x-kom hosting

Powracające trojany.

pelen
utworzono
utworzono

Witam, jakiś czas temu po uruchomieniu laptopa (Asus K50AB) działał on na maksymalnym chłodzeniu przez cały czas. Przeskanowałem komputer Malwarebytsem i po usunięciu trojanów problem zniknął. Jednak dzisiaj znowu chłodzenie działa " fulla". Ponownie przeskanowałem system i skasowałem zainfekowane pliki. boję się jednak, że problem ponownie się pojawi i chciałbym jakoś temu zaradzić. Czy jest możliwość by np. antywirus (norton) nie przepuszczał w przyszłości tych plików?

Oto log:


[quote]Malwarebytes' Anti-Malware 1.40
Wersja bazy definicji: 2679
Windows 6.0.6002 Service Pack 2

2009-10-06 20:51:24
mbam-log-2009-10-06 (20-51-24).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|F:\|)
Przeskanowane obiekty: 49421
Upłynęło: 19 minute(s), 11 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 3
Zainfekowane wartości rejestru: 1
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 2

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\TypeLib\{67450775-3b18-49b1-aa83-0e010f07f4df} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69b3ebfa-0015-4914-9312-e7758eacfac1} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30de9920-2e84-40a2-88a5-b8d256e15101} (Trojan.Dropper) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\xxx\Desktop\Counter-Strike 1.6\cstrike\SSWv5.21.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
[/quote]



Ps. to ostatnie to nie wirus, tylko hack do Cs'a ;) nie żebym używał :D
ten SharedDLLs to też raczej nic groźnego

Psycholandia
komentarz
komentarz

Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338

pelen
komentarz
komentarz (edytowane)

[log] OTL logfile created on: 2009-10-06 22:11:14 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Users\xxx\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 88,83% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,54 Gb Total Space | 70,53 Gb Free Space | 50,91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 94,34 Gb Total Space | 27,81 Gb Free Space | 29,47% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX-PC
Current User Name: xxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-03-19 04:14:06 | 00,733,184 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2009-04-11 08:27:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AUDIODG.EXE
PRC - [2008-12-09 15:01:10 | 00,424,504 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\smartlogon.exe
PRC - [2008-08-14 05:59:52 | 00,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2007-08-08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2009-04-11 08:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009-03-19 04:14:06 | 00,733,184 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008-01-21 04:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008-08-18 19:56:22 | 00,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2008-09-03 02:11:04 | 08,105,984 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009-04-21 13:18:30 | 00,540,576 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2009-02-06 16:13:16 | 01,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
PRC - [2008-11-26 19:54:00 | 00,211,512 | ---- | M] (ATK) -- C:\Program files\P4G\BatteryLife.exe
PRC - [2008-08-19 10:34:04 | 00,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008-09-30 23:02:48 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2009-07-23 13:42:41 | 03,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008-12-09 15:00:58 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2007-11-30 11:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2008-12-18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009-08-28 16:18:38 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008-08-18 20:27:32 | 00,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009-03-21 05:37:18 | 00,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2005-07-06 15:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
PRC - [2008-08-14 01:21:56 | 02,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008-08-14 06:00:08 | 00,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008-12-23 02:15:34 | 00,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008-12-18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008-10-15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007-08-03 12:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2009-04-07 10:04:36 | 00,070,880 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
PRC - [2009-04-07 10:02:10 | 03,405,048 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
PRC - [2008-01-21 04:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008-01-21 04:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009-04-11 08:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009-08-28 13:13:02 | 00,832,808 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008-02-09 19:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009-04-11 08:28:15 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009-10-06 22:09:56 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2009-04-11 08:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-09-12 19:10:01 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008-08-14 05:59:52 | 00,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService [Auto | Running])
SRV - [2009-03-19 04:14:06 | 00,733,184 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2007-08-08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv [Auto | Running])
SRV - [2008-02-09 19:06:00 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2009-03-30 06:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007-08-22 03:21:00 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2009-04-11 08:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009-02-18 20:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009-02-18 20:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-09-05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2009-02-18 20:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-08-03 12:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr [Auto | Running])
SRV - [2009-04-07 10:04:36 | 00,070,880 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service [Auto | Running])
SRV - [2009-07-23 13:48:20 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2008-01-21 04:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008-01-21 04:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2008-01-21 04:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008-01-21 04:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008-01-21 04:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008-01-21 04:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008-01-21 04:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2009-03-19 05:06:28 | 04,386,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atipmdag.sys -- (amdkmdag [On_Demand | Running])
DRV - [2009-03-19 03:33:14 | 00,093,184 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\DRIVERS\atikmpag.sys -- (amdkmdap [On_Demand | Running])
DRV - [2008-01-21 04:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008-01-21 04:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007-07-24 20:09:04 | 00,013,880 | ---- | M] () -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP [Auto | Running])
DRV - [2008-12-20 00:01:46 | 01,093,120 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\DRIVERS\athr.sys -- (athr [On_Demand | Running])
DRV - [2008-04-28 15:26:42 | 00,014,352 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV - [2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008-01-21 04:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008-07-30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV - [2007-08-08 19:39:00 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
DRV - [2008-04-07 08:00:46 | 00,006,656 | ---- | M] (Generic) -- C:\Windows\System32\DRIVERS\CRFILTER.sys -- (CRFILTER [On_Demand | Stopped])
DRV - [2008-01-21 04:32:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2009-08-26 10:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008-01-21 04:32:48 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009-08-26 10:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009-04-21 12:43:26 | 00,090,112 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Windows\System32\DRIVERS\ETD.sys -- (ETD [On_Demand | Running])
DRV - [2007-08-03 14:26:22 | 00,020,936 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio [Auto | Running])
DRV - [2008-01-21 04:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008-01-21 04:32:49 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2009-06-25 01:37:16 | 00,272,432 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090923.001\IDSvix86.sys -- (IDSvix86 [System | Running])
DRV - [2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008-11-03 09:03:28 | 00,013,880 | ---- | M] ( ) -- C:\Windows\System32\DRIVERS\kbfiltr.sys -- (kbfiltr [On_Demand | Running])
DRV - [2008-01-21 04:32:49 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008-01-21 04:32:51 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008-01-21 04:32:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008-01-21 04:32:53 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008-01-21 04:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008-12-24 10:39:44 | 00,014,392 | ---- | M] (ATK0100) -- C:\Windows\System32\DRIVERS\ATKACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009-08-25 10:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091006.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009-08-25 10:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091006.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008-01-21 04:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008-01-21 04:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008-01-21 04:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008-11-27 13:16:48 | 00,135,680 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008-01-21 04:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006-11-02 09:41:49 | 01,010,560 | ---- | M] (Motorola Inc.) -- C:\Windows\System32\DRIVERS\smserial.sys -- (smserial [On_Demand | Stopped])
DRV - [2008-08-11 04:14:12 | 01,752,704 | ---- | M] () -- C:\Windows\System32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
DRV - [2009-03-17 12:56:58 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2009-07-29 15:36:04 | 00,716,272 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-04-01 14:12:48 | 00,233,128 | ---- | M] () -- C:\Windows\System32\drivers\srs_PremiumSound_i386.sys -- (SRS_PremiumSound_Service [On_Demand | Running])
DRV - [2008-01-31 20:51:00 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2008-01-31 20:51:00 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2008-01-31 20:51:00 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2009-02-19 13:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009-07-23 19:11:28 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009-02-19 13:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009-02-19 13:31:42 | 00,024,112 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV - [2009-02-19 13:31:18 | 00,041,008 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Running])
DRV - [2009-02-19 13:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2009-02-19 13:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008-01-21 04:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008-01-21 04:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008-05-28 17:54:20 | 00,022,072 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\DRIVERS\usbfilter.sys -- (usbfilter [On_Demand | Running])
DRV - [2009-04-28 05:16:10 | 01,019,392 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService [On_Demand | Running])
DRV - [2008-01-21 04:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008-01-21 04:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006-11-02 09:30:56 | 00,194,048 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Stopped])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000\S-1-5-21-1523378975-3342310526-1749024312-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-07-24 16:34:59 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O4 - HKU\S-1-5-21-1523378975-3342310526-1749024312-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-09-10 22:32:24 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009-10-04 19:05:16 | 00,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\PeerNetworking
[1 C:\Users\xxx\AppData\Local\*.tmp files]
[1 C:\Users\xxx\AppData\Local\*.tmp files]
[2009-09-12 19:10:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2009-09-25 19:55:33 | 00,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2009-09-25 19:51:41 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009-09-13 13:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009-09-25 19:54:39 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009-09-25 19:54:42 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009-10-06 22:09:55 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2009-10-04 22:46:31 | 00,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Counter-Strike 1.6
[2009-10-04 18:48:30 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009-09-25 19:55:14 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2009-09-25 19:55:12 | 00,000,000 | ---D | C] -- C:\Users\xxx\Documents\Image-Line
[2009-09-12 19:11:25 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2009-09-12 19:08:37 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2009-09-10 22:32:06 | 00,000,000 | R--D | C] -- C:\Users\xxx\Desktop\Gry
[2009-09-10 18:17:13 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009-09-10 18:17:11 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009-09-10 00:29:24 | 00,904,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009-09-10 00:29:23 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009-09-10 00:29:22 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009-09-10 00:29:22 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009-09-10 00:29:22 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009-09-10 00:29:22 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009-09-10 00:29:22 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009-09-10 00:29:22 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009-09-10 00:29:22 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009-09-10 00:29:22 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009-09-10 00:29:21 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009-09-10 00:28:54 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009-09-10 00:28:53 | 00,513,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009-09-10 00:28:53 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009-09-10 00:28:53 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009-09-10 00:28:53 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009-09-10 00:28:49 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009-09-10 00:27:47 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009-09-10 00:27:46 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009-07-23 22:15:09 | 00,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\Users\xxx\AppData\Local\*.tmp files]
[2009-10-06 22:12:56 | 01,468,980 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-10-06 22:12:56 | 00,662,056 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2009-10-06 22:12:56 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-10-06 22:12:56 | 00,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2009-10-06 22:12:56 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-10-06 22:09:56 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2009-10-06 22:07:52 | 00,002,467 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2009-10-06 22:07:41 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009-10-06 22:07:41 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009-10-06 22:07:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-10-06 22:07:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-10-06 22:06:23 | 02,005,132 | -H-- | M] () -- C:\Users\xxx\AppData\Local\IconCache.db
[2009-10-06 20:59:44 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2009-10-05 20:01:53 | 00,000,542 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - xxx.job
[2009-10-05 15:58:23 | 00,002,379 | ---- | M] () -- C:\Users\xxx\Desktop\Skype.lnk
[2009-10-04 19:05:17 | 00,024,206 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\UserTile.png
[2009-10-01 21:06:57 | 00,001,210 | ---- | M] () -- C:\Users\xxx\Desktop\Music.lnk
[2009-10-01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009-09-24 20:09:31 | 00,050,688 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-12 19:08:37 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2009-09-08 00:19:17 | 00,656,018 | ---- | M] () -- C:\Users\xxx\Documents\Untitled-2.psd

[color=#E56717]========== Files - No Company Name ==========[/color]
[2009-10-04 19:05:17 | 00,024,206 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\UserTile.png
[2009-09-30 20:30:14 | 00,001,210 | ---- | C] () -- C:\Users\xxx\Desktop\Music.lnk
[2009-09-10 00:28:53 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009-08-06 12:18:44 | 00,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009-07-30 13:56:58 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-07-30 13:56:57 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009-07-30 13:56:55 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-07-30 13:56:55 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-07-30 13:56:54 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009-07-30 13:56:51 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-07-30 13:56:51 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009-07-29 15:36:04 | 00,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009-07-24 17:09:13 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-07-23 20:23:28 | 00,050,688 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-23 13:53:46 | 02,005,132 | -H-- | C] () -- C:\Users\xxx\AppData\Local\IconCache.db
[2009-07-23 13:36:02 | 00,233,128 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2009-07-23 13:29:18 | 01,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009-07-23 13:29:18 | 00,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009-07-23 13:10:59 | 00,048,600 | ---- | C] () -- C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-07-23 13:10:57 | 00,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2009-03-19 04:16:10 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-04-17 22:06:52 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008-04-07 08:00:46 | 00,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll
[2006-11-02 14:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006-11-02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 12:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002-03-21 15:39:02 | 00,073,728 | R--- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2002-03-21 13:51:52 | 00,503,808 | R--- | C] () -- C:\Windows\System32\lt_xtrans.dll
[2002-03-21 13:51:52 | 00,286,720 | R--- | C] () -- C:\Windows\System32\MrSIDD.dll
[2002-03-21 13:51:52 | 00,163,840 | R--- | C] () -- C:\Windows\System32\lt_common.dll
[2002-03-21 13:51:52 | 00,126,976 | R--- | C] () -- C:\Windows\System32\lt_trans.dll
[2002-03-21 13:51:52 | 00,069,632 | R--- | C] () -- C:\Windows\System32\lt_meta.dll
[2002-03-21 13:51:52 | 00,053,248 | R--- | C] () -- C:\Windows\System32\lt_encrypt.dll
[2002-03-21 13:51:52 | 00,020,480 | R--- | C] () -- C:\Windows\System32\lt_messagetext.dll
[2002-03-20 22:01:06 | 00,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys
[2002-03-20 22:00:20 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll
[2002-03-20 22:00:20 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll
[2002-03-20 22:00:20 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll
[2002-03-20 22:00:20 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll

[color=#E56717]========== LOP Check ==========[/color]

[2006-11-02 13:18:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006-11-02 13:18:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2009-10-04 19:05:17 | 00,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming
[2009-08-09 16:36:05 | 00,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ACD Systems
[2009-07-23 13:56:22 | 00,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ATI
[2009-07-23 21:23:25 | 00,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Gadu-Gadu
[2009-07-23 20:05:40 | 00,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2009-10-04 19:05:16 | 00,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PeerNetworking
[2009-07-23 20:22:42 | 00,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thinstall
[2009-10-05 20:01:53 | 00,000,542 | ---- | M] () -- C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - xxx.job
[2009-10-06 22:07:40 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009-10-06 22:06:33 | 00,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:302A9871
< End of report >
[/log]

Tk przy okazji, sprawdziłem EVERESTEM temperature procka i wynosi ona:

Procesor 72 °C (162 °F)
Procesor nr 1 / rdzeń nr 1 78 °C (172 °F)
Procesor nr 1 / rdzeń nr 2 78 °C (172 °F)
Hitachi HTS543225L9A300 42 °C (108 °F)

Wentylatory
Procesor 1100 RPM

Czy jest to norma? Czytałem że górna granica to 70°C, pomiar robiony był w spoczynku.

Psycholandia
komentarz
komentarz

Gdzie pokazuje wirusa?
Wykonaj: http://support.microsoft.com/kb/310405/pl
Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.