-09-13 09:28:24 | 00,151,040 | ---- | C] (MainConcept AG`FileDescription) -- C:\6633,657.exe [2009-09-13 09:28:21 | 00,000,868 | ---- | C] () -- C:\208,0935.exe [2009-09-12 19:07:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009-09-12 19:00:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\cache [2009-09-12 18:30:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Dane aplikacji\PC Suite [2009-09-12 18:30:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-09-12 18:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Dane aplikacji\Nokia [2009-09-12 18:29:25 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX [2009-09-12 18:29:24 | 00,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2009-09-12 18:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2009-09-12 18:29:02 | 01,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll [2009-09-12 18:29:02 | 00,095,744 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2009-09-12 18:29:02 | 00,016,896 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2009-09-12 18:28:44 | 00,048,128 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll [2009-09-12 18:28:44 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia [2009-09-12 18:27:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-09-12 18:25:39 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2009-09-12 08:53:46 | 00,046,592 | ---- | C] () -- C:\578,5614.exe [2009-09-12 08:52:59 | 00,151,040 | ---- | C] (MainConcept AG`FileDescription) -- C:\1285,756.exe [2009-09-12 08:52:58 | 00,000,868 | ---- | C] () -- C:\1384,851.exe [2009-09-11 23:35:21 | 00,046,592 | ---- | C] () -- C:\5091,348.exe [2009-09-11 21:31:24 | 00,000,868 | ---- | C] () -- C:\5042,688.exe [2009-09-11 19:16:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Pulpit\tata [2009-09-10 17:59:44 | 00,000,716 | ---- | C] () -- C:\8091,395.exe [2009-09-09 15:52:24 | 00,152,064 | ---- | C] (MainConcept AG`FileDescription) -- C:\5031,789.exe [2009-09-09 15:52:20 | 00,000,716 | ---- | C] () -- C:\5042,994.exe [2009-09-08 16:10:45 | 00,152,064 | ---- | C] (MainConcept AG`FileDescription) -- C:\972,3407.exe [2009-09-08 16:10:44 | 00,000,860 | ---- | C] () -- C:\565,4543.exe [2009-09-07 16:22:51 | 00,180,736 | ---- | C] (MainConcept AG`FileDescription) -- C:\8840,23.exe [2009-09-07 16:22:47 | 00,000,492 | ---- | C] () -- C:\7610,59.exe [2009-09-06 18:16:58 | 00,000,492 | ---- | C] () -- C:\6495,478.exe [2009-07-11 12:19:58 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2009-06-23 17:44:58 | 00,074,752 | -HS- | C] () -- C:\WINDOWS\System32\vobuturi.dll [2009-06-23 17:44:58 | 00,074,752 | -HS- | C] () -- C:\WINDOWS\System32\dafanole.dll [2009-06-23 17:44:58 | 00,074,752 | -HS- | C] () -- C:\WINDOWS\System32\bakivige.dll [2009-05-11 18:34:05 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-05-11 18:34:04 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-04-23 06:28:05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-04-22 17:33:26 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009-04-22 17:33:26 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009-04-22 17:33:26 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009-04-22 17:30:09 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009-04-21 20:53:11 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2009-04-20 21:08:55 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004-08-04 00:44:28 | 00,048,585 | ---- | C] () -- C:\WINDOWS\System32\1031i.sys [2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-03-04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001-10-26 17:27:34 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys [2001-07-21 22:16:20 | 00,000,804 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 22:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-10-04 15:35:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-04 15:31:56 | 00,078,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\3b2ce8dd.sys [2009-10-04 15:30:50 | 03,732,876 | -H-- | M] () -- C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-10-04 15:16:04 | 00,062,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX [2009-10-04 15:15:29 | 00,195,706 | ---- | M] () -- C:\bxim.exe [2009-10-04 15:15:22 | 00,258,048 | ---- | M] (-) -- C:\8654,733.exe [2009-10-04 15:15:16 | 00,061,440 | ---- | M] (USA) -- C:\WINDOWS\System32\msxm192z.dll [2009-10-04 15:15:11 | 00,150,528 | ---- | M] (MainConcept CO,.@FileDescription) -- C:\3806,661.exe [2009-10-04 15:15:09 | 00,130,048 | ---- | M] () -- C:\dgqosg.exe [2009-10-04 15:15:08 | 00,000,812 | ---- | M] () -- C:\7732,66.exe [2009-10-04 15:15:06 | 00,285,534 | ---- | M] () -- C:\qdgavjh.exe [2009-10-04 15:15:03 | 00,416,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.cfexe [2009-10-04 10:33:41 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-04 10:22:59 | 00,258,048 | ---- | M] (-) -- C:\9665,476.exe [2009-10-04 10:22:47 | 00,150,528 | ---- | M] (MainConcept CO,.@FileDescription) -- C:\3173,574.exe [2009-10-04 10:22:44 | 00,000,812 | ---- | M] () -- C:\391,199.exe [2009-10-04 10:14:14 | 00,258,048 | ---- | M] (-) -- C:\6706,644.exe [2009-10-04 10:13:28 | 00,150,528 | ---- | M] (MainConcept CO,.@FileDescription) -- C:\8588,308.exe [2009-10-04 10:13:01 | 00,000,812 | ---- | M] () -- C:\2373,316.exe [2009-10-04 09:25:15 | 00,311,808 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe [2009-10-04 09:11:52 | 00,150,528 | ---- | M] (MainConcept CO,.@FileDescription) -- C:\9753,163.exe [2009-10-04 09:11:50 | 00,000,812 | ---- | M] () -- C:\3767,053.exe [2009-10-04 08:59:33 | 00,192,951 | ---- | M] () -- C:\oauseukx.exe [2009-10-04 07:50:31 | 00,258,048 | ---- | M] (-) -- C:\5241,902.exe [2009-10-04 07:50:29 | 00,000,740 | ---- | M] () -- C:\4036,066.exe [2009-10-04 07:50:27 | 00,130,048 | ---- | M] () -- C:\pamunry.exe [2009-10-04 07:50:11 | 00,361,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS [2009-10-04 07:50:11 | 00,361,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS [2009-10-03 17:46:15 | 00,285,534 | ---- | M] () -- C:\mcdcffmk.exe [2009-10-03 11:56:20 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\g.doc [2009-10-03 03:04:58 | 00,000,740 | ---- | M] () -- C:\9119,837.exe [2009-10-02 06:38:08 | 00,000,740 | ---- | M] () -- C:\6101,19.exe [2009-10-01 21:53:31 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\ang.doc [2009-10-01 17:54:49 | 01,436,906 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\MFD-instrukcja.pdf [2009-10-01 15:56:52 | 00,000,740 | ---- | M] () -- C:\142,023.exe [2009-09-30 17:55:38 | 00,000,613 | --S- | M] () -- C:\WINDOWS\System32\1088390442.dat [2009-09-30 06:43:20 | 00,106,496 | ---- | M] () -- C:\9816,508.exe [2009-09-30 06:41:25 | 00,000,724 | ---- | M] () -- C:\5315,363.exe [2009-09-29 22:07:09 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\geo.doc [2009-09-29 21:31:14 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Bartek\Pulpit\~$geo.doc [2009-09-29 20:44:14 | 00,828,888 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\World_map_of_countries_by_rate_of_unemployment.png [2009-09-29 20:43:45 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\Eksplorator Windows.lnk [2009-09-29 10:27:15 | 00,258,048 | ---- | M] (-) -- C:\8025,563.exe [2009-09-29 10:27:11 | 00,000,724 | ---- | M] () -- C:\8069,574.exe [2009-09-28 18:20:10 | 00,047,616 | ---- | M] () -- C:\2128,977.exe [2009-09-28 18:15:08 | 00,000,716 | ---- | M] () -- C:\3959,467.exe [2009-09-28 18:14:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-28 17:04:46 | 00,477,748 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\20090928109.jpg [2009-09-28 16:51:22 | 00,998,484 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\20090928107.jpg [2009-09-27 17:40:06 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\geografia.doc [2009-09-27 08:21:12 | 00,000,716 | ---- | M] () -- C:\1374,628.exe [2009-09-26 08:17:02 | 00,000,724 | ---- | M] () -- C:\6622,125.exe [2009-09-25 06:51:36 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\grA.doc [2009-09-25 06:26:39 | 00,000,724 | ---- | M] () -- C:\6564,905.exe [2009-09-24 16:00:37 | 00,000,724 | ---- | M] () -- C:\7244,227.exe [2009-09-23 17:45:02 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\ziletupo [2009-09-23 17:44:54 | 00,074,752 | ---- | M] () -- C:\1996,073.exe [2009-09-23 17:44:29 | 00,000,724 | ---- | M] () -- C:\2730,677.exe [2009-09-22 16:35:49 | 00,000,724 | ---- | M] () -- C:\7918,665.exe [2009-09-21 06:49:24 | 00,000,744 | ---- | M] () -- C:\4579,126.exe [2009-09-18 15:52:52 | 00,046,592 | ---- | M] () -- C:\8326,944.exe [2009-09-18 15:47:21 | 00,000,744 | ---- | M] () -- C:\6076,166.exe [2009-09-17 15:50:20 | 00,046,592 | ---- | M] () -- C:\5338,511.exe [2009-09-17 15:49:42 | 00,000,744 | ---- | M] () -- C:\660,5166.exe [2009-09-16 17:45:49 | 00,046,592 | ---- | M] () -- C:\1474,833.exe [2009-09-16 17:37:32 | 00,000,712 | ---- | M] () -- C:\4006,616.exe [2009-09-15 17:27:05 | 00,046,592 | ---- | M] () -- C:\5055,337.exe [2009-09-15 17:02:17 | 00,151,040 | ---- | M] (MainConcept AG`FileDescription) -- C:\7661,794.exe [2009-09-15 17:02:14 | 00,000,868 | ---- | M] () -- C:\4027,368.exe [2009-09-14 16:56:12 | 00,046,592 | ---- | M] () -- C:\2573,19.exe [2009-09-14 16:54:07 | 00,151,040 | ---- | M] (MainConcept AG`FileDescription) -- C:\9931,996.exe [2009-09-14 16:54:03 | 00,000,868 | ---- | M] () -- C:\4869,959.exe [2009-09-13 20:17:58 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-09-13 16:06:27 | 00,235,887 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\Quantic - Apricot Morning.jpg [2009-09-13 15:37:43 | 00,416,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29256.exe [2009-09-13 09:33:57 | 00,046,592 | ---- | M] () -- C:\3030,344.exe [2009-09-13 09:28:24 | 00,151,040 | ---- | M] (MainConcept AG`FileDescription) -- C:\6633,657.exe [2009-09-13 09:28:21 | 00,000,868 | ---- | M] () -- C:\208,0935.exe [2009-09-12 08:53:46 | 00,046,592 | ---- | M] () -- C:\578,5614.exe [2009-09-12 08:52:59 | 00,151,040 | ---- | M] (MainConcept AG`FileDescription) -- C:\1285,756.exe [2009-09-12 08:52:58 | 00,000,868 | ---- | M] () -- C:\1384,851.exe [2009-09-11 23:35:21 | 00,046,592 | ---- | M] () -- C:\5091,348.exe [2009-09-11 21:31:24 | 00,000,868 | ---- | M] () -- C:\5042,688.exe [2009-09-10 17:59:44 | 00,000,716 | ---- | M] () -- C:\8091,395.exe [2009-09-09 15:52:24 | 00,152,064 | ---- | M] (MainConcept AG`FileDescription) -- C:\5031,789.exe [2009-09-09 15:52:20 | 00,000,716 | ---- | M] () -- C:\5042,994.exe [2009-09-08 16:10:45 | 00,152,064 | ---- | M] (MainConcept AG`FileDescription) -- C:\972,3407.exe [2009-09-08 16:10:44 | 00,000,860 | ---- | M] () -- C:\565,4543.exe [2009-09-07 16:22:51 | 00,180,736 | ---- | M] (MainConcept AG`FileDescription) -- C:\8840,23.exe [2009-09-07 16:22:47 | 00,000,492 | ---- | M] () -- C:\7610,59.exe [2009-09-06 18:16:58 | 00,000,492 | ---- | M] () -- C:\6495,478.exe [color=#E56717]========== LOP Check ==========[/color] [2009-10-01 18:45:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-04-22 17:29:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Brother [2009-09-12 18:27:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-09-12 18:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-04-22 17:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft [2009-10-04 15:35:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-09-15 22:51:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji [2009-05-06 18:41:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Ahead [2009-08-31 07:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\ArcaMicroScan [2009-09-23 17:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\BESTplayer [2009-08-31 07:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Broad Intelligence [2009-05-19 19:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Dev-Cpp [2009-09-12 18:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Nokia [2009-08-29 21:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Nowe Gadu-Gadu [2009-05-21 22:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\OpenFM [2009-09-12 18:30:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\PC Suite [2009-08-31 09:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Simply Super Software [2009-07-01 14:00:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\teamspeak2 [2009-08-30 10:59:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Teleca [2009-09-15 22:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Thinstall [2009-04-24 18:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Tibia [2009-04-20 22:26:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-09-12 18:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2009-04-20 20:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2001-07-21 22:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-04-20 21:11:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report > [/log]dr.web usunął 46 infekcji, bardzo fajnie tylko ja usunałem nie chcący plik mswinsck.ocx bo był zaifekowany i teraz przy uruchomieniu kompa wyskakuje błąd "Component mswinsck.ocx or one of its dependecies not correctly registred: a file is missing or invalid" Co robić ?
Gość komentarz 4 października 2009 komentarz 4 października 2009 (edytowane) Użyj (w Trybie Awaryjnym)-->[url=http://www.hotfix.pl/articles.php?article_id=67][b][color=blue][u]SDFix[/u][/color][/b][/url]. (niżej na stronie linku). Pokaż Report.txt znajdujący się w folderze SDFix. Masz setki robaków, nie dziwię się, że ComboFix sie nie chcę uruchomić. .
Choroaz komentarz 4 października 2009 Autor komentarz 4 października 2009 oto log z SDFixa [log] scanning hidden services & system hive ... disk error: C:\WINDOWS\system32\config\system, 1381 scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software, 1381 disk error: C:\Documents and Settings\Bartek\ntuser.dat, 1381 scanning hidden files ... disk error: C:\WINDOWS\ please note that you need administrator rights to perform deep scan [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe:*:Enabled:Nowe Gadu-Gadu" "F:\\Gry\\Worms Armageddon\\WA.exe"="F:\\Gry\\Worms Armageddon\\WA.exe:*:Enabled:Worms Armageddon" "F:\\Gry\\cs 1.6\\hl.exe"="F:\\Gry\\cs 1.6\\hl.exe:*:Enabled:Half-Life Launcher" "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\WINDOWS\\fonts\\services.exe"="C:\\WINDOWS\\fonts\\services.exe:*:Enabled:services.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Sun 4 Oct 2009 130,048 ..SHR --- "C:\RECYCLER\S-1-5-21-9826840319-5964384078-201437739-7251\wnzip32.exe" Mon 14 Apr 2008 147,456 ...H. --- "C:\WINDOWS\Fonts\services.exe" Mon 14 Apr 2008 82,944 ..SHR --- "C:\WINDOWS\system32\amcompatn.exe" Tue 23 Jun 2009 74,752 A.SH. --- "C:\WINDOWS\system32\bakivige.dll" Tue 23 Jun 2009 74,752 A.SH. --- "C:\WINDOWS\system32\dafanole.dll" Tue 23 Jun 2009 74,752 A.SH. --- "C:\WINDOWS\system32\vobuturi.dll" Sat 12 Sep 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 21 Apr 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1323c87e2eec76b34ba4d9b0e0d63c4f\BIT6.tmp" Tue 21 Apr 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\166974d4093b41d0975989d1c3cca9d8\BIT3.tmp" Tue 21 Apr 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\421938b8b9b8130e7e74a658fab4698f\BIT4.tmp" Tue 21 Apr 2009 246,905 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6804c859de99bc243436dd6c0651e6db\BIT1.tmp" Tue 21 Apr 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c2523b7942c9235553e0dd131f835d73\BIT2.tmp" Tue 21 Apr 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e172504a0045634fd0f3ac30fae5863e\BIT7.tmp" [b]Finished![/b] [/log]jak pozbyć się tych robaków? Co robić w przyszłośći aby nie było robaków i trojanów, bo widzę ze zwykły anty wir nie działa ?
Gość komentarz 4 października 2009 komentarz 4 października 2009 Uruchom OTL i w oknie [b]Custom Scans/Fixes[/b] wklej następujący skrypt: [code] :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) DRV - [2009-10-04 15:31:56 | 00,078,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\3b2ce8dd.sys -- (3b2ce8dd [System | Stopped]) O4 - HKLM..\Run: [dfhaegeh] C:\Documents and Settings\Bartek\Ustawienia lokalne\Temp\dfhaegeh.exe () O4 - HKU\.DEFAULT..\Run: [restorer32_a] C:\WINDOWS\TEMP\VRT14.tmp File not found O4 - HKU\S-1-5-18..\Run: [restorer32_a] C:\WINDOWS\TEMP\VRT14.tmp File not found O4 - HKU\S-1-5-21-329068152-115176313-725345543-1003..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe () O4 - HKU\S-1-5-21-329068152-115176313-725345543-1003..\Run: [12CFG214-K641-24SF-N84P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe () O4 - HKLM..\RunOnce: [] File not found O4 - HKLM..\RunOnce: [GrpConv] C:\WINDOWS\System32\grpconv.exe (Microsoft Corporation) F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\S-1-5-21-329068152-115176313-725345543-1003 WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () F3 - HKU\S-1-5-21-329068152-115176313-725345543-1003 WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe () O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4807991907-5091787089-387432523-0530\wnzip32.exe) - C:\RECYCLER\S-1-5-21-4807991907-5091787089-387432523-0530\wnzip32.exe () @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 [2009-10-04 15:31:56 | 00,078,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\3b2ce8dd.sys [2009-10-04 15:16:04 | 00,062,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX [2009-10-04 15:15:29 | 00,195,706 | ---- | M] () -- C:\bxim.exe [2009-10-04 15:15:22 | 00,258,048 | ---- | M] (-) -- C:\8654,733.exe [2009-10-04 15:15:16 | 00,061,440 | ---- | M] (USA) -- C:\WINDOWS\System32\msxm192z.dll [2009-10-04 15:15:11 | 00,150,528 | ---- | M] (MainConcept CO,.@ FileDescription) -- C:\3806,661.exe [2009-10-04 15:15:09 | 00,130,048 | ---- | M] () -- C:\dgqosg.exe [2009-10-04 15:15:08 | 00,000,812 | ---- | M] () -- C:\7732,66.exe [2009-10-04 15:15:06 | 00,285,534 | ---- | M] () -- C:\qdgavjh.exe [2009-10-04 10:22:59 | 00,258,048 | ---- | M] (-) -- C:\9665,476.exe [2009-10-04 10:22:47 | 00,150,528 | ---- | M] (MainConcept CO,.@ FileDescription) -- C:\3173,574.exe [2009-10-04 10:22:44 | 00,000,812 | ---- | M] () -- C:\391,199.exe [2009-10-04 10:14:14 | 00,258,048 | ---- | M] (-) -- C:\6706,644.exe [2009-10-04 10:13:28 | 00,150,528 | ---- | M] (MainConcept CO,.@ FileDescription) -- C:\8588,308.exe [2009-10-04 10:13:01 | 00,000,812 | ---- | M] () -- C:\2373,316.exe [2009-10-04 09:25:15 | 00,311,808 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\bq72czwq.exe [2009-10-04 09:11:52 | 00,150,528 | ---- | M] (MainConcept CO,.@ FileDescription) -- C:\9753,163.exe [2009-10-04 09:11:50 | 00,000,812 | ---- | M] () -- C:\3767,053.exe [2009-10-04 08:59:33 | 00,192,951 | ---- | M] () -- C:\oauseukx.exe [2009-10-04 07:50:31 | 00,258,048 | ---- | M] (-) -- C:\5241,902.exe [2009-10-04 07:50:29 | 00,000,740 | ---- | M] () -- C:\4036,066.exe [2009-10-04 07:50:27 | 00,130,048 | ---- | M] () -- C:\pamunry.exe [2009-10-03 17:46:15 | 00,285,534 | ---- | M] () -- C:\mcdcffmk.exe [2009-10-03 03:04:58 | 00,000,740 | ---- | M] () -- C:\9119,837.exe [2009-10-02 06:38:08 | 00,000,740 | ---- | M] () -- C:\6101,19.exe [2009-10-01 15:56:52 | 00,000,740 | ---- | M] () -- C:\142,023.exe [2009-09-30 17:55:38 | 00,000,613 | --S- | M] () -- C:\WINDOWS\System32\1088390442.dat [2009-09-30 06:43:20 | 00,106,496 | ---- | M] () -- C:\9816,508.exe [2009-09-30 06:41:25 | 00,000,724 | ---- | M] () -- C:\5315,363.exe [2009-09-29 10:27:15 | 00,258,048 | ---- | M] (-) -- C:\8025,563.exe [2009-09-29 10:27:11 | 00,000,724 | ---- | M] () -- C:\8069,574.exe [2009-09-28 18:20:10 | 00,047,616 | ---- | M] () -- C:\2128,977.exe [2009-09-28 18:15:08 | 00,000,716 | ---- | M] () -- C:\3959,467.exe [2009-09-27 08:21:12 | 00,000,716 | ---- | M] () -- C:\1374,628.exe [2009-09-26 08:17:02 | 00,000,724 | ---- | M] () -- C:\6622,125.exe [2009-09-25 06:26:39 | 00,000,724 | ---- | M] () -- C:\6564,905.exe [2009-09-24 16:00:37 | 00,000,724 | ---- | M] () -- C:\7244,227.exe [2009-09-23 17:45:02 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\ziletupo [2009-09-23 17:44:54 | 00,074,752 | ---- | M] () -- C:\1996,073.exe [2009-09-23 17:44:29 | 00,000,724 | ---- | M] () -- C:\2730,677.exe [2009-09-22 16:35:49 | 00,000,724 | ---- | M] () -- C:\7918,665.exe [2009-09-21 06:49:24 | 00,000,744 | ---- | M] () -- C:\4579,126.exe [2009-09-18 15:52:52 | 00,046,592 | ---- | M] () -- C:\8326,944.exe [2009-09-18 15:47:21 | 00,000,744 | ---- | M] () -- C:\6076,166.exe [2009-09-17 15:50:20 | 00,046,592 | ---- | M] () -- C:\5338,511.exe [2009-09-17 15:49:42 | 00,000,744 | ---- | M] () -- C:\660,5166.exe [2009-09-16 17:45:49 | 00,046,592 | ---- | M] () -- C:\1474,833.exe [2009-09-16 17:37:32 | 00,000,712 | ---- | M] () -- C:\4006,616.exe [2009-09-15 17:27:05 | 00,046,592 | ---- | M] () -- C:\5055,337.exe [2009-09-15 17:02:17 | 00,151,040 | ---- | M] (MainConcept AG`FileDescription) -- C:\7661,794.exe [2009-09-15 17:02:14 | 00,000,868 | ---- | M] () -- C:\4027,368.exe [2009-09-14 16:56:12 | 00,046,592 | ---- | M] () -- C:\2573,19.exe [2009-09-14 16:54:07 | 00,151,040 | ---- | M] (MainConcept AG`FileDescription) -- C:\9931,996.exe [2009-09-14 16:54:03 | 00,000,868 | ---- | M] () -- C:\4869,959.exe [2009-09-13 09:33:57 | 00,046,592 | ---- | M] () -- C:\3030,344.exe [2009-09-13 09:28:24 | 00,151,040 | ---- | M] (MainConcept AG`FileDescription) -- C:\6633,657.exe [2009-09-13 09:28:21 | 00,000,868 | ---- | M] () -- C:\208,0935.exe [2009-09-12 08:53:46 | 00,046,592 | ---- | M] () -- C:\578,5614.exe [2009-09-12 08:52:59 | 00,151,040 | ---- | M] (MainConcept AG`FileDescription) -- C:\1285,756.exe [2009-09-12 08:52:58 | 00,000,868 | ---- | M] () -- C:\1384,851.exe [2009-09-11 23:35:21 | 00,046,592 | ---- | M] () -- C:\5091,348.exe [2009-09-11 21:31:24 | 00,000,868 | ---- | M] () -- C:\5042,688.exe [2009-09-10 17:59:44 | 00,000,716 | ---- | M] () -- C:\8091,395.exe [2009-09-09 15:52:24 | 00,152,064 | ---- | M] (MainConcept AG`FileDescription) -- C:\5031,789.exe [2009-09-09 15:52:20 | 00,000,716 | ---- | M] () -- C:\5042,994.exe [2009-09-08 16:10:45 | 00,152,064 | ---- | M] (MainConcept AG`FileDescription) -- C:\972,3407.exe [2009-09-08 16:10:44 | 00,000,860 | ---- | M] () -- C:\565,4543.exe [2009-09-07 16:22:51 | 00,180,736 | ---- | M] (MainConcept AG`FileDescription) -- C:\8840,23.exe [2009-09-07 16:22:47 | 00,000,492 | ---- | M] () -- C:\7610,59.exe [2009-09-06 18:16:58 | 00,000,492 | ---- | M] () -- C:\6495,478.exe [2009-10-04 15:16:08 | 00,078,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\3b2ce8dd.sys [2009-10-04 15:16:03 | 00,062,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX [2009-10-04 15:15:22 | 00,258,048 | ---- | C] (-) -- C:\8654,733.exe [2009-10-04 15:15:16 | 00,061,440 | ---- | C] (USA) -- C:\WINDOWS\System32\msxm192z.dll [2009-10-04 15:15:11 | 00,150,528 | ---- | C] (MainConcept CO,.@ FileDescription) -- C:\3806,661.exe [2009-10-04 15:15:08 | 00,000,812 | ---- | C] () -- C:\7732,66.exe [2009-10-04 10:22:59 | 00,258,048 | ---- | C] (-) -- C:\9665,476.exe [2009-10-04 10:22:47 | 00,150,528 | ---- | C] (MainConcept CO,.@ FileDescription) -- C:\3173,574.exe [2009-10-04 10:22:44 | 00,000,812 | ---- | C] () -- C:\391,199.exe [2009-10-04 10:14:14 | 00,258,048 | ---- | C] (-) -- C:\6706,644.exe [2009-10-04 10:13:28 | 00,150,528 | ---- | C] (MainConcept CO,.@ FileDescription) -- C:\8588,308.exe [2009-10-04 10:13:01 | 00,000,812 | ---- | C] () -- C:\2373,316.exe [2009-10-04 09:11:52 | 00,150,528 | ---- | C] (MainConcept CO,.@ FileDescription) -- C:\9753,163.exe [2009-10-04 09:11:50 | 00,000,812 | ---- | C] () -- C:\3767,053.exe [2009-10-04 07:50:31 | 00,258,048 | ---- | C] (-) -- C:\5241,902.exe [2009-10-04 07:50:29 | 00,000,740 | ---- | C] () -- C:\4036,066.exe [2009-10-03 17:43:25 | 00,195,706 | ---- | C] () -- C:\bxim.exe [2009-10-03 17:43:22 | 00,285,534 | ---- | C] () -- C:\qdgavjh.exe [2009-10-03 17:43:22 | 00,130,048 | ---- | C] () -- C:\dgqosg.exe [2009-10-03 17:42:16 | 00,130,048 | ---- | C] () -- C:\pamunry.exe [2009-10-03 17:42:02 | 00,192,951 | ---- | C] () -- C:\oauseukx.exe [2009-10-03 17:41:58 | 00,285,534 | ---- | C] () -- C:\mcdcffmk.exe [2009-10-03 03:04:58 | 00,000,740 | ---- | C] () -- C:\9119,837.exe [2009-10-02 06:38:08 | 00,000,740 | ---- | C] () -- C:\6101,19.exe [2009-10-01 15:56:52 | 00,000,740 | ---- | C] () -- C:\142,023.exe [2009-09-30 06:43:20 | 00,106,496 | ---- | C] () -- C:\9816,508.exe [2009-09-30 06:41:25 | 00,000,724 | ---- | C] () -- C:\5315,363.exe [2009-09-29 20:43:01 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2009-09-29 10:27:15 | 00,258,048 | ---- | C] (-) -- C:\8025,563.exe [2009-09-29 10:27:11 | 00,000,724 | ---- | C] () -- C:\8069,574.exe [2009-09-28 20:42:42 | 00,000,613 | --S- | C] () -- C:\WINDOWS\System32\1088390442.dat [2009-09-28 18:20:10 | 00,047,616 | ---- | C] () -- C:\2128,977.exe [2009-09-28 18:15:08 | 00,000,716 | ---- | C] () -- C:\3959,467.exe [2009-09-27 08:21:12 | 00,000,716 | ---- | C] () -- C:\1374,628.exe [2009-09-26 08:17:02 | 00,000,724 | ---- | C] () -- C:\6622,125.exe [2009-09-25 06:26:39 | 00,000,724 | ---- | C] () -- C:\6564,905.exe [2009-09-24 16:00:37 | 00,000,724 | ---- | C] () -- C:\7244,227.exe [2009-09-23 17:44:54 | 00,074,752 | ---- | C] () -- C:\1996,073.exe [2009-09-23 17:44:29 | 00,000,724 | ---- | C] () -- C:\2730,677.exe [2009-09-22 16:35:49 | 00,000,724 | ---- | C] () -- C:\7918,665.exe [2009-09-21 06:49:24 | 00,000,744 | ---- | C] () -- C:\4579,126.exe [2009-09-18 15:52:52 | 00,046,592 | ---- | C] () -- C:\8326,944.exe [2009-09-18 15:47:21 | 00,000,744 | ---- | C] () -- C:\6076,166.exe [2009-09-17 15:50:20 | 00,046,592 | ---- | C] () -- C:\5338,511.exe [2009-09-17 15:49:42 | 00,000,744 | ---- | C] () -- C:\660,5166.exe [2009-09-16 17:45:49 | 00,046,592 | ---- | C] () -- C:\1474,833.exe [2009-09-16 17:37:32 | 00,000,712 | ---- | C] () -- C:\4006,616.exe [2009-09-15 17:27:05 | 00,046,592 | ---- | C] () -- C:\5055,337.exe [2009-09-15 17:02:17 | 00,151,040 | ---- | C] (MainConcept AG`FileDescription) -- C:\7661,794.exe [2009-09-15 17:02:14 | 00,000,868 | ---- | C] () -- C:\4027,368.exe [2009-09-14 16:56:12 | 00,046,592 | ---- | C] () -- C:\2573,19.exe [2009-09-14 16:54:07 | 00,151,040 | ---- | C] (MainConcept AG`FileDescription) -- C:\9931,996.exe [2009-09-14 16:54:03 | 00,000,868 | ---- | C] () -- C:\4869,959.exe [2009-09-13 09:33:57 | 00,046,592 | ---- | C] () -- C:\3030,344.exe [2009-09-13 09:28:24 | 00,151,040 | ---- | C] (MainConcept AG`FileDescription) -- C:\6633,657.exe [2009-09-13 09:28:21 | 00,000,868 | ---- | C] () -- C:\208,0935.exe [2009-09-12 08:53:46 | 00,046,592 | ---- | C] () -- C:\578,5614.exe [2009-09-12 08:52:59 | 00,151,040 | ---- | C] (MainConcept AG`FileDescription) -- C:\1285,756.exe [2009-09-12 08:52:58 | 00,000,868 | ---- | C] () -- C:\1384,851.exe [2009-09-11 23:35:21 | 00,046,592 | ---- | C] () -- C:\5091,348.exe [2009-09-11 21:31:24 | 00,000,868 | ---- | C] () -- C:\5042,688.exe [2009-09-10 17:59:44 | 00,000,716 | ---- | C] () -- C:\8091,395.exe [2009-09-09 15:52:24 | 00,152,064 | ---- | C] (MainConcept AG`FileDescription) -- C:\5031,789.exe [2009-09-09 15:52:20 | 00,000,716 | ---- | C] () -- C:\5042,994.exe [2009-09-08 16:10:45 | 00,152,064 | ---- | C] (MainConcept AG`FileDescription) -- C:\972,3407.exe [2009-09-08 16:10:44 | 00,000,860 | ---- | C] () -- C:\565,4543.exe [2009-09-07 16:22:51 | 00,180,736 | ---- | C] (MainConcept AG`FileDescription) -- C:\8840,23.exe [2009-09-07 16:22:47 | 00,000,492 | ---- | C] () -- C:\7610,59.exe [2009-09-06 18:16:58 | 00,000,492 | ---- | C] () -- C:\6495,478.exe :Services 3b2ce8dd :Commands [emptytemp] [start explorer] [Reboot][/code] Kliknij w [b][color=red]Run Fix[/b][/color]. Zatwierdź restart komputera. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b][color=blue]Run Scan[/b][/color]. Pokazujesz nowy log OTL.txt (z czyszczenia + skan). .
Choroaz komentarz 4 października 2009 Autor komentarz 4 października 2009 zrobiłem wg wskazówek oto log: [log] OTL logfile created on: 2009-10-04 19:11:08 - Run 4 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Bartek\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,25 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 52,70% Memory free 2,98 Gb Paging File | 2,35 Gb Available in Paging File | 78,82% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 86,01 Gb Free Space | 88,07% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Unable to calculate disk information. Drive F: | 135,22 Gb Total Space | 115,73 Gb Free Space | 85,58% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: QWERTY-AB9229BC Current User Name: Bartek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-10-04 16:02:37 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2009-10-04 16:02:37 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2009-08-17 17:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-10-04 16:02:33 | 01,055,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-08-17 18:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-10-04 16:02:39 | 00,077,824 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe PRC - [2009-10-04 16:02:39 | 00,065,536 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brss01a.exe PRC - File not found -- C:\Program Files\Alwil Software\Avast4\setup\avast.set PRC - [2009-10-04 16:02:53 | 00,114,688 | ---- | M] (Sigma Designs Inc) -- C:\WINDOWS\System32\FastNetSrv.exe PRC - [2009-06-05 22:13:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2009-01-07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe PRC - [2009-01-21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe PRC - [2008-12-08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe PRC - [2009-10-04 16:03:54 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2008-04-14 22:51:52 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2009-08-17 18:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-08-17 18:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-08-17 18:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-06-05 22:13:51 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-09-11 19:10:39 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-09-01 12:23:50 | 00,534,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bartek\Moje dokumenty\Pobieranie\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-08-17 17:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009-10-04 16:02:37 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2009-10-04 16:02:37 | 00,598,016 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2009-08-17 18:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-08-17 18:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009-08-17 18:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - [2009-10-04 16:02:39 | 00,077,824 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running]) SRV - [2001-10-26 17:27:34 | 00,046,592 | ---- | M] (X-Ways Software Technology) -- C:\WINDOWS\System32\BtwSrv.dll -- (BtwSrv [Auto | Running]) SRV - File not found -- -- (DcomLaunchhelpsvc [Auto | Stopped]) SRV - [2009-10-04 16:02:53 | 00,114,688 | ---- | M] (Sigma Designs Inc) -- C:\WINDOWS\System32\FastNetSrv.exe -- (fastnetsrv [Auto | Running]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-04-14 22:50:34 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running]) SRV - [2009-06-05 22:13:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) SRV - [2009-04-20 20:38:00 | 00,000,000 | ---D | M] -- C:\WINDOWS\System32\MsDtc -- (MSDTC [On_Demand | Stopped]) SRV - [2009-10-04 16:02:11 | 00,712,704 | ---- | M] () -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2009-01-07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running]) SRV - [2009-01-21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running]) SRV - [2009-10-04 16:02:18 | 00,433,152 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) SRV - [2009-10-04 16:03:54 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-08-17 18:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2009-08-17 18:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-08-17 18:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-08-17 18:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-08-17 18:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-08-17 18:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - [2008-03-29 08:21:53 | 02,873,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2004-10-15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Running]) DRV - [2001-09-28 06:50:00 | 00,280,720 | R--- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmaudio.sys -- (cmpci [On_Demand | Running]) DRV - [2001-08-17 22:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Running]) DRV - [2008-04-14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2001-08-17 23:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running]) DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) DRV - [2004-06-03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running]) DRV - [2004-05-17 14:00:52 | 00,033,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped]) DRV - [2004-05-17 14:00:54 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2004-06-03 10:40:50 | 00,068,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvraid.sys -- (nvraid [Boot | Running]) DRV - [2004-04-02 15:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running]) DRV - [2009-07-11 12:19:58 | 00,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys -- (oreans32 [System | Running]) DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2009-04-03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running]) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2007-06-28 11:46:54 | 00,083,208 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716bus.sys -- (s716bus [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716mdfl.sys -- (s716mdfl [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,108,552 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716mdm.sys -- (s716mdm [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,100,360 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716mgmt.sys -- (s716mgmt [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,023,176 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716nd5.sys -- (s716nd5 [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,098,568 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716obex.sys -- (s716obex [On_Demand | Stopped]) DRV - [2007-06-28 11:46:55 | 00,098,952 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s716unic.sys -- (s716unic [On_Demand | Stopped]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-04-14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-19\s-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-20\s-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\s-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\s-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\s-1-5-21-329068152-115176313-725345543-1003\s-1-5-21-329068152-115176313-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-05 22:13:52 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-22 19:05:28 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-11 19:10:41 | 00,000,000 | ---D | M] [2009-04-21 21:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\mozilla\Extensions [2009-04-21 21:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-10-04 10:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\mozilla\Firefox\Profiles\vrrdhy9c.default\extensions [2009-04-21 21:28:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\mozilla\Firefox\Profiles\vrrdhy9c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-04-21 21:28:28 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Bartek\Dane aplikacji\Mozilla\FireFox\Profiles\vrrdhy9c.default\searchplugins\winamp-search.xml [2009-10-04 18:09:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-09-11 19:10:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-22 18:47:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009-06-05 22:14:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-09-11 19:10:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-09-11 19:10:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-06-05 22:13:51 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-09-11 19:10:40 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007-05-10 22:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-08-29 18:42:57 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-08-29 18:42:57 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-08-29 18:42:58 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-08-29 18:42:58 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-08-29 18:42:58 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-08-29 18:42:58 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-08-29 18:42:58 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Bartek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\s-1-5-21-329068152-115176313-725345543-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\s-1-5-21-329068152-115176313-725345543-1003..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\s-1-5-21-329068152-115176313-725345543-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Bartek\Moje dokumenty\Pobieranie\OTL.exe (OldTimer Tools) F3 - HKU\.default WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe File not found F3 - HKU\s-1-5-18 WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.default\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\s-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\s-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\s-1-5-19_classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\s-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\s-1-5-20_classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\s-1-5-21-329068152-115176313-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\s-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\s-1-5-21-329068152-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\s-1-5-21-329068152-115176313-725345543-1003_classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKU\s-1-5-21-329068152-115176313-725345543-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\s-1-5-21-329068152-115176313-725345543-1003 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4807991907-5091787089-387432523-0530\wnzip32.exe) - C:\RECYCLER\S-1-5-21-4807991907-5091787089-387432523-0530\wnzip32.exe File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-04-20 20:41:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-10-04 17:02:41 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe [2009-10-04 17:00:24 | 00,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009-10-04 16:57:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-10-04 16:53:30 | 00,000,000 | ---D | C] -- C:\SDFix [2009-10-04 15:40:47 | 00,078,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\3556b948.sys [2009-10-04 15:40:01 | 00,258,048 | ---- | C] (-) -- C:\6745,859.exe [2009-10-04 15:39:51 | 00,150,528 | ---- | C] (MainConcept CO,.@FileDescription) -- C:\1941,732.exe [2009-10-04 15:39:49 | 00,000,812 | ---- | C] () -- C:\2187,311.exe [2009-10-04 15:16:08 | 00,078,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\3b2ce8dd.sys [2009-10-04 15:15:03 | 00,416,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.cfexe [2009-10-04 15:14:55 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009-10-03 11:56:20 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\g.doc [2009-10-01 21:53:30 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\ang.doc [2009-10-01 17:54:49 | 01,436,906 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\MFD-instrukcja.pdf [2009-09-29 21:31:14 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Bartek\Pulpit\~$geo.doc [2009-09-29 20:43:31 | 00,828,888 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\World_map_of_countries_by_rate_of_unemployment.png [2009-09-29 20:24:09 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\geo.doc [2009-09-28 19:10:56 | 00,477,748 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\20090928109.jpg [2009-09-28 18:57:57 | 00,998,484 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\20090928107.jpg [2009-09-27 17:40:06 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\geografia.doc [2009-09-24 22:38:16 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\grA.doc [2009-09-23 17:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Pulpit\hist [2009-09-15 22:51:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Dane aplikacji\Thinstall [2009-09-15 22:48:57 | 54,245,019 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bartek\Pulpit\WORD 2003.exe [2009-09-13 20:11:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2009-09-13 16:06:26 | 00,235,887 | ---- | C] () -- C:\Documents and Settings\Bartek\Pulpit\Quantic - Apricot Morning.jpg [2009-09-13 15:37:44 | 00,000,000 | ---D | C] -- C:\ComboFix [2009-09-13 15:37:43 | 00,416,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29256.exe [2009-09-12 19:07:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009-09-12 19:00:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\cache [2009-09-12 18:30:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Dane aplikacji\PC Suite [2009-09-12 18:30:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-09-12 18:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Dane aplikacji\Nokia [2009-09-12 18:29:25 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX [2009-09-12 18:29:24 | 00,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2009-09-12 18:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2009-09-12 18:29:02 | 01,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll [2009-09-12 18:29:02 | 00,095,744 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2009-09-12 18:29:02 | 00,016,896 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2009-09-12 18:28:44 | 00,048,128 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll [2009-09-12 18:28:44 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia [2009-09-12 18:27:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-09-12 18:25:39 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2009-09-11 19:16:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bartek\Pulpit\tata [2009-07-11 12:19:58 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2009-06-23 17:44:58 | 00,074,752 | -HS- | C] () -- C:\WINDOWS\System32\vobuturi.dll [2009-06-23 17:44:58 | 00,074,752 | -HS- | C] () -- C:\WINDOWS\System32\dafanole.dll [2009-06-23 17:44:58 | 00,074,752 | -HS- | C] () -- C:\WINDOWS\System32\bakivige.dll [2009-05-11 18:34:05 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-05-11 18:34:04 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-04-23 06:28:05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-04-22 17:33:26 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009-04-22 17:33:26 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009-04-22 17:33:26 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009-04-22 17:30:09 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009-04-21 20:53:11 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2009-04-20 21:08:55 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004-08-04 00:44:28 | 00,048,585 | ---- | C] () -- C:\WINDOWS\System32\1031i.sys [2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-03-04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001-10-26 17:27:34 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys [2001-07-21 22:16:20 | 00,000,804 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 22:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-10-04 19:11:49 | 00,078,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\3556b948.sys [2009-10-04 19:11:48 | 00,078,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\3b2ce8dd.sys [2009-10-04 19:06:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-04 17:02:46 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009-10-04 17:00:24 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009-10-04 16:55:28 | 03,763,682 | -H-- | M] () -- C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-10-04 16:03:54 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe [2009-10-04 16:03:52 | 00,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssvc.exe [2009-10-04 16:03:51 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe [2009-10-04 16:03:50 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe [2009-10-04 16:03:49 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsvr.exe [2009-10-04 16:03:48 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [2009-10-04 16:03:47 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe [2009-10-04 16:03:46 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogsvc.exe [2009-10-04 16:03:44 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe [2009-10-04 16:03:43 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe [2009-10-04 16:03:42 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsvp.exe [2009-10-04 16:03:42 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe [2009-10-04 16:03:41 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe [2009-10-04 16:03:37 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntsd.exe [2009-10-04 16:03:35 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe [2009-10-04 16:03:01 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe [2009-10-04 16:02:59 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe [2009-10-04 16:02:56 | 00,517,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonui.exe [2009-10-04 16:02:56 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe [2009-10-04 16:02:54 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi.exe [2009-10-04 16:02:54 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2009-10-04 16:02:53 | 00,114,688 | ---- | M] (Sigma Designs Inc) -- C:\WINDOWS\System32\FastNetSrv.exe [2009-10-04 16:02:41 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe [2009-10-04 16:02:39 | 00,077,824 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe [2009-10-04 16:02:39 | 00,065,536 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brss01a.exe [2009-10-04 16:02:37 | 00,598,016 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe [2009-10-04 16:02:37 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.exe [2009-10-04 16:02:36 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe [2009-10-04 16:02:33 | 01,055,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2009-10-04 15:40:01 | 00,258,048 | ---- | M] (-) -- C:\6745,859.exe [2009-10-04 15:39:51 | 00,150,528 | ---- | M] (MainConcept CO,.@FileDescription) -- C:\1941,732.exe [2009-10-04 15:39:49 | 00,000,812 | ---- | M] () -- C:\2187,311.exe [2009-10-04 15:15:03 | 00,416,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.cfexe [2009-10-04 10:33:41 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-04 07:50:11 | 00,361,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS [2009-10-04 07:50:11 | 00,361,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS [2009-10-03 11:56:20 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\g.doc [2009-10-01 21:53:31 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\ang.doc [2009-10-01 17:54:49 | 01,436,906 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\MFD-instrukcja.pdf [2009-09-29 22:07:09 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\geo.doc [2009-09-29 21:31:14 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Bartek\Pulpit\~$geo.doc [2009-09-29 20:44:14 | 00,828,888 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\World_map_of_countries_by_rate_of_unemployment.png [2009-09-29 20:43:45 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\Eksplorator Windows.lnk [2009-09-28 18:14:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-28 17:04:46 | 00,477,748 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\20090928109.jpg [2009-09-28 16:51:22 | 00,998,484 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\20090928107.jpg [2009-09-27 17:40:06 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\geografia.doc [2009-09-25 06:51:36 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\grA.doc [2009-09-13 20:17:58 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-09-13 16:06:27 | 00,235,887 | ---- | M] () -- C:\Documents and Settings\Bartek\Pulpit\Quantic - Apricot Morning.jpg [2009-09-13 15:37:43 | 00,416,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29256.exe [color=#E56717]========== LOP Check ==========[/color] [2009-10-01 18:45:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-04-22 17:29:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Brother [2009-09-12 18:27:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-09-12 18:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-04-22 17:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft [2009-10-04 19:07:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-09-15 22:51:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji [2009-05-06 18:41:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Ahead [2009-08-31 07:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\ArcaMicroScan [2009-09-23 17:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\BESTplayer [2009-08-31 07:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Broad Intelligence [2009-05-19 19:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Dev-Cpp [2009-09-12 18:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Nokia [2009-08-29 21:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Nowe Gadu-Gadu [2009-05-21 22:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\OpenFM [2009-09-12 18:30:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\PC Suite [2009-08-31 09:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Simply Super Software [2009-07-01 14:00:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\teamspeak2 [2009-08-30 10:59:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Teleca [2009-09-15 22:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Thinstall [2009-04-24 18:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bartek\Dane aplikacji\Tibia [2009-04-20 22:26:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-09-12 18:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2009-04-20 20:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2001-07-21 22:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-04-20 21:11:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report > [/log]
Gość komentarz 4 października 2009 komentarz 4 października 2009 Odpal OTL i wywołaj go z opcji [b]CleanUp[/b], zgódź się na czyszczenie + restart komputera. Potem ściągnij [url=http://www.forumpc.pl/index.php?showtopic=120614&st=0&p=837303&fromsearch=1&#entry837303][b][color=blue][u]ComboFixa[/url][/b][/color][/u], odrazu po ściągnięciu zapisz go pod nazwą: [b]123.com[/b] i uruchom. Spróbuj też tak w Trybie Awaryjnym. .
Choroaz komentarz 4 października 2009 Autor komentarz 4 października 2009 i normalnie i w trybie awaryjnym pokazuje się błąd i komunikat "c:\Documets.....123.com nie jest prawidłową aplikacją systemu Win32"
Gość komentarz 5 października 2009 komentarz 5 października 2009 Użyj [url=http://www.hotfix.pl/articles.php?article_id=69][b][color=blue][u]SmitFraudFix[/url][/b][/color][/u] z opcji "[b][size="3"]2[/b][/size]". Wklej raport potem na Forum. .
Choroaz komentarz 5 października 2009 Autor komentarz 5 października 2009 plik po scignięciu najpierw znikał z forderu, a później jak już jest widoczny to jest nieaktywny nie da się go rozpakować skopiować nic.
Gość komentarz 5 października 2009 komentarz 5 października 2009 Użyj programu [url="http://www.forumpc.pl/index.php?showtopic=107753&st=0&p=752434&#entry752434"][b][color="blue"][u]Malwarebytes[/url][/b][/color][/u]. Wciskamy [b]Skanuj[/b], wybieramy dyski do skanowania i [b]Rozpoczynamy skanowanie[/b], na końcu wciskamy [b]Usuń zaznaczone[/b] jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
Choroaz komentarz 8 października 2009 Autor komentarz 8 października 2009 c:\Documets..... mbam-seput.exe nie jest prawidłową aplikacją systemu Win32"
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.