Avast wykrył rootkita

Dla specjalistów Bezpieczeństwo
#1

Witam.

Zrobiłem formata komputera, po zainstalowaniu wszystkich sterowników i tak dalej. Zainstalowałę Avasta i gdzię piętnascie minut po instalacji dostałem informacje że w systemie został wykryty rottkit. Informacja ta zawsze pojawia się gdzieś 15-20min po uruchomieniu komputera. Plik C:\Windows\system32\drivers\ Tutaj nie wiem co jest napisane gdyż był 3kropek, a przesunąć dale się nie dało aby przeczytać co jest napisane. Wiem że takie tematy już były troche ,ale wolałem założyć wlasny gdyż zauważyłem że zawsze było mówione aby użyj jakiegoś tam programu ale dopiero jak ktoś ci tak powie.

#2

Pobierz OTL >> http://www.dobreprogramy.pl/OTL,Program … 19450.html

ustaw go tak jak na tym obrazku >> f05aeb09bac25816m.jpg

W białe okno poniżej wklej to:

kliknij skanuj podaj log wklejając je osobno na wklej.org

#3

Wybaczcie że tak długo ale musiałem coś zrobić.

Zrobiłem co mówiłeś tyle tyle że to tak długie jest że nie starczy liter.

#4

aale nawet na stronie wklej.org albo wklej.to albo wklejto.pl ??

#5

ja tylko na wklej.org

O dopiero zobaczyłem ze po skanowaniu dwa pliki wyskoczyły

OTL i Extras

#6

wyślij link na to http://www.sendspace.pl/

#7

pisze

Podany plik nie istnieje lub został usunięty.

spróbuj jeszcze raz albo może znajdź inny

#8

http://www.sendspace.pl/file/0f993c473b1c7eac889ca57

#9

w otl wykonaj taki skrypt/:

#10

to też na krótkie nie wygląda

#11

ale i tak wykonaj :smiley:

#12

a na sendspace to mam ci wysłać plik ten co wyszedł z notatnika czy to co wyszło po wklejeniu

#13

zrób nowego loga i podaj

#14

Albo ja robię coś żle lub nie wiem bo to takie długie jest że hoho

Było by fjnie jakbyś w punktach dokładnie mi opisał co mam zrobic bo ja mówię takie długie to jest że chej., a jeśli chodzi o komputery to jak już pewnie zauważyłeś jestem gorzej niż zielony.

Tam wiem już napewno tracisz cierpliwość do mnie

#15

włącz w opcjach skanowania 1 dzień

#16

Nie ma różnicy ciągle jest takie długie że nie można tego tu wkleić

#17

to postaraj się wysłać loga wczęściach :stuck_out_tongue:

#18

OTL logfile created on: 2011-02-22 21:13:17 - Run 5

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Spersen\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

478,00 Mb Total Physical Memory | 175,00 Mb Available Physical Memory | 37,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29,29 Gb Total Space | 20,15 Gb Free Space | 68,78% Space Free | Partition Type: NTFS

Drive D: | 203,58 Gb Total Space | 201,04 Gb Free Space | 98,75% Space Free | Partition Type: NTFS

Computer Name: DAWID-6D9BEEEC7 | User Name: Spersen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

========== Processes (SafeList) ==========

PRC - [2011-02-22 18:19:01 | 000,577,024 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Spersen\Pulpit\OTL_3.2.21(dobreprogramy.pl).exe

PRC - [2011-02-21 18:27:17 | 000,943,472 | ---- | M] (Opera Software) – C:\Program Files\Opera\opera.exe

PRC - [2011-01-13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) – D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2006-02-17 10:39:02 | 000,139,264 | ---- | M] () – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

PRC - [2006-02-17 10:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

PRC - [2006-02-17 10:35:42 | 000,061,503 | ---- | M] (NVIDIA) – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

PRC - [2006-02-17 10:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

PRC - [2005-09-07 15:35:36 | 000,716,800 | ---- | M] (Analog Devices, Inc.) – C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

PRC - [2005-05-20 02:11:06 | 000,925,696 | R— | M] (Analog Devices, Inc.) – C:\Program Files\Analog Devices\Core\smax4pnp.exe

========== Modules (SafeList) ==========

MOD - [2011-02-22 18:19:01 | 000,577,024 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Spersen\Pulpit\OTL_3.2.21(dobreprogramy.pl).exe

MOD - [2011-01-13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] – -- (HidServ)

SRV - File not found [On_Demand | Stopped] – -- (AppMgmt)

SRV - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)

SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] – D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe – (StarWindServiceAE)

SRV - [2006-02-17 10:39:02 | 000,139,264 | ---- | M] () [Auto | Running] – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe – (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2006-02-17 10:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe – (nSvcIp)

SRV - [2006-02-17 10:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe – (nSvcLog)

SRV - [2006-02-17 10:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe – (ForcewareWebInterface)

========== Driver Services (SafeList) ==========

DRV - [2011-02-21 18:29:18 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\sptd.sys – (sptd)

DRV - [2011-01-13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP)

DRV - [2011-01-13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi)

DRV - [2011-01-13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2)

DRV - [2011-01-13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr)

DRV - [2011-01-13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4)

DRV - [2011-01-13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswFsBlk.sys – (aswFsBlk)

DRV - [2008-04-13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\gameenum.sys – (gameenum)

DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)

DRV - [2006-02-17 03:28:32 | 000,013,056 | R— | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nvnetbus.sys – (nvnetbus)

DRV - [2006-02-17 03:28:30 | 000,034,176 | R— | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\NVENETFD.sys – (NVENETFD)

DRV - [2006-01-27 07:04:16 | 000,099,584 | R— | M] (NVIDIA Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\nvata.sys – (nvata)

DRV - [2006-01-24 11:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)

DRV - [2005-10-05 10:21:10 | 000,141,312 | R— | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ADIHdAud.sys – (ADIHdAudAddService)

DRV - [2005-08-11 06:49:28 | 000,393,088 | R— | M] (Sensaura) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\senfilt.sys – (SenFiltService)

DRV - [2005-03-09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\AmdK8.sys – (AmdK8)

DRV - [2004-10-27 15:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Hdaudio.sys – (HdAudAddService)

DRV - [2004-08-13 03:56:20 | 000,005,810 | R— | M] () [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ASACPI.sys – (MTsensor)

DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\msmpu401.sys – (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-1960408961-1326574676-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-1960408961-1326574676-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM…\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM…\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)

O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM…\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM…\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKU\S-1-5-21-1960408961-1326574676-839522115-1004…\Run: [AlcoholAutomount] D:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-1960408961-1326574676-839522115-1004…\Run: [ares] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1960408961-1326574676-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.139.8.7 88.156.63.9 88.156.96.61

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011-02-21 17:59:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 1 Day ==========

[2011-02-22 18:19:00 | 000,577,024 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Spersen\Pulpit\OTL_3.2.21(dobreprogramy.pl).exe

[2011-02-22 18:15:13 | 000,000,000 | —D | C] – C:_OTL

[2011-02-22 17:52:20 | 000,000,000 | -HSD | C] – C:\Config.Msi

[2011-02-22 17:08:30 | 000,000,000 | —D | C] – C:\Documents and Settings\Spersen\Ustawienia lokalne\Dane aplikacji\Adobe

[2011-02-22 17:07:47 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Adobe

[2011-02-22 15:01:20 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Z8Games

[2011-02-22 14:54:15 | 002,871,968 | ---- | C] (Adobe Systems, Inc.) – C:\Documents and Settings\Spersen\Pulpit\install_flash_player_ax.exe

[2011-02-22 14:48:30 | 000,953,856 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mfc40u.dll

[2011-02-22 14:48:29 | 000,974,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mfc42.dll

[2011-02-22 14:48:17 | 000,617,472 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\comctl32.dll

[2011-02-22 14:47:54 | 000,040,960 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ndproxy.sys

[2011-02-22 14:46:08 | 000,045,568 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wab.exe

[2011-02-22 13:25:07 | 523,409,669 | ---- | C] (Z8Games.com ) – C:\Documents and Settings\All Users\Pulpit\CrossFire_Setup_v1058.exe

[2011-02-22 01:14:47 | 001,616,330 | ---- | C] (Oleg N. Scherbakov) – C:\Documents and Settings\Spersen\Pulpit\crossfire_downloader.exe

[2011-02-21 23:35:44 | 000,000,000 | —D | C] – C:\Documents and Settings\Spersen\Dane aplikacji\Gadu-Gadu 10

[2011-02-21 23:35:22 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2011-02-21 23:33:29 | 000,000,000 | —D | C] – C:\WINDOWS\Prefetch

[2011-02-21 23:00:04 | 000,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstall$

[2011-02-21 21:17:29 | 000,000,000 | —D | C] – C:\WINDOWS\System32\pl

[2011-02-21 21:17:29 | 000,000,000 | —D | C] – C:\WINDOWS\l2schemas

[2011-02-21 21:17:29 | 000,000,000 | —D | C] – C:\WINDOWS\System32\bits

[2011-02-21 21:15:03 | 000,000,000 | —D | C] – C:\WINDOWS\network diagnostic

[2011-02-21 21:14:06 | 000,221,184 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmpns.dll

[2011-02-21 21:14:06 | 000,098,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmpband.dll

[2011-02-21 21:14:05 | 004,886,528 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmp.dll

[2011-02-21 21:14:05 | 001,119,744 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wmsdmoe2.dll

[2011-02-21 21:14:05 | 001,119,744 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmsdmoe2.dll

[2011-02-21 21:14:05 | 001,001,472 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wmvdmoe2.dll

[2011-02-21 21:14:05 | 001,001,472 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmvdmoe2.dll

[2011-02-21 21:14:05 | 000,897,024 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wmspdmoe.dll

[2011-02-21 21:14:05 | 000,897,024 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmspdmoe.dll

[2011-02-21 21:14:05 | 000,786,432 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\migrate.exe

[2011-02-21 21:14:05 | 000,485,376 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wmspdmod.dll

[2011-02-21 21:14:05 | 000,485,376 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmspdmod.dll

[2011-02-21 21:14:05 | 000,384,512 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\mp4sdmod.dll

[2011-02-21 21:14:05 | 000,384,512 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mp4sdmod.dll

[2011-02-21 21:14:05 | 000,368,640 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mpvis.dll

[2011-02-21 21:14:05 | 000,310,272 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\mp43dmod.dll

[2011-02-21 21:14:05 | 000,310,272 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mp43dmod.dll

[2011-02-21 21:14:05 | 000,233,472 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmpdxm.dll

[2011-02-21 21:14:05 | 000,190,976 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wmerror.dll

[2011-02-21 21:14:05 | 000,190,976 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmerror.dll

[2011-02-21 21:14:05 | 000,151,552 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wmidx.dll

[2011-02-21 21:14:05 | 000,151,552 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmidx.dll

[2011-02-21 21:14:05 | 000,114,688 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wmpasf.dll

[2011-02-21 21:14:05 | 000,114,688 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmpasf.dll

[2011-02-21 21:14:05 | 000,052,736 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mspmsnsv.dll

[2011-02-21 21:14:05 | 000,033,792 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\custsat.dll

[2011-02-21 21:14:04 | 000,848,384 | ---- | C] (Intel Corporation) – C:\WINDOWS\System32\ir41_32.ax

[2011-02-21 21:14:04 | 000,755,200 | ---- | C] (Intel Corporation) – C:\WINDOWS\System32\ir50_32.dll

[2011-02-21 21:14:04 | 000,380,928 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\irprops.cpl

[2011-02-21 21:14:04 | 000,338,432 | ---- | C] (Intel Corporation.) – C:\WINDOWS\System32\ir41_qcx.dll

[2011-02-21 21:14:04 | 000,200,192 | ---- | C] (Intel Corporation.) – C:\WINDOWS\System32\ir50_qc.dll

[2011-02-21 21:14:04 | 000,199,680 | ---- | C] (Intel Corporation) – C:\WINDOWS\System32\iac25_32.ax

[2011-02-21 21:14:04 | 000,193,024 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\fsquirt.exe

[2011-02-21 21:14:04 | 000,183,808 | ---- | C] (Intel Corporation.) – C:\WINDOWS\System32\ir50_qcx.dll

[2011-02-21 21:14:04 | 000,120,320 | ---- | C] (Intel Corporation.) – C:\WINDOWS\System32\ir41_qc.dll

[2011-02-21 21:14:04 | 000,110,592 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\bthprops.cpl

[2011-02-21 21:14:04 | 000,020,992 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\bthci.dll

[2011-02-21 21:14:04 | 000,007,168 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\hccoin.dll

[2011-02-21 21:14:03 | 000,757,248 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xpsp3res.dll

[2011-02-21 21:14:03 | 000,427,008 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xpob2res.dll

[2011-02-21 21:14:03 | 000,194,560 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xpsp1res.dll

[2011-02-21 21:14:03 | 000,154,624 | ---- | C] (Intel Corporation) – C:\WINDOWS\System32\ivfsrc.ax

[2011-02-21 21:14:03 | 000,029,184 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\sdhcinst.dll

[2011-02-21 21:14:02 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) – C:\WINDOWS\System32\drivers\hdaudbus.sys

[2011-02-21 21:14:00 | 002,113,536 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dxdiagn.dll

[2011-02-21 21:14:00 | 000,105,472 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\p2pgasvc.dll

[2011-02-21 21:14:00 | 000,103,936 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dpcdll.dll

Dodane 22.02.2011 (Wt) 21:16

[2011-02-21 21:14:00 | 000,060,928 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\logman.exe

[2011-02-21 21:14:00 | 000,024,064 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\pidgen.dll

[2011-02-21 21:14:00 | 000,007,168 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdukx.dll

[2011-02-21 21:14:00 | 000,004,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dsprpres.dll

[2011-02-21 21:13:59 | 000,539,136 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\msftedit.dll

[2011-02-21 21:13:59 | 000,313,856 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\p2pgraph.dll

[2011-02-21 21:13:59 | 000,184,320 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wuaueng1.dll

[2011-02-21 21:13:59 | 000,159,232 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\sbeio.dll

[2011-02-21 21:13:59 | 000,148,480 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wscui.cpl

[2011-02-21 21:13:59 | 000,118,784 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\msdadiag.dll

[2011-02-21 21:13:59 | 000,080,896 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\firewall.cpl

[2011-02-21 21:13:59 | 000,025,600 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\netsetup.cpl

[2011-02-21 21:13:59 | 000,025,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\httpapi.dll

[2011-02-21 21:13:59 | 000,008,192 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\bitsprx2.dll

[2011-02-21 21:13:59 | 000,007,680 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdsmsno.dll

[2011-02-21 21:13:59 | 000,007,168 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdfi1.dll

[2011-02-21 21:13:59 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdmlt47.dll

[2011-02-21 21:13:58 | 001,689,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3d9.dll

[2011-02-21 21:13:58 | 001,647,616 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\winbrand.dll

[2011-02-21 21:13:58 | 000,191,488 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\iuengine.dll

[2011-02-21 21:13:58 | 000,168,960 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wuauclt1.exe

[2011-02-21 21:13:58 | 000,134,656 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\mssap.dll

[2011-02-21 21:13:58 | 000,115,712 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\p2pnetsh.dll

[2011-02-21 21:13:58 | 000,060,416 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\fwcfg.dll

[2011-02-21 21:13:58 | 000,050,176 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xmlprovi.dll

[2011-02-21 21:13:58 | 000,011,264 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\spnpinst.exe

[2011-02-21 21:13:58 | 000,009,728 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\proxycfg.exe

[2011-02-21 21:13:58 | 000,008,192 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\smbinst.exe

[2011-02-21 21:13:58 | 000,006,656 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdinmal.dll

[2011-02-21 21:13:58 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdinbe1.dll

[2011-02-21 21:13:57 | 000,153,600 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\p2p.dll

[2011-02-21 21:13:57 | 000,050,688 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\btpanui.dll

[2011-02-21 21:13:57 | 000,049,152 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\powercfg.exe

[2011-02-21 21:13:57 | 000,023,040 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\fltmc.exe

[2011-02-21 21:13:57 | 000,020,480 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\encapi.dll

[2011-02-21 21:13:57 | 000,017,408 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\winshfhc.dll

[2011-02-21 21:13:57 | 000,014,336 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\auditusr.exe

[2011-02-21 21:13:57 | 000,013,312 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cmsetacl.dll

[2011-02-21 21:13:57 | 000,007,680 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdsmsfi.dll

[2011-02-21 21:13:57 | 000,007,168 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdno1.dll

[2011-02-21 21:13:57 | 000,007,168 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\bitsprx3.dll

[2011-02-21 21:13:57 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdmlt48.dll

[2011-02-21 21:13:56 | 000,075,776 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\strmfilt.dll

[2011-02-21 21:13:56 | 000,071,680 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\blastcln.exe

[2011-02-21 21:13:56 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdinben.dll

[2011-02-21 21:13:56 | 000,005,632 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdmaori.dll

[2011-02-21 21:13:53 | 000,198,656 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\cintime.dll

[2011-02-21 21:13:53 | 000,097,792 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\chtmbx.dll

[2011-02-21 21:13:53 | 000,078,336 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\chajei.ime

[2011-02-21 21:13:53 | 000,056,320 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\chtskdic.dll

[2011-02-21 21:13:53 | 000,021,504 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\cintlgnt.ime

[2011-02-21 21:13:52 | 000,078,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\dayi.ime

[2011-02-21 21:13:49 | 000,811,064 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imjp81k.dll

[2011-02-21 21:13:49 | 000,716,856 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imjpcus.dll

[2011-02-21 21:13:49 | 000,368,696 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imjpcic.dll

[2011-02-21 21:13:49 | 000,340,023 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imjp81.ime

[2011-02-21 21:13:49 | 000,315,455 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imskf.dll

[2011-02-21 21:13:49 | 000,274,489 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imjputyc.dll

[2011-02-21 21:13:49 | 000,106,496 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imekrcic.dll

[2011-02-21 21:13:49 | 000,102,456 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imlang.dll

[2011-02-21 21:13:49 | 000,094,720 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imekr61.ime

[2011-02-21 21:13:49 | 000,086,016 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imekrmbx.dll

[2011-02-21 21:13:49 | 000,081,976 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\imjpdct.dll

[2011-02-21 21:13:48 | 000,004,639 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mplayer2.exe

[2011-02-21 21:13:46 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) – C:\WINDOWS\System32\dllcache\npdsplay.dll

[2011-02-21 21:13:46 | 000,226,816 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\npdrmv2.dll

[2011-02-21 21:13:46 | 000,010,240 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\npwmsdrm.dll

[2011-02-21 21:13:45 | 000,774,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\setup_wm.exe

[2011-02-21 21:13:45 | 000,482,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\pintlgnt.ime

[2011-02-21 21:13:45 | 000,079,360 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\phon.ime

[2011-02-21 21:13:45 | 000,077,824 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\quick.ime

[2011-02-21 21:13:45 | 000,070,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\pintlphr.exe

[2011-02-21 21:13:45 | 000,067,584 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\pmigrate.dll

[2011-02-21 21:13:45 | 000,053,760 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\pintlcsd.dll

[2011-02-21 21:13:45 | 000,026,112 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\romanime.ime

[2011-02-21 21:13:45 | 000,015,872 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\padrs404.dll

[2011-02-21 21:13:45 | 000,015,360 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\padrs804.dll

[2011-02-21 21:13:44 | 000,571,392 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\tintlgnt.ime

[2011-02-21 21:13:44 | 000,065,024 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\unicdime.ime

[2011-02-21 21:13:44 | 000,010,240 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\tmigrate.dll

[2011-02-21 21:13:43 | 000,426,041 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\voicepad.dll

[2011-02-21 21:13:43 | 000,156,672 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\winzm.ime

[2011-02-21 21:13:43 | 000,156,672 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\winsp.ime

[2011-02-21 21:13:43 | 000,156,672 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\winpy.ime

[2011-02-21 21:13:43 | 000,086,073 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\voicesub.dll

[2011-02-21 21:13:43 | 000,079,360 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\winar30.ime

[2011-02-21 21:13:43 | 000,076,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\uniime.dll

[2011-02-21 21:13:43 | 000,073,728 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wmplayer.exe

[2011-02-21 21:13:43 | 000,072,704 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wingb.ime

[2011-02-21 21:13:43 | 000,065,536 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\winime.ime

[2011-02-21 21:13:39 | 000,208,896 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\unregmp2.exe

[2011-02-21 21:13:38 | 000,263,680 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\adsnt.dll

[2011-02-21 21:13:38 | 000,193,536 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\activeds.dll

[2011-02-21 21:13:38 | 000,188,416 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\accwiz.exe

[2011-02-21 21:13:38 | 000,175,616 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\adsldp.dll

[2011-02-21 21:13:38 | 000,143,360 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\adsldpc.dll

[2011-02-21 21:13:38 | 000,118,784 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\aclui.dll

[2011-02-21 21:13:38 | 000,098,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ahui.exe

[2011-02-21 21:13:38 | 000,098,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\actxprxy.dll

[2011-02-21 21:13:38 | 000,070,656 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\access.cpl

[2011-02-21 21:13:38 | 000,068,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\adsmsext.dll

[2011-02-21 21:13:38 | 000,004,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\actmovie.exe

[2011-02-21 21:13:37 | 000,602,112 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\autofmt.exe

[2011-02-21 21:13:37 | 000,286,720 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\blackbox.dll

[2011-02-21 21:13:37 | 000,286,720 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\blackbox.dll

[2011-02-21 21:13:37 | 000,226,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\catsrv.dll

[2011-02-21 21:13:37 | 000,151,040 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\capesnpn.dll

[2011-02-21 21:13:37 | 000,115,200 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\asctrls.ocx

Dodane 22.02.2011 (Wt) 21:17

[2011-02-21 21:13:37 | 000,084,992 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\avifil32.dll

[2011-02-21 21:13:37 | 000,078,336 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\browsewm.dll

[2011-02-21 21:13:37 | 000,067,584 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\browselc.dll

[2011-02-21 21:13:37 | 000,065,536 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\asycfilt.dll

[2011-02-21 21:13:37 | 000,060,416 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cabinet.dll

[2011-02-21 21:13:37 | 000,052,736 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\basesrv.dll

[2011-02-21 21:13:37 | 000,050,688 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\camocx.dll

[2011-02-21 21:13:37 | 000,030,208 | ---- | C] (Adobe Systems) – C:\WINDOWS\System32\atmlib.dll

[2011-02-21 21:13:37 | 000,029,184 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\batmeter.dll

[2011-02-21 21:13:37 | 000,025,600 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\at.exe

[2011-02-21 21:13:37 | 000,017,408 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\bidispl.dll

[2011-02-21 21:13:37 | 000,012,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\attrib.exe

[2011-02-21 21:13:37 | 000,011,264 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\autolfn.exe

[2011-02-21 21:13:37 | 000,011,264 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\atmadm.exe

[2011-02-21 21:13:37 | 000,008,704 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\batt.dll

[2011-02-21 21:13:37 | 000,008,192 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\asferror.dll

[2011-02-21 21:13:37 | 000,008,192 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\asferror.dll

[2011-02-21 21:13:36 | 002,091,520 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cdosys.dll

[2011-02-21 21:13:36 | 000,625,664 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\catsrvut.dll

[2011-02-21 21:13:36 | 000,461,824 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\certmgr.dll

[2011-02-21 21:13:36 | 000,197,632 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\certcli.dll

[2011-02-21 21:13:36 | 000,159,232 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\cewmdm.dll

[2011-02-21 21:13:36 | 000,159,232 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cewmdm.dll

[2011-02-21 21:13:36 | 000,148,480 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cic.dll

[2011-02-21 21:13:36 | 000,110,592 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\clbcatex.dll

[2011-02-21 21:13:36 | 000,103,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\clipbrd.exe

[2011-02-21 21:13:36 | 000,085,504 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\catsrvps.dll

[2011-02-21 21:13:36 | 000,077,824 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cliconfg.dll

[2011-02-21 21:13:36 | 000,069,120 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ciodm.dll

[2011-02-21 21:13:36 | 000,064,512 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cleanmgr.exe

[2011-02-21 21:13:36 | 000,058,368 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\clusapi.dll

[2011-02-21 21:13:36 | 000,038,912 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cfgbkend.dll

[2011-02-21 21:13:36 | 000,020,480 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cliconfg.exe

[2011-02-21 21:13:36 | 000,016,896 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cfgmgr32.dll

[2011-02-21 21:13:36 | 000,015,872 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cmcfg32.dll

[2011-02-21 21:13:35 | 001,267,200 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\comsvcs.dll

[2011-02-21 21:13:35 | 000,348,672 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cmdial32.dll

[2011-02-21 21:13:35 | 000,230,400 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\compstui.dll

[2011-02-21 21:13:35 | 000,187,904 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cmprops.dll

[2011-02-21 21:13:35 | 000,167,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\comsnap.dll

[2011-02-21 21:13:35 | 000,097,792 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\comrepl.dll

[2011-02-21 21:13:35 | 000,064,512 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cmstp.exe

[2011-02-21 21:13:35 | 000,060,416 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\colbact.dll

[2011-02-21 21:13:35 | 000,049,152 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cnbjmon.dll

[2011-02-21 21:13:35 | 000,041,472 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cmutil.dll

[2011-02-21 21:13:35 | 000,039,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cmmon32.exe

[2011-02-21 21:13:35 | 000,028,160 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\comaddin.dll

[2011-02-21 21:13:35 | 000,025,600 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cmdl32.exe

[2011-02-21 21:13:34 | 001,179,648 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3d8.dll

[2011-02-21 21:13:34 | 000,824,320 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dim700.dll

[2011-02-21 21:13:34 | 000,539,648 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\comuid.dll

[2011-02-21 21:13:34 | 000,358,400 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\confmsp.dll

[2011-02-21 21:13:34 | 000,164,864 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\credui.dll

[2011-02-21 21:13:34 | 000,135,168 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cscript.exe

[2011-02-21 21:13:34 | 000,075,264 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cryptdlg.dll

[2011-02-21 21:13:34 | 000,033,280 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\cryptdll.dll

[2011-02-21 21:13:34 | 000,027,648 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\conime.exe

[2011-02-21 21:13:34 | 000,008,192 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3d8thk.dll

[2011-02-21 21:13:33 | 001,055,744 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\danim.dll

[2011-02-21 21:13:33 | 000,165,376 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\datime.dll

[2011-02-21 21:13:33 | 000,153,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\daxctle.ocx

[2011-02-21 21:13:33 | 000,054,272 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dataclen.dll

[2011-02-21 21:13:33 | 000,025,600 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\davclnt.dll

[2011-02-21 21:13:31 | 000,695,808 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\drmv2clt.dll

[2011-02-21 21:13:31 | 000,299,520 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\drmclien.dll

[2011-02-21 21:13:31 | 000,087,040 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\drmstor.dll

[2011-02-21 21:13:30 | 000,499,766 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\dxmasf.dll

========== Files - Modified Within 1 Day ==========

[2011-02-22 21:06:10 | 000,043,531 | ---- | M] () – C:\WINDOWS\System32\nvapps.xml

[2011-02-22 21:05:58 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2011-02-22 18:19:01 | 000,577,024 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Spersen\Pulpit\OTL_3.2.21(dobreprogramy.pl).exe

[2011-02-22 18:16:28 | 000,095,072 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2011-02-22 16:03:02 | 000,355,486 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2011-02-22 16:03:02 | 000,311,604 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2011-02-22 16:03:02 | 000,049,492 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2011-02-22 16:03:02 | 000,039,992 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2011-02-22 15:14:50 | 000,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK

[2011-02-22 15:01:21 | 000,000,665 | ---- | M] () – C:\Documents and Settings\Spersen\Pulpit\CrossFire.lnk

[2011-02-22 14:54:44 | 000,000,269 | ---- | M] () – C:\Documents and Settings\Spersen\Moje dokumenty\ax_files.xml

[2011-02-22 14:54:15 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) – C:\Documents and Settings\Spersen\Pulpit\install_flash_player_ax.exe

[2011-02-22 13:35:27 | 523,409,669 | ---- | M] (Z8Games.com ) – C:\Documents and Settings\All Users\Pulpit\CrossFire_Setup_v1058.exe

[2011-02-22 01:14:51 | 001,616,330 | ---- | M] (Oleg N. Scherbakov) – C:\Documents and Settings\Spersen\Pulpit\crossfire_downloader.exe

[2011-02-21 23:35:22 | 000,000,679 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk

[2011-02-21 23:35:22 | 000,000,660 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk

[2011-02-21 23:34:15 | 000,316,640 | ---- | M] () – C:\WINDOWS\WMSysPr9.prx

[2011-02-21 23:33:19 | 000,013,646 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2011-02-21 23:02:17 | 000,251,152 | ---- | M] () – C:\ntldr

[2011-02-21 22:16:34 | 024,886,120 | ---- | M] () – C:\Documents and Settings\Spersen\Pulpit\gg10.exe

[2011-02-21 22:12:11 | 000,023,392 | ---- | M] () – C:\WINDOWS\System32\nscompat.tlb

[2011-02-21 22:12:11 | 000,016,832 | ---- | M] () – C:\WINDOWS\System32\amcompat.tlb

========== Files Created - No Company Name ==========

[2011-02-22 15:01:21 | 000,000,665 | ---- | C] () – C:\Documents and Settings\Spersen\Pulpit\CrossFire.lnk

[2011-02-21 23:35:22 | 000,000,679 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk

[2011-02-21 23:35:22 | 000,000,660 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk

[2011-02-21 23:34:56 | 000,000,572 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk

[2011-02-21 22:15:49 | 024,886,120 | ---- | C] () – C:\Documents and Settings\Spersen\Pulpit\gg10.exe

[2011-02-21 21:14:03 | 000,118,272 | ---- | C] () – C:\WINDOWS\System32\mpeg2data.ax

[2011-02-21 21:13:53 | 000,173,568 | ---- | C] () – C:\WINDOWS\System32\dllcache\chtskf.dll

[2011-02-21 21:13:50 | 013,463,552 | ---- | C] () – C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2011-02-21 21:13:45 | 000,175,104 | ---- | C] () – C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2011-02-21 18:46:42 | 000,004,293 | ---- | C] () – C:\WINDOWS\ODBCINST.INI

[2011-02-21 18:29:17 | 000,436,792 | ---- | C] () – C:\WINDOWS\System32\drivers\sptd.sys

[2011-02-21 18:08:06 | 000,021,630 | ---- | C] () – C:\WINDOWS\Ascd_log.ini

[2011-02-21 18:07:43 | 000,021,309 | ---- | C] () – C:\WINDOWS\Ascd_tmp.ini

[2011-02-21 18:07:42 | 000,005,810 | R— | C] () – C:\WINDOWS\System32\drivers\ASACPI.sys

[2011-02-21 18:07:33 | 000,005,824 | ---- | C] () – C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006-01-24 11:15:00 | 001,662,976 | ---- | C] () – C:\WINDOWS\System32\nvwdmcpl.dll

[2006-01-24 11:15:00 | 001,466,368 | ---- | C] () – C:\WINDOWS\System32\nview.dll

[2006-01-24 11:15:00 | 001,019,904 | ---- | C] () – C:\WINDOWS\System32\nvwimg.dll

[2006-01-24 11:15:00 | 000,573,440 | ---- | C] () – C:\WINDOWS\System32\nvhwvid.dll

[2006-01-24 11:15:00 | 000,466,944 | ---- | C] () – C:\WINDOWS\System32\nvshell.dll

[2006-01-24 11:15:00 | 000,286,720 | ---- | C] () – C:\WINDOWS\System32\nvnt4cpl.dll

[2006-01-24 11:15:00 | 000,106,496 | ---- | C] () – C:\WINDOWS\System32\nvapi.dll

========== LOP Check ==========

[2011-02-21 18:36:34 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

[2011-02-21 23:35:22 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2011-02-22 00:05:53 | 000,000,000 | —D | M] – C:\Documents and Settings\Spersen\Dane aplikacji\Gadu-Gadu 10

[2011-02-21 18:27:19 | 000,000,000 | —D | M] – C:\Documents and Settings\Spersen\Dane aplikacji\Opera

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) >

< O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) >

< O3 - HKLM…\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) >

< O3 - HKLM…\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) >

< IE - HKU\S-1-5-21-1960408961-1326574676-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= … =CT2790392 >

Invalid Switch: search.conduit.com?SearchSource= … =CT2790392

< IE - HKU\S-1-5-21-1960408961-1326574676-839522115-1004…\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) >

< >

< >

< :Commands >

< [emptytemp] >

< [start explorer] >

< [reboot] >

#19

przy wykonywaniu loga klikamy wykonaj skrypt

więc do roboty :smiley:

#20

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.

File C:\Program Files\free-downloads.net\tbfree.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{ecdee021-0d17-467f-a1ff-c7a115230949} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.

File downloads.net\tbfree.dll not found.

HKU\S-1-5-21-1960408961-1326574676-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{ecdee021-0d17-467f-a1ff-c7a115230949} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.

File C:\Program Files\free-downloads.net\tbfree.dll not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Spersen

->Temp folder emptied: 1044 bytes

->Temporary Internet Files folder emptied: 2390585 bytes

->Opera cache emptied: 9928451 bytes

->Flash cache emptied: 1633 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 754700 bytes

Total Files Cleaned = 13,00 mb

OTL by OldTimer - Version 3.2.21.0 log created on 02222011_213342

Files\Folders moved on Reboot…

Registry entries deleted on Reboot…

wyszło coś takiego