Nieznany szkodliwy plik sfsync04.com a loga combofix ,


(Magdalenasmektala) #1

wklejam z combofixa

ComboFix 09-06-09.06 - magda wladca 10/06/2009 23:26.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1318 [GMT 1:00]

Running from: c:\users\magda wladca\Desktop\ComboFix.exe

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\AutoRun.inf

D:\desktop.ini

.

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))

.

2009-06-10 22:30 . 2009-06-10 22:30 -------- d-----w- c:\users\magda wladca\AppData\Local\temp

2009-06-10 21:33 . 2009-06-10 21:33 -------- d-sh--w- \Config.Msi

2009-06-10 20:27 . 2009-06-10 20:27 -------- d-----w- c:\windows\CheckSur

2009-06-10 20:23 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-10 20:23 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-06-10 20:18 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-06-10 18:44 . 2009-06-10 18:44 -------- d-----w- C:\rsit

2009-06-10 18:44 . 2009-06-10 18:44 -------- d-----w- \rsit

2009-06-10 18:31 . 2009-06-10 18:31 -------- d-----w- C:_OTL

2009-06-10 18:31 . 2009-06-10 18:31 -------- d-----w- _OTL

2009-06-10 17:51 . 2009-06-10 17:51 -------- d-----w- c:\users\magda wladca\DoctorWeb

2009-06-10 17:22 . 2009-06-10 22:28 -------- d---a-w- \Qoobox

2009-06-10 16:56 . 2009-06-10 16:56 -------- d-----w- c:\program files\Trend Micro

2009-06-10 16:03 . 2009-06-10 16:03 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Uniblue

2009-06-10 15:57 . 2009-06-10 15:58 -------- d-----w- c:\users\magda wladca\spóldzielnia 1

2009-06-02 14:51 . 2009-06-02 14:51 -------- d-----w- c:\program files\Alternative Software Ltd

2009-05-31 13:56 . 2009-05-31 13:56 -------- d-----w- c:\users\magda wladca.dvdcss

2009-05-25 19:07 . 2009-05-25 19:08 -------- d-----w- c:\users\magda wladca\allegro

2009-05-22 11:24 . 2009-05-22 11:24 -------- d-----w- c:\program files\Sega

2009-05-21 16:45 . 2009-05-21 16:45 -------- d-----w- c:\users\magda wladca\AppData\Local\Apps

2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-05-21 16:07 . 2009-05-21 16:07 -------- d-----w- c:\program files\ESET

2009-05-21 15:46 . 2009-05-21 15:46 -------- d-----w- c:\users\magda wladca\AppData\Local\WindowsUpdate

2009-05-20 19:48 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2009-05-20 19:48 . 2009-05-20 19:48 -------- d-----w- c:\program files\CPUID

2009-05-19 19:50 . 2009-05-19 19:50 -------- d-----w- c:\users\magda wladca\AppData\Local\PC_Drivers_Headquarters

2009-05-19 18:12 . 2009-06-10 22:01 2147016704 --sha-w- \hiberfil.sys

2009-05-19 16:54 . 2009-05-20 18:15 -------- d-----w- c:\users\magda wladca\AppData\Local\eSupport.com

2009-05-17 16:26 . 2009-05-17 16:27 -------- d-----w- c:\program files\Microsoft IntelliPoint

2009-05-17 16:24 . 2009-05-17 16:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2009-05-17 15:23 . 2008-05-16 18:31 768544 ----a-w- c:\windows\system32\nvcplui.exe

2009-05-17 15:23 . 2008-05-16 18:31 313888 ----a-w- c:\windows\system32\nvexpbar.dll

2009-05-17 15:23 . 2008-05-16 18:31 1079840 ----a-w- c:\windows\system32\nvcpluir.dll

2009-05-17 15:22 . 2008-05-16 18:31 446464 ----a-w- c:\windows\system32\nvudisp.exe

2009-05-17 15:21 . 2008-05-16 10:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-05-17 15:15 . 2009-05-17 15:15 -------- d-sh--w- C:\found.002

2009-05-17 15:15 . 2009-05-17 15:15 -------- d-sh--w- \found.002

2009-05-17 15:09 . 2009-05-17 15:17 1356 ----a-w- c:\users\magda wladca\AppData\Local\d3d9caps.dat

2009-05-16 17:36 . 2009-05-16 17:36 -------- d-----w- c:\users\magda wladca\AppData\Roaming\ATI

2009-05-16 17:36 . 2009-05-16 17:36 -------- d-----w- c:\users\magda wladca\AppData\Local\ATI

2009-05-16 17:31 . 2009-05-16 17:31 0 ----a-w- c:\windows\ativpsrm.bin

2009-05-16 17:30 . 2009-02-04 05:02 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-05-16 17:29 . 2009-05-16 17:29 10134 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{DC5D5D1D-E60F-E748-01BD-4AB0278B5AA0}\ARPPRODUCTICON.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-10 22:01 . 2009-05-19 18:12 2147016704 --sha-w- \hiberfil.sys

2009-06-10 22:01 . 2009-02-10 03:23 2460819456 --sha-w- \pagefile.sys

2009-06-10 21:49 . 2009-02-11 19:57 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Skype

2009-06-10 21:33 . 2009-02-11 19:47 -------- d-----w- c:\programdata\Lavasoft

2009-06-10 19:35 . 2009-05-10 16:36 -------- d-----w- c:\users\magda wladca\AppData\Roaming\IrfanView

2009-06-10 19:35 . 2009-02-13 14:08 -------- d-----w- c:\programdata\HP Product Assistant

2009-06-02 14:52 . 2009-02-15 19:29 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-27 18:59 . 2009-02-11 20:12 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-05-22 18:30 . 2009-05-22 18:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-05-22 18:23 . 2009-02-11 19:25 78832 ----a-w- c:\users\magda wladca\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-17 16:31 . 2009-05-17 16:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009-05-17 15:29 . 2009-05-02 21:33 -------- d-----w- c:\programdata\NVIDIA

2009-05-16 11:34 . 2009-05-08 12:36 -------- d-----w- c:\program files\Common Files\LogiShrd

2009-05-16 11:21 . 2009-05-08 12:36 -------- d-----w- c:\programdata\Logishrd

2009-05-14 08:40 . 2009-05-10 12:05 -------- d-----w- c:\programdata\Kodak

2009-05-13 12:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-13 10:52 . 2009-05-10 12:06 -------- d-----w- c:\program files\Kodak

2009-05-10 16:36 . 2009-05-10 16:36 -------- d-----w- c:\program files\IrfanView

2009-05-10 09:38 . 2009-05-08 12:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-05-09 19:06 . 2009-02-16 17:36 -------- d-----w- c:\program files\Common Files\InstallShield

2009-05-09 12:32 . 2009-05-09 12:30 -------- d-----w- c:\program files\Microsoft LifeCam

2009-05-08 19:23 . 2009-05-01 13:24 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Samsung

2009-05-08 12:42 . 2009-05-08 12:42 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Leadertech

2009-05-08 12:36 . 2009-05-08 12:36 -------- d-----w- c:\programdata\Logitech

2009-05-07 17:44 . 2009-05-07 17:44 -------- d-----w- c:\programdata\Zylom

2009-05-07 17:44 . 2009-05-07 17:44 -------- d-----w- c:\program files\Zylom Games

2009-05-07 16:26 . 2009-05-07 16:26 -------- d-----w- c:\program files\SystemRequirementsLab

2009-05-05 16:10 . 2009-05-05 16:10 -------- d-----w- c:\users\magda wladca\AppData\Roaming\HP

2009-05-02 19:52 . 2009-05-02 19:50 -------- d--h--w- c:\program files\Temp

2009-05-02 19:51 . 2009-05-02 19:51 319456 ----a-w- c:\windows\DIFxAPI.dll

2009-05-02 19:51 . 2009-05-02 19:51 -------- d-----w- c:\program files\Realtek

2009-05-02 17:55 . 2009-05-02 17:55 4570 ----a-w- c:\program files\Uninst.isu

2009-05-02 17:55 . 2009-05-02 17:55 202 ----a-w- c:\program files\UNINSTALL.INF

2009-05-02 17:55 . 2009-05-02 17:55 216 ----a-w- c:\program files\TLCRUN.INI

2009-05-01 13:22 . 2009-05-01 13:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2009-05-01 13:03 . 2009-02-12 14:27 -------- d-----w- c:\program files\Common Files\Adobe

2009-05-01 12:57 . 2009-05-01 12:57 -------- d-----w- c:\program files\Samsung

2009-04-27 10:18 . 2009-02-13 14:03 141228 ----a-w- c:\windows\hpoins14.dat

2009-04-22 19:02 . 2009-04-22 19:04 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-04-20 12:41 . 2009-04-19 12:59 -------- d-----w- c:\program files\BearShare Applications

2009-04-19 17:29 . 2009-04-19 12:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-04-19 13:25 . 2009-04-19 13:25 -------- d-----w- c:\program files\SkanerOnline

2009-04-19 12:16 . 2009-04-19 12:09 -------- d-----w- c:\users\magda wladca\AppData\Roaming\uTorrent

2009-04-16 16:23 . 2009-05-02 19:50 540672 ----a-w- c:\windows\RtlExUpd.dll

2009-04-14 15:32 . 2009-05-02 19:51 1784352 ----a-w- c:\windows\system32\WavesLib.dll

2009-04-14 15:31 . 2009-05-02 19:51 1123872 ----a-w- c:\windows\system32\RtkPgExt.dll

2009-04-14 15:31 . 2009-05-02 19:51 55840 ----a-w- c:\windows\system32\RtkCoInst.dll

2009-04-14 15:31 . 2009-05-02 19:51 326176 ----a-w- c:\windows\system32\RtkApoApi.dll

2009-04-14 15:31 . 2009-05-02 19:51 2529824 ----a-w- c:\windows\system32\RtkAPO.dll

2009-04-14 15:12 . 2009-05-02 19:51 2358560 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys

2009-04-13 16:36 . 2009-02-15 22:13 -------- d-----w- c:\program files\INTERIAPL

2009-03-27 09:03 . 2009-03-27 09:03 795104 ----a-w- c:\windows\system32\dpinst.exe

2009-03-25 14:06 . 2009-05-02 19:51 142848 ----a-w- c:\windows\system32\AERTACap.dll

2009-03-24 10:10 . 2009-05-07 17:44 114688 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

2009-03-22 19:33 . 2009-03-22 19:33 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-03-22 19:33 . 2009-03-22 19:33 8854 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\Uninstall_GameShadow_F7C1C17E70E3475FBD52EA554391F15D.exe

2009-03-22 19:33 . 2009-03-22 19:33 45056 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe

2009-03-22 19:33 . 2009-03-22 19:33 45056 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe

2009-03-22 19:33 . 2009-03-22 19:33 45056 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\ARPPRODUCTICON.exe

2009-03-17 03:38 . 2009-04-16 15:35 13824 ----a-w- c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-16 15:35 24064 ----a-w- c:\windows\system32\amxread.dll

2001-08-22 18:47 . 2009-05-02 17:55 487473 ----a-w- c:\program files\scooby.exe

2001-05-16 11:20 . 2009-05-02 17:55 57344 ----a-w- c:\program files\UNINSTALL.EXE

2000-09-01 14:22 . 2009-05-02 17:55 25196 ----a-w- c:\program files\object.ini

2000-07-11 13:14 . 2009-05-02 17:55 286208 ----a-w- c:\program files\binkw32.dll

1999-05-21 12:29 . 2009-05-02 17:55 21504 ----a-w- c:\program files\TLCRUN.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-03 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{CBA96156-DD0B-44F6-9263-6FF073935FEF}d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe"= UDP:d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem

"UDP Query User{AA4A59D0-2EC1-49F8-A0F5-8F6F181B0F35}d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe"= TCP:d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem

"TCP Query User{FADC1AEF-3C5E-43E4-8FD2-C18580DAE78A}c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe"= UDP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem

"UDP Query User{88FCBD92-62F5-4CA0-8796-550ABFD283AC}c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe"= TCP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem

"TCP Query User{B99ACCA7-BFF5-4E71-9D45-D6B7EDCACB5A}d:\skype\phone\skype.exe"= UDP:d:\skype\phone\skype.exe:Skype

"UDP Query User{9B7D4783-F98F-4261-9C2E-3AD634F2C368}d:\skype\phone\skype.exe"= TCP:d:\skype\phone\skype.exe:Skype

"TCP Query User{15F4CEE4-3312-422B-818F-1E96305ED73F}d:\skype\phone\skype.exe"= UDP:d:\skype\phone\skype.exe:skype.exe

"UDP Query User{A84EE7DB-865D-4E54-8E17-F760DB7684F2}d:\skype\phone\skype.exe"= TCP:d:\skype\phone\skype.exe:skype.exe

"{16705AED-C95D-44EB-AAA8-E2AE9A6FFB81}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{64000EC6-E04A-48C6-B442-5A07DD1B27E5}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{ADC7E007-AFE8-46AC-99EF-5057B547CFCD}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{93B3F5E3-40D5-4FA6-BCC1-A9F78330E01A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{311B26D5-70B4-422E-9355-BB359B514777}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{88E8BD17-9BA4-4633-B116-96F9BB9BDDEE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{24046821-0EF2-41D7-A68A-0F177573BE52}"= UDP:d:\program files\uTorrent.exe:µTorrent (TCP-In)

"{DDAA77D7-7151-4297-AF4A-041A4E4C61DD}"= TCP:d:\program files\uTorrent.exe:µTorrent (UDP-In)

"{CBA8F30C-9768-4822-8BC3-2AAC78A0458A}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"{0CA612B3-CEF5-4A26-8342-027734EA9C31}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"{69F0EC66-FBEB-4F49-BF99-F9259D7FAFFB}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{C73B2A91-3D19-4D8E-B12C-643CD7051267}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{4A7A00C8-9E90-45F3-951B-DCFBE4E7D55B}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{63A67053-AE64-48B4-9743-B61D3D71BB42}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"TCP Query User{56B04AC4-C04F-46F8-A9AC-74AC30CBC56B}c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe"= UDP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater

"UDP Query User{6A85B810-CE50-4F74-919A-A51904C58C8C}c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe"= TCP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22/04/2009 20:04 64160]

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [06/02/2009 14:23 106208]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720]

R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [06/02/2009 14:24 92800]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S2 mks_services;mks_vir;"d:\program files\bin\mks_services.exe" --> d:\program files\bin\mks_services.exe [?]

S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [20/05/2009 20:48 12672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{928A14A2-4C5D-4C40-BAF3-9ADE04E8771A}.job

  • c:\windows\system32\msfeedssync.exe [2009-04-08 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.onet.pl/

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Trusted Zone: mks.com.pl

TCP: {5BE7CE20-F3F9-4C5C-8CF8-0F493CA04EA1} = 172.31.140.69 172.30.140.69

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-10 23:30

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\MAGDAW~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2009-06-10 23:31

ComboFix-quarantined-files.txt 2009-06-10 22:31

Pre-Run: 22,003,646,464 bytes free

Post-Run: 24,728,739,840 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4

236 --- E O F --- 2009-06-10 20:43

-- Dodane 13.06.2009 (So) 22:02 --

miałam problem z komputerem adaware znalazł coś 'nieznanego' poradzono mi zrobić logi ale nikt nie chce pomóc zinterpretować więc proszę jeszcze raz,

przywróciłam system do daty w której wszystko było dobrze i nie ma tego czegoś znowu, zrobiłam logo z combofix i teraz nie wiem czy jest już zupełnie dobrze, poza tym podobno bo zrobieniu loga należy usunąć combofix z komputera tak?

z góry dzięki


(Henio Mazurek) #2

Nic tutaj nie ma. Robiłaś log z OTL, jego trzeba było wkleić.

Przeczyść tempy przez ATF

http://cybertrash.pl/images/tata/ATF/ATF.html

Start => Uruchom => wpisz Combofix /u. W OTL kliknij Clean up. Usuń folder c:\rsit

Wyłącz na chwilę przywracanie systemu.

Wykonaj dokładny skan Malwarebytes Anti-Malware, jeśli coś znajdzie - usuń i wklej log.

http://dobreprogramy.pl/index.php?dz=2& ... lware+1.37

Przeczyść rejestr CCleaner'em

http://dobreprogramy.pl/index.php?dz=2& ... +v2.19.901


(Agatonster) #3

emagda ,

Proszę zapoznać się z tematem Ważny komunikat dotyczący tytułowania tematów i poprawić tytuł na konkretny, mówiący o problemie. W celu dokonania zaleconej korekty proszę użyć przycisku Edytuj przy poście otwierającym ten temat.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów na forum - przeczytaj i zastosuj się do Tematu

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.


(Magdalenasmektala) #4

bardzo dziękuję zrobię to wszystko na ile mi się uda , próbowałąm wkleić log z otl ale jest za długi

-- Dodane 14.06.2009 (N) 12:41 --

anti-malware nic nie znalazło wie nie wklejam jedynie jescze wkleje logi z otl

-- Dodane 14.06.2009 (N) 12:44 --

OTL logfile created on: 14/06/2009 11:42:32 - Run 1

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\magda wladca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVH2P62J

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18783)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.23% Memory free

4.00 Gb Paging File | 3.06 Gb Available in Paging File | 76.58% Paging File free

Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 71.28 Gb Total Space | 32.96 Gb Free Space | 46.23% Space Free | Partition Type: NTFS

Drive D: | 70.94 Gb Total Space | 56.37 Gb Free Space | 79.47% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 10.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MAGDAWLADCA-PC

Current User Name: magda wladca

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 60 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/05/16 19:31:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe

PRC - [2009/02/04 05:58:34 | 00,729,088 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe

PRC - 2009/06/11 17:45:57 | 01,005,904 | ---- | M -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2009/02/11 23:31:38 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE

PRC - 2009/02/06 14:23:36 | 00,727,720 | ---- | M -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009/02/04 05:58:34 | 00,729,088 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe

PRC - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2007/01/04 23:13:54 | 00,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - 2009/02/06 14:23:12 | 02,021,400 | ---- | M -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFHost.exe

PRC - 2009/06/11 17:45:58 | 00,518,488 | ---- | M -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2009/03/03 18:49:17 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008/04/23 17:45:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.) -- D:\Skype\Phone\Skype.exe

PRC - [2008/01/19 08:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe

PRC - [2008/01/19 08:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe

PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe

PRC - [2007/08/09 10:52:28 | 00,335,872 | ---- | M] (Huawei Technologies) -- C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe

PRC - [2009/03/08 22:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/03/08 22:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/06/13 13:09:17 | 00,280,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

PRC - [2008/01/19 08:38:32 | 00,319,544 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe

PRC - [2009/05/26 13:20:00 | 01,283,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2009/06/14 11:39:54 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\magda wladca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVH2P62J\OTL[1].exe

PRC - [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe

PRC - [2008/01/19 08:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe

PRC - [2008/10/05 04:16:26 | 00,235,936 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/04 05:58:34 | 00,729,088 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])

SRV - [2009/02/11 22:59:29 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])

SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])

SRV - 2009/02/06 14:27:06 | 00,020,680 | ---- | M -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

SRV - 2009/02/06 14:23:36 | 00,727,720 | ---- | M -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])

SRV - [2009/02/11 23:12:03 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - 2009/04/17 12:36:08 | 00,182,768 | ---- | M -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2007/03/11 22:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])

SRV - [2007/03/11 23:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])

SRV - [2009/02/11 23:12:15 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - 2009/06/11 17:45:57 | 01,005,904 | ---- | M -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])

SRV - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - File not found -- -- (mks_services [Auto | Stopped])

SRV - [2007/01/04 23:13:54 | 00,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])

SRV - 2006/11/08 17:35:36 | 00,043,520 | ---- | M -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])

SRV - [2009/02/11 23:12:21 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2008/05/16 19:31:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])

SRV - [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - 2006/11/08 17:35:38 | 00,053,248 | ---- | M -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])

SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])

SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

-- Dodane 14.06.2009 (N) 12:45 --

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

DRV - [2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])

DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

DRV - [2009/02/04 08:29:02 | 04,303,360 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Stopped])

DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])

DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])

DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])

DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])

DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])

DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])

DRV - [2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

DRV - [2009/03/27 01:16:28 | 00,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\system32\drivers\cpuz132_x32.sys -- (cpuz132 [On_Demand | Stopped])

DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

DRV - 2009/02/06 14:19:52 | 00,113,448 | ---- | M -- C:\Windows\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running])

DRV - 2009/02/06 14:23:18 | 00,106,208 | ---- | M -- C:\Windows\system32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running])

DRV - [2003/10/19 13:59:50 | 00,025,856 | ---- | M] (SlySoft, Inc.) -- C:\Windows\System32\Drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])

DRV - [2003/09/15 17:57:35 | 00,009,728 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])

DRV - 2006/11/02 10:51:34 | 00,316,520 | ---- | M -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

DRV - 2009/02/06 14:24:26 | 00,092,800 | ---- | M -- C:\Windows\system32\DRIVERS\epfwwfpr.sys -- (epfwwfpr [Auto | Running])

DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])

DRV - [2007/07/16 19:23:24 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\system32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])

DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])

DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

DRV - [2009/04/14 16:12:08 | 02,358,560 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

DRV - [2009/04/22 20:02:15 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [boot | Running])

DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

DRV - 2009/05/10 10:38:11 | 00,000,000 | ---- | M -- C:\Windows\System32\drivers\lvuvc.hs -- (LVUVC [On_Demand | Stopped])

DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])

DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

DRV - [2008/01/30 18:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])

DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

DRV - [2007/08/31 20:15:45 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])

DRV - [2008/05/16 19:31:00 | 07,465,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])

DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])

DRV - [2007/01/05 22:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [boot | Running])

DRV - [2007/08/21 09:13:03 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\point32k.sys -- (Point32 [On_Demand | Running])

DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

DRV - [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])

DRV - [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

DRV - 2009/05/01 14:22:25 | 00,005,632 | ---- | M -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

DRV - [2002/07/25 17:01:06 | 00,005,306 | R--- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel [Auto | Running])

DRV - [2008/01/30 18:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [boot | Running])

DRV - [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

DRV - [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

DRV - [2008/01/19 06:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

DRV - [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

DRV - [2006/12/06 00:39:11 | 01,963,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VX1000.sys -- (VX1000 [On_Demand | Stopped])

DRV - 2006/11/02 08:30:56 | 00,194,048 | ---- | M -- C:\Windows\system32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])

DRV - [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/11 23:15:03 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2009/05/21 17:07:44 | 00,000,000 | ---D | M]

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKCU..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKCU..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)

O3 - HKCU..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Key error. File not found

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)

O4 - HKCU..\Run: [skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU..Trusted Domains: mks.com.pl ([]https in Trusted sites)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - 2006/09/18 22:43:36 | 00,000,024 | ---- | M - C:\autoexec.bat -- [NTFS]

O32 - AutoRun File - [2007/07/03 21:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [CDFS]

O32 - AutoRun File - 2007/03/12 18:22:30 | 00,000,112 | R--- | M - F:\AUTORUN.INF -- [CDFS]

O33 - MountPoints2{5b7ee460-3805-11de-9200-001921e958d2}\Shell - "" = AutoRun

O33 - MountPoints2{5b7ee460-3805-11de-9200-001921e958d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/03 21:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - * [2009/06/14 11:25:31 | 00,000,000 | R--D | M]

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 60 Days ==========

[1 C:\Windows*.tmp files]

[2009/06/14 11:32:58 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\AppData\Roaming\Malwarebytes

[2009/06/14 11:32:55 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/06/14 11:32:53 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/06/14 11:32:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/06/14 11:32:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

2009/06/14 11:20:49 | 00,000,220 | ---- | C -- C:\Users\magda wladca\Desktop\Przywracanie systemu w Windows Vista - Artykuły - vista.pl.url

2009/06/12 14:19:40 | 00,000,266 | ---- | C -- C:\Users\magda wladca\Desktop\How your application is assessed.url

2009/06/11 19:02:55 | 00,000,187 | ---- | C -- C:\Users\magda wladca\Desktop\Leicester - bloog.pl.url

2009/06/11 18:49:51 | 00,000,201 | ---- | C -- C:\Users\magda wladca\Desktop\Kafeteria - Mieszkania socjalne i spoldzielcze w UK (2).url

2009/06/11 17:46:56 | 00,000,472 | ---- | C -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2009/06/11 17:43:10 | 00,000,000 | -H-D | C] -- C:\ProgramData{83C91755-2546-441D-AC40-9A6B4B860800}

2009/06/11 17:43:09 | 00,001,011 | ---- | C -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2009/06/11 17:43:02 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

2009/06/11 11:47:38 | 00,000,210 | ---- | C -- C:\Users\magda wladca\Desktop\South Lakeland District Council Housing Associations (2).url

[2009/06/11 00:17:13 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF12058.exe

[2009/06/10 23:31:43 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2009/06/10 23:31:43 | 00,000,000 | ---D | C] -- C:\Windows\temp

[2009/06/10 23:31:43 | 00,000,000 | ---D | C] -- C:\temp

2009/06/10 23:25:02 | 00,155,136 | ---- | C -- C:\Windows\PEV.exe

[2009/06/10 23:24:46 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT

[2009/06/10 21:27:12 | 00,000,000 | ---D | C] -- C:\Windows\CheckSur

[2009/06/10 21:23:07 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2009/06/10 21:23:04 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll

[2009/06/10 21:23:03 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll

[2009/06/10 21:23:03 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll

[2009/06/10 21:23:02 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll

[2009/06/10 21:23:02 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2009/06/10 21:23:01 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2009/06/10 21:23:01 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2009/06/10 21:23:01 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2009/06/10 21:23:01 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2009/06/10 21:23:01 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2009/06/10 21:23:01 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2009/06/10 21:23:01 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2009/06/10 21:22:15 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2009/06/10 21:18:21 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll

[2009/06/10 21:18:19 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll

2009/06/10 19:27:54 | 00,000,222 | ---- | C -- C:\Users\magda wladca\Desktop\index.phpshowtopic=86306&st=0&p=395642&.url

[2009/06/10 17:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/06/10 17:03:39 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\AppData\Roaming\Uniblue

2009/06/10 16:49:46 | 00,000,238 | ---- | C -- C:\Users\magda wladca\Desktop\How to apply.url

2009/06/10 16:42:49 | 00,000,210 | ---- | C -- C:\Users\magda wladca\Desktop\South Lakeland District Council Housing Associations.url

2009/06/08 19:40:55 | 00,000,242 | ---- | C -- C:\Users\magda wladca\Desktop\Lancaster City Council Directgov - Directories.url

2009/06/08 19:40:46 | 00,000,210 | ---- | C -- C:\Users\magda wladca\Desktop\South Lakeland District Council Mieszkalnictwo.url

2009/06/08 13:38:18 | 00,000,206 | ---- | C -- C:\Users\magda wladca\Desktop\moja córeczka - moje szczęście - Onet.pl Blog.url

[2009/06/02 15:51:58 | 00,000,000 | ---D | C] -- C:\Program Files\Alternative Software Ltd

2009/06/02 14:02:27 | 00,000,243 | ---- | C -- C:\Users\magda wladca\Desktop\Royal Mail – Mailing services for you at home and in business.url

2009/06/01 18:10:09 | 00,000,116 | ---- | C -- C:\Users\magda wladca\Desktop\Alltra - Witamy.url

2009/06/01 18:00:59 | 00,000,212 | ---- | C -- C:\Users\magda wladca\Desktop\Royal Mail, paczka z UK do Polski, potrzebna pomoc - LOBBY__BIUŚCIASTYCH) - Forum dyskusyjne Gazeta.pl.url

2009/05/29 13:45:48 | 00,000,140 | ---- | C -- C:\Users\magda wladca\Desktop\ELEKTRONICZNY BRA-FITTER.url

2009/05/27 23:08:38 | 00,000,198 | ---- | C -- C:\Users\magda wladca\Desktop\eBay Forums cheated on ebay Getting no help ....url

2009/05/27 23:08:15 | 00,000,174 | ---- | C -- C:\Users\magda wladca\Desktop\Internet Crime Complaint Center (IC3) Home.url

[2009/05/27 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\Desktop\Documents\ebay

2009/05/27 17:13:51 | 00,000,162 | ---- | C -- C:\Users\magda wladca\Desktop\CourtServe Legal Information Centre - Lancaster County Court Details.url

2009/05/27 14:57:57 | 00,000,227 | ---- | C -- C:\Users\magda wladca\Desktop\eBay Bid History Tool.url

2009/05/27 14:39:44 | 00,000,246 | ---- | C -- C:\Users\magda wladca\Desktop\eBay Seller History Tool.url

2009/05/22 19:30:33 | 00,000,000 | -H-- | C -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2009/05/22 12:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\Sega

[2009/05/21 17:29:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2009/05/21 17:26:57 | 00,000,000 | ---D | C] -- C:\Windows\pss

[2009/05/21 17:07:42 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2009/05/20 20:48:02 | 00,012,672 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\cpuz132_x32.sys

2009/05/20 20:48:02 | 00,000,861 | ---- | C -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2009/05/20 20:48:01 | 00,000,000 | ---D | C] -- C:\Program Files\CPUID

2009/05/20 09:41:48 | 00,000,258 | RHS- | C -- C:\ProgramData\ntuser.pol

2009/05/19 19:12:54 | 21,470,16704 | -HS- | C -- C:\hiberfil.sys

2009/05/19 18:31:02 | 00,000,200 | ---- | C -- C:\Users\magda wladca\Desktop\Allegro.pl - aukcje internetowe, bezpieczne zakupy.url

2009/05/18 12:53:38 | 00,000,231 | ---- | C -- C:\Users\magda wladca\Desktop\Royal Mail Airmail - Economic international packet delivery.url

2009/05/17 17:31:11 | 00,000,000 | -H-- | C -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009/05/17 17:27:20 | 00,001,994 | ---- | C -- C:\Users\Public\Desktop\Microsoft Mouse.lnk

[2009/05/17 17:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint

2009/05/17 17:25:21 | 00,002,025 | ---- | C -- C:\Users\Public\Desktop\Microsoft Keyboard.lnk

[2009/05/17 17:24:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro

2009/05/17 16:22:44 | 00,008,360 | ---- | C -- C:\Windows\System32\nvdisp.nvu

[2009/05/17 16:15:25 | 00,000,000 | -HSD | C] -- C:\found.002

[2009/05/16 18:36:45 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\AppData\Roaming\ATI

2009/05/16 18:31:01 | 00,000,000 | ---- | C -- C:\Windows\ativpsrm.bin

2009/05/16 18:30:15 | 00,000,527 | ---- | C -- C:\Windows\System32\ATIODE.exe.manifest

2009/05/16 18:30:13 | 00,015,485 | ---- | C -- C:\Windows\atiogl.xml

2009/05/16 18:30:13 | 00,000,529 | ---- | C -- C:\Windows\System32\ATIODCLI.exe.manifest

2009/05/16 14:50:22 | 00,001,090 | ---- | C -- C:\Users\magda wladca\Desktop\index.html

[2009/05/16 14:16:40 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\Desktop\Documents\The Learning Company

2009/05/13 13:27:17 | 00,000,184 | ---- | C -- C:\Users\magda wladca\Desktop\Posłuchaj - RMF FM.url

2009/05/11 18:41:00 | 00,000,197 | ---- | C -- C:\Users\magda wladca\Desktop\The sounds of English and the International Phonetic Alphabet Antimoon.com.url

2009/05/10 17:36:51 | 00,000,811 | ---- | C -- C:\Users\Public\Desktop\IrfanView.lnk

[2009/05/10 17:36:51 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\AppData\Roaming\IrfanView

[2009/05/10 17:36:48 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView

2009/05/10 13:35:16 | 00,026,624 | R--- | C -- C:\Users\Public\Documents\ESBK.mb

2009/05/10 13:35:16 | 00,005,120 | R--- | C -- C:\Users\Public\Documents\ESBK.mbb

[2009/05/10 13:09:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\BWKDLogs

[2009/05/10 13:08:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\color

[2009/05/10 13:06:46 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak

[2009/05/10 13:06:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap

[2009/05/10 13:05:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Kodak

[2009/05/09 13:35:36 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\Desktop\Documents\LifeCam Files

2009/05/09 13:32:37 | 00,002,012 | ---- | C -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk

2009/05/09 13:32:37 | 00,001,990 | ---- | C -- C:\Users\Public\Desktop\Windows Live Call.lnk

[2009/05/09 13:30:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam

[2009/05/09 12:14:30 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\Desktop\Documents\My Scans

2009/05/08 13:43:51 | 00,000,000 | ---- | C -- C:\Windows\System32\drivers\lvuvc.hs

[2009/05/08 13:42:23 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\AppData\Roaming\Leadertech

[2009/05/08 13:36:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Logishrd

[2009/05/08 13:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd

[2009/05/08 13:36:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Logitech

[2009/05/07 19:32:00 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\Desktop\Documents\Ubisoft

[2009/05/07 19:30:23 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll

[2009/05/07 19:30:23 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll

[2009/05/07 19:30:23 | 00,068,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll

[2009/05/07 19:30:23 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll

[2009/05/07 19:30:22 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll

[2009/05/07 19:30:22 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll

[2009/05/07 19:30:21 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll

[2009/05/07 19:30:21 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll

[2009/05/07 19:30:21 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll

[2009/05/07 19:30:20 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll

[2009/05/07 18:44:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Zylom

[2009/05/07 18:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\Zylom Games

[2009/05/07 17:57:34 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\Desktop\Documents\Hitman Blood Money

[2009/05/07 17:57:34 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\Desktop\Documents

[2009/05/07 17:34:55 | 00,000,000 | ---D | C] -- C:\NVIDIA

[2009/05/07 17:26:15 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

[2009/05/05 17:10:22 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\AppData\Roaming\HP

[2009/05/02 22:33:40 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2009/05/02 20:51:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM

[2009/05/02 20:51:08 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2009/05/02 20:51:07 | 01,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll

[2009/05/02 20:51:06 | 00,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll

[2009/05/02 20:51:06 | 00,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll

[2009/05/02 20:51:06 | 00,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll

[2009/05/02 20:51:06 | 00,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll

[2009/05/02 20:51:04 | 01,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll

[2009/05/02 20:51:04 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll

[2009/05/02 20:51:04 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll

[2009/05/02 20:51:04 | 00,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll

[2009/05/02 20:51:04 | 00,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll

[2009/05/02 20:51:02 | 00,159,232 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll

[2009/05/02 20:51:01 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek

[2009/05/02 20:50:56 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp

2009/05/02 18:55:26 | 00,000,202 | ---- | C -- C:\Program Files\UNINSTALL.INF

2009/05/02 18:55:24 | 00,286,208 | ---- | C -- C:\Program Files\binkw32.dll

2009/05/02 18:55:24 | 00,025,196 | ---- | C -- C:\Program Files\object.ini

[2009/05/02 18:55:23 | 00,487,473 | ---- | C] (TerraGlyph Interactive Studios) -- C:\Program Files\scooby.exe

[2009/05/02 18:55:23 | 00,057,344 | ---- | C] (The Learning Company) -- C:\Program Files\UNINSTALL.EXE

[2009/05/02 18:55:23 | 00,021,504 | ---- | C] (The Learning Company) -- C:\Program Files\TLCRUN.EXE

2009/05/02 18:55:23 | 00,000,216 | ---- | C -- C:\Program Files\TLCRUN.INI

2009/05/02 18:55:22 | 00,004,570 | ---- | C -- C:\Program Files\Uninst.isu

[2009/05/01 14:24:16 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\AppData\Roaming\Samsung

2009/05/01 14:23:34 | 00,000,000 | ---- | C -- C:\ProgramData\LauncherAccess.dt

[2009/05/01 14:06:12 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

2009/05/01 14:05:45 | 00,005,632 | ---- | C -- C:\Windows\System32\drivers\StarOpen.sys

[2009/05/01 13:59:42 | 00,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers

2009/05/01 13:57:02 | 00,000,766 | ---- | C -- C:\Windows\System32\Uninstall.ico

[2009/05/01 13:57:02 | 00,000,000 | ---D | C] -- C:\Program Files\Samsung

[2009/04/22 20:04:40 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2009/04/19 14:25:50 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline

[2009/04/19 13:59:23 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare Applications

2009/04/19 13:35:07 | 00,076,407 | ---- | C -- C:\Users\magda wladca\AppData\Roaming\Smiley.ico

[2009/04/19 13:35:03 | 00,000,000 | ---D | C] -- C:\Windows\BEAD140D65134B00AE0FD4A7222F0BF9.TMP

[2009/04/19 13:09:48 | 00,000,000 | ---D | C] -- C:\Users\magda wladca\AppData\Roaming\uTorrent

[2009/04/19 13:03:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

2009/04/17 13:13:54 | 00,000,170 | ---- | C -- C:\Users\magda wladca\Desktop\English Pronouncing Dictionary with Instant Sound Free Online.url

[2009/04/16 16:35:46 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll

[2009/04/16 16:35:44 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll

[2009/04/16 16:35:44 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll

[2009/04/16 16:35:38 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2009/04/16 16:35:38 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2009/04/16 16:35:38 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll

[2009/04/16 16:35:37 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2009/04/16 16:35:37 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll

[2009/04/16 16:35:37 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll

[2009/04/16 16:35:37 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll

[2009/04/16 16:35:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll

[2009/04/16 16:35:37 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2009/04/16 16:35:37 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe

[2009/04/16 16:35:04 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll

[2009/04/16 16:35:04 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll

[2009/04/16 16:35:03 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll

[2009/04/16 16:35:03 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll

[2009/04/16 16:35:03 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll

2009/04/16 14:46:43 | 00,000,132 | ---- | C -- C:\Users\magda wladca\Desktop\IPA Chart.url

2009/04/16 14:39:48 | 00,000,197 | ---- | C -- C:\Users\magda wladca\Desktop\English language, alphabet and pronunciation.url

2009/04/16 14:29:20 | 00,000,125 | ---- | C -- C:\Users\magda wladca\Desktop\ESL - English Grammar.url

2009/04/16 13:55:46 | 00,000,136 | ---- | C -- C:\Users\magda wladca\Desktop\Phoneme chart English vowel and consonant sounds for phonology and language study.url

2009/04/16 13:00:26 | 00,000,288 | ---- | C -- C:\Users\magda wladca\Desktop\Phonemic symbols Teaching English British Council BBC.url

2009/04/15 20:49:10 | 00,000,263 | ---- | C -- C:\Users\magda wladca\Desktop\Examples of Short Vowel Words - Google Search.url

2009/04/15 19:31:12 | 00,000,195 | ---- | C -- C:\Users\magda wladca\Desktop\English Pronunciation Exercises - Long Vowels and Consonants.url

2009/04/15 19:27:02 | 00,000,125 | ---- | C -- C:\Users\magda wladca\Desktop\Phonetic Chart of IPA symbols.url

2009/04/15 19:21:24 | 00,000,193 | ---- | C -- C:\Users\magda wladca\Desktop\English Pronunciation Exercises - U Sounding Vowels.url

2009/04/15 14:04:25 | 00,000,203 | ---- | C -- C:\Users\magda wladca\Desktop\Language Link Corporate Site. English Pronunciation.url

2009/04/15 12:53:28 | 00,000,191 | ---- | C -- C:\Users\magda wladca\Desktop\Alphabet Worksheets and Activities.url

2009/03/22 16:32:14 | 00,000,000 | ---- | C -- C:\Windows\SETUP32.INI

2009/02/27 15:25:21 | 00,000,412 | ---- | C -- C:\Windows\ODBC.INI

2009/02/23 11:42:42 | 00,005,120 | R--- | C -- C:\Windows\TBManage.dll

2009/02/04 06:00:36 | 00,159,744 | ---- | C -- C:\Windows\System32\atitmmxx.dll

2009/02/04 06:00:06 | 00,011,264 | ---- | C -- C:\Windows\System32\atimuixx.dll

2007/05/24 04:06:00 | 00,011,776 | ---- | C -- C:\Windows\System32\MksIdsf.sys

2007/05/22 11:26:20 | 00,007,680 | ---- | C -- C:\Windows\System32\drivers\mksidsv.sys

2006/11/02 13:35:32 | 00,005,632 | ---- | C -- C:\Windows\System32\sysprepMCE.dll

2006/11/02 11:23:31 | 00,000,275 | ---- | C -- C:\Windows\win.ini

2006/11/02 11:23:31 | 00,000,215 | ---- | C -- C:\Windows\system.ini

2006/11/02 08:40:29 | 00,013,750 | ---- | C -- C:\Windows\System32\pacerprf.ini

2006/04/20 00:14:32 | 00,015,498 | ---- | C -- C:\Windows\VX1000.ini

2003/04/08 12:40:22 | 00,005,679 | ---- | C -- C:\Windows\System32\OUTLPERF.INI

2003/02/12 19:20:24 | 00,006,942 | ---- | C -- C:\Windows\cadx2.ini

2001/12/26 17:12:30 | 00,065,536 | ---- | C -- C:\Windows\System32\multiplex_vcd.dll

2001/09/04 00:46:38 | 00,110,592 | ---- | C -- C:\Windows\System32\Hmpg12.dll

2001/07/30 17:33:56 | 00,118,784 | ---- | C -- C:\Windows\System32\HMPV2_ENC.dll

2001/07/23 23:04:36 | 00,118,784 | ---- | C -- C:\Windows\System32\HMPV2_ENC_MMX.dll

2001/01/08 11:09:20 | 00,012,285 | ---- | C -- C:\Windows\Cadx3.ini

-- Dodane 14.06.2009 (N) 12:51 --

http://www.wklej.org/

-- Dodane 14.06.2009 (N) 12:53 --

tutaj dalsza cześć bo całośc nie weszła

http://www.wklej.org/id/105864/

-- Dodane 14.06.2009 (N) 12:56 --

a tutaj jeszcze jeden log extra z otl

http://www.wklej.org/id/105868/


(Leon$) #5

usuń folder C:\found.002

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& ... It!+4.44.5

:slight_smile:


(Magdalenasmektala) #6

CHCIAŁAM USUNĄC TO W NOTATNIKU NORMALNIE PRZEZ ZAZNACZENIE I POTEM USUN ALE JAK ROBIĘ Z POWROTEM LOGI TO JEST ZNOWU, WIEM ŻE TO TEŻ SIĘ KOPIUJE I WKLEJA pod 'custom scans/fixes' ale co potem? atak w ogóle co to jest za plik?


(deFco247) #7

To są tylko pozostałości po bad sectorach. Folder jest ukryty i systemowy, dlatego włącz pokazywanie ukrytych plików systemowych, a potem je normalnie usuń.


(Magdalenasmektala) #8

dzięki ale właśnie sama do tego doszłam i okazało się ze to plik ukryty i jest jeszcze found00 foundo1 found02: zwątpiłam czy je usunąć ale teraz w takim razie je usunę ale wydaje mi się że powinnam to zrobić też przez notatnik z otl


(deFco247) #9

To nie jest konieczne. To nie są żadne wirusy, więc możesz te foldery normalnie potraktować Delete lub Shift+Delete. :wink: