marcos777
-
Postów
135 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez marcos777
-
-
Witam,
w kompie koleżanki z Win Xp HE wirusy nie pozwalały na start systemu. Non-stop na okrągło były restarty, bez możliwości zalogowania i startu systemu.
Proszę o ewentualne skrypty czyszczące po usunięciu infekcji. Aktualnie już jest wszystko OK.
Zacząłem od Hiren`s Boot Live-CD i antywir Clam. Pousuwał kilka vir.
Najpierw ręcznie poczyściłem Temp, Temp. Internet Files, Cookies, następnie użyłem kilka programów antywir + ComboFix, każdy z nich coś pousuwał.
(Okazało się przy okazji, że Remover, MBAM i SpyHunter mojego pochodzenia i wgrane na tego kompa, a użyte do testowania - same w sobie mają wiry ).
Na kompie jest też rezultat działania ComboFix użyty przez kogoś w listopadzie 2009.
Podaję logi (w kolejności powstania):
GMER w trakcie działania restartował kompa i nigdy nie doszedł do końca.
Aktualnie wydaje się, że już jest wszystko OK.
Proszę o instrukcje i końcowe skrypty czyszczące po usunięciu infekcji.
-
Do nnneooo:
OK, spróbuję coś podziałać, ale jak skończy się MEMTEST.
Po nocy - wynik: "18 pass complete, no errors".
------------
Jak chodzi o logowanie - sprawa załatwiona. Pomogło to co poleciłeś od M$:
Thx
Korzystając z Edytora rejestru, można dodać informacje użytkownika związane z logowaniem. Aby to zrobić, wykonaj następujące kroki:Kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie regedit, a następnie kliknij przycisk OK.
Zlokalizuj następujący klucz rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Korzystając ze swojej nazwy konta i hasła, kliknij dwukrotnie wpis DefaultUserName, wpisz swoją nazwę użytkownika, a następnie kliknij przycisk OK.
Kliknij dwukrotnie wpis DefaultPassword, wpisz swoje hasło w polu danych wartości, a następnie kliknij przycisk OK.
Jeżeli wartość DefaultPassword nie istnieje, utwórz tę wartość. Aby to zrobić, wykonaj następujące kroki:
W Edytorze rejestru kliknij menu Edycja, kliknij polecenie Nowy, a następnie kliknij polecenie Wartość ciągu.
Wpisz nazwę wartości DefaultPassword, a następnie naciśnij klawisz ENTER.
Kliknij dwukrotnie nowo utworzony klucz, a następnie wpisz swoje hasło w polu Dane wartości.
Jeżeli nie określono ciągu DefaultPassword, system Windows XP automatycznie zmienia wartość klucza rejestru AutoAdminLogon z 1 (prawda) na 0 (fałsz), aby wyłączyć funkcję logowania automatycznego (AutoAdminLogon).
Kliknij dwukrotnie wpis AutoAdminLogon, wpisz 1 w polu tekstowym Dane wartości, a następnie kliknij przycisk OK.
Jeżeli wpis AutoAdminLogon nie istnieje, utwórz ten wpis. Aby to zrobić, wykonaj następujące kroki:
W Edytorze rejestru kliknij menu Edycja, kliknij polecenie Nowy, a następnie kliknij polecenie Wartość ciągu.
Wpisz nazwę wartości AutoAdminLogon, a następnie naciśnij klawisz ENTER.
Kliknij dwukrotnie nowo utworzony klucz, a następnie wpisz 1 w polu Dane wartości.
Zamknij Edytor rejestru.
Kliknij przycisk Start,kliknij polecenie Zamknij, kliknij przycisk Uruchom ponownie, a następnie kliknij przycisk OK.
Po ponownym uruchomieniu komputera i uruchomieniu systemu Windows XP można logować się automatycznie.
--------
A czy w sprawie STOP - Blue Screen`ów coś można zaradzić?
-------
Zrobiłem jeszcze profilaktyczny scan Spware Doctor - o dziwo znalazł jeszcze i usunął 2 trojany (27 infekcji):
Trojan-Downloader.Murlo i Trojan-Downloader.Bagle
============
Minęło kilka dni. Komp chodzi bez zarzutu. Temat do zamknięcia . Dziękuję wszystkim za pomoc.
-
Dla porządku podaję ostatnie logi:
Komp chyba w końcu czysty, nawet Gmer nie protestował i zeskanował kompa
Proszę jednak o pomoc w kilku innych kwestiach.
1. Czasem wyskaują BSODy:
STOP. Page_fault_In_nonpaged_area.
Przyczyna problemu: ntfs.sys - adres base at B9E01000 , DateStamp 48025be5.
0 x 00000050(0 x A82AEA74, 0 x 00000000, 0 x B9E0365B, 0 x 00000000)
STOP.
0 x 0000008E
(0 x C0000005, 0 x 805C3133, 0 x BA4CF9E0, 0 x 00000000)
2) Logowanie do XP HE.
Jak zrobić by nie wyskaiwało żadne okno logowania i jak naprawić konto administratora?
Próbowałem przez Control userspaswords2, resetowałem hasła, uprawnienia.
Wyskakuje okienko logowania się konta Administratora z komunikatem, że "Nie można się zalogować z powodu ograniczeń konta."
Jak wpiszę nazwę użytkownika "Lucyna", to wchodzę.
Ale nie chcę ani ikonek do klikania, ani okienek do wpisywania użytkowników i haseł.
-
OK Landuss, ale dopiero w poniedziałek jak będę miał dostęp.
A masz jakiś pomysł na zawieszenia się tego kompa?
Bo można przełączać się między aplikacjami (Alt+Tab), ale trzeba bardzo długo czekać na wejście do nich.
Nie zawsze, ale często się to zdarza. Czasem wolę zrobić reset niż czekać na reakcję.
Wcześniej tego nie było.
-
Witam ponownie.
A teraz po kolei logi:
- CF script used:
Rootkit::c:\documents and settings\All Users\My applications\Windows Defender Apps Control.exe
Folder::
C:\Program Files\Temp
c:\documents and settings\All Users\My applications
File::
c:\documents and settings\profilux12.FBUH-DC790BF809\cpuxp.sys
Driver::
cpuxp
- CATCHME LOG:
-------- 2010-06-04 - 08:35:16 --------------------- 2010-06-04 - 08:39:57 -------------
file zipped: C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe -> _Windows Defender Apps Control_.exe.zip -> Windows Defender Apps Control.exe ( 121133 bytes )
PE file "C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe" killed successfully
Z początku wyskakiwały błędy i nie działały skanery MBR (chyba były blokowane przez wirusy?):
- screen1
- screen2
- TDSSKiller nic nie znalazł.
- SnapShot@2010-06-04 - wkleic? Bo długi i może nudny
- ComboFix - Quarantantined Files:
2010-06-04 06:43:03 . 2010-06-04 06:43:03 40,575 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip2010-06-04 06:42:27 . 2010-06-04 06:42:27 2,856 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpuxp.reg.dat
2010-06-04 06:42:27 . 2010-06-04 06:42:27 1,234 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CPUXP.reg.dat
2010-06-04 06:42:22 . 2010-06-04 06:42:22 4,934 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-06-04 06:40:49 . 2010-06-04 06:40:49 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-06-04 06:35:16 . 2010-06-04 06:43:04 418 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-02 19:03:48 . 2010-06-02 19:03:48 5,918,720 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Temp\temporary2.exe.vir
2010-06-02 19:03:47 . 2010-06-02 19:03:47 121,133 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir
2010-06-02 12:36:27 . 2010-06-04 06:43:04 121,133 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe.vir
- FixMebroot v1.0.1
FixMebroot could not open its device driver!- Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfullyuser: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Spróbowałem OTL w trybie awaryjnym:
A oto log z Kaspersky Virus Removal Tools:
Autoscan: completed 14764 days ago (events: 17, objects: 217860, time: 01:14:33)2010-06-04 11:19:29 Task started
2010-06-04 11:41:00 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe/data0000.res
2010-06-04 11:41:00 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe/data0000.res
2010-06-04 11:41:00 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir/data0000.res
2010-06-04 11:41:21 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe/data0001.res
2010-06-04 11:41:22 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe/data0002.res
2010-06-04 11:41:26 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe/data0001.res
2010-06-04 11:41:28 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe/data0002.res
2010-06-04 11:41:28 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir/data0001.res
2010-06-04 11:41:30 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir/data0002.res
2010-06-04 11:43:17 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir/#
2010-06-04 11:43:17 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe/#
2010-06-04 11:43:17 Deleted: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir
2010-06-04 11:43:17 Deleted: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe
2010-06-04 11:43:17 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe/#
2010-06-04 11:43:18 Deleted: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe
2010-06-04 12:34:02 Task completed
Od razu pytanie: czy jest możliwe tego syfa złapać nie grając w Tibię?
DrWeb, MBAM nic nie znalazł.
KasperskyVirusRemovalTools znalazł i pousuwał:
Results of system analysis Kaspersky Virus Removal Tools:
Log FixMebroot v1.0.1
FixMebroot has finished scanning your MBR.
It contains no Mebroot infection.
MBR.exe log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.netdevice: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:31 on 04/06/2010 (profilux12) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=
------- 2010-06-04 - 08:35:16 ------------- -------- 2010-06-04 - 08:39:57 ------------- file zipped: C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe -> _Windows Defender Apps Control_.exe.zip -> Windows Defender Apps Control.exe ( 121133 bytes ) PE file "C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe" killed successfully
-------- 2010-06-04 - 18:06:52 -------------
2010-06-04 06:43:03 . 2010-06-04 09:43:18 22 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip
2010-06-04 06:42:27 . 2010-06-04 06:42:27 2,856 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpuxp.reg.dat
2010-06-04 06:42:27 . 2010-06-04 06:42:27 1,234 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CPUXP.reg.dat
2010-06-04 06:42:22 . 2010-06-04 16:09:21 4,934 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-06-04 06:40:49 . 2010-06-04 06:40:49 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-06-04 06:35:16 . 2010-06-04 16:06:52 469 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-02 19:03:48 . 2010-06-02 19:03:48 5,918,720 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Temp\temporary2.exe.vir
2010-06-02 12:36:27 . 2010-06-04 06:43:04 121,133 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe.vir
Ostatni ComboFix log::ComboFix
GMER nie ukończył ani razu skanowania. Wieszał się XP i klepsydra non-stop.
Zamieszczę więc skróconą wersję loga, bez opcji szukaj.
GMER 1.0.15.15281 - http://www.gmer.netRootkit quick scan 2010-06-04 18:18:51
Windows 5.1.2600 Dodatek Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\PROFIL~1.FBU\USTAWI~1\Temp\kwlyifob.sys
---- System - GMER 1.0.15 ----
Code \??\C:\DOCUME~1\PROFIL~1.FBU\USTAWI~1\Temp\catchme.sys pIofCallDriver
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice eamon.sys (Amon monitor/ESET)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
---- EOF - GMER 1.0.15 ----
Komp normalnie się otwiera, ale bardzo często się zawiesza.
Proszę o instrukcje jak sfinalizować sanację.
-
OK Picasso.
Ale niestety dopiero jutro.
I dziękuję za wyrozumiałość w sprawie CF
Picasso:
Log z MBR.EXE jest niejasnyMoże jeszcze to w czymś pomoże. Mianowicie po skanowaniach CF zastosowałem Clean w OTL.
Pozostał folder C:\xxxCFixxx (pod taką nazwą zapisałem CF jak ściągałem z sieci).
W nim były 3 pliki. Podałem w poście zawartość MBR.TXT.
Załączam teraz pozostałe, może da Ci się je podglądnąć.
Próbuję, ale wyskakuje
Błąd! Nie masz uprawnień by wgrywać ten rodzaj pliku.Te 2 pliki to: mbr.cfxxe i CF8710.cfxxe.
Waga: 75 i 375 kB.
Hostuję na Sendspace:
edytowane
-
OK Landuss.
Dziwna sprawa z tymi aktywnymi emulatorami napędów wirtualnych, bo to komp co miał minimum rzeczy poinstalowane i nikt na nim specjalnie ich nie instalował. Chyba.
Sprawdzę oczywiście, ale dopiero w piątek, jak będę miał dostęp do zainfekowanego kompa.
Jeszcze jedna informacja, robactwa mogło być więcej, ale logi ich nie pokazują, bo przed skanowaniami i reinstalką - jak miałem dostęp do kompa tylko przez CD-Live DrWeb ,
czyściłem ręcznie Tempy, Temp.Int.Files, Recykled, Cookies.
W C:\Program Files\Temp\... były 2 pliki (o takiej lub podobnej nazwie) "TEMPORARY1.EXE" z wirusami. Usunąłem je również.
Czy jest możliwe stwierdzenie - w przybliżeniu chociaż, źródła / sposobu zarażenia?
-
Ponieważ pogodziłem się już z ewentualną reinstalką, użyłem - mimo wszystko, wbrew zaleceniom - wybacz Picasso - ComboFix.
Parę razy nie zaskoczył, tzn. zaczynał się ładować pasek, okienko znikalo i nic.
W końcu na nowo go ściągnąłem, ale zapisałem pod zmienioną nazwą. Odpalił i sytuacja się poprawiła.
Oto log ComboFix:
ComboFix 10-06-01.05 - profilux12 2010-06-02 17:19:32.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2038.1793 [GMT 2:00]
Uruchomiony z: c:\documents and settings\profilux12.FBUH-DC790BF809\Pulpit\xxxxCFixxxx.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\profilux12.FBUH-DC790BF809\cpuxp.sys
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CPUXP
-------\Service_cpuxp
((((((((((((((((((((((((( Pliki utworzone od 2010-05-02 do 2010-06-02 )))))))))))))))))))))))))))))))
.
2010-06-02 15:12 . 2010-06-02 15:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-02 14:44 . 2010-06-02 14:44 -------- d-----w- c:\program files\Damian Pasternak
2010-06-02 14:17 . 2010-06-02 14:17 23408 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-06-02 14:17 . 2010-06-02 14:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET
2010-06-02 14:15 . 2010-06-02 14:15 -------- d-sh--w- c:\documents and settings\profilux12.FBUH-DC790BF809\IECompatCache
2010-06-02 14:13 . 2010-06-02 14:13 -------- d-sh--w- c:\documents and settings\profilux12.FBUH-DC790BF809\PrivacIE
2010-06-02 14:11 . 2010-06-02 14:11 -------- d-----w- c:\program files\CCleaner
2010-06-02 14:10 . 2010-06-02 14:10 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Threat Expert
2010-06-02 14:09 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-02 14:09 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-02 14:09 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-06-02 14:09 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-02 14:09 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-06-02 14:09 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-06-02 13:57 . 2009-10-30 09:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-02 13:57 . 2009-11-09 09:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-02 13:57 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-02 13:57 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-02 13:57 . 2010-06-02 14:09 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-02 13:57 . 2010-06-02 15:10 -------- d-----w- c:\program files\Spyware Doctor
2010-06-02 13:57 . 2010-06-02 13:57 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\PC Tools
2010-06-02 13:57 . 2010-06-02 13:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Tools
2010-06-02 13:38 . 2010-06-02 15:22 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-06-02 13:06 . 2010-06-02 13:06 -------- d-sh--w- c:\documents and settings\profilux12.FBUH-DC790BF809\IETldCache
2010-06-02 13:02 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-02 13:02 . 2010-02-25 09:49 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-02 13:02 . 2010-02-25 06:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-02 13:02 . 2010-02-25 06:19 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-02 13:02 . 2010-02-25 06:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-02 13:02 . 2010-02-25 06:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-02 13:02 . 2010-02-25 06:19 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-02 12:58 . 2010-06-02 12:58 -------- d-----w- c:\documents and settings\Marek\Dane aplikacji\GHISLER
2010-06-02 12:44 . 2010-06-02 12:44 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\GHISLER
2010-06-02 12:40 . 2010-06-02 12:40 503808 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6379155f-n\msvcp71.dll
2010-06-02 12:40 . 2010-06-02 12:40 499712 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6379155f-n\jmc.dll
2010-06-02 12:40 . 2010-06-02 12:40 348160 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6379155f-n\msvcr71.dll
2010-06-02 12:40 . 2010-06-02 12:40 61440 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24455117-n\decora-sse.dll
2010-06-02 12:40 . 2010-06-02 12:40 12800 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24455117-n\decora-d3d.dll
2010-06-02 12:38 . 2010-06-02 12:57 -------- d-----w- C:\totalcmd
2010-06-02 12:38 . 2010-06-02 12:38 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\GHISLER
2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-06-02 12:38 . 2008-06-14 17:36 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-02 12:37 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-02 12:36 . 2010-06-02 12:36 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Malwarebytes
2010-06-02 12:36 . 2010-06-02 12:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-06-02 12:36 . 2010-06-02 12:36 -------- d-----w- c:\documents and settings\All Users\My applications
2010-06-02 12:36 . 2010-06-02 13:44 -------- d-----w- c:\program files\Temp
2010-06-02 12:22 . 2010-06-02 12:22 -------- d-----w- c:\documents and settings\Marek\Ustawienia lokalne\Dane aplikacji\Google
2010-06-02 12:11 . 2010-06-02 12:11 -------- d-s---w- c:\documents and settings\profilux12.FBUH-DC790BF809\UserData
2010-06-02 12:09 . 2010-06-02 12:09 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Google
2010-06-02 12:07 . 2010-06-02 12:07 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Ahead
2010-06-02 11:51 . 2008-04-15 12:00 7168 -c--a-w- c:\windows\system32\dllcache\kbdibm02.dll
2010-06-02 11:41 . 2008-04-15 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-06-02 11:41 . 2008-04-15 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-06-02 11:41 . 2008-04-15 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-06-02 11:41 . 2008-04-15 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-06-01 09:59 . 2010-06-02 15:19 -------- d--h--r- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji
2010-06-01 09:36 . 2010-06-01 09:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-28 06:35 . 2010-05-28 06:35 -------- d-sh--w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT
2010-05-25 06:31 . 2010-05-25 06:31 503808 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54afdc7f-n\msvcp71.dll
2010-05-25 06:31 . 2010-05-25 06:31 499712 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54afdc7f-n\jmc.dll
2010-05-25 06:31 . 2010-05-25 06:31 348160 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54afdc7f-n\msvcr71.dll
2010-05-25 06:31 . 2010-05-25 06:31 61440 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-744bfe73-n\decora-sse.dll
2010-05-25 06:31 . 2010-05-25 06:31 12800 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-744bfe73-n\decora-d3d.dll
2010-05-24 07:52 . 2010-05-24 07:52 -------- d-----w- c:\documents and settings\profilux12\Dane aplikacji\Lexmark Productivity Studio
2010-05-13 12:13 . 2010-05-13 12:13 -------- d-----w- c:\documents and settings\profilux12\Ustawienia lokalne\Dane aplikacji\ESET
2010-05-13 12:13 . 2010-05-13 12:13 -------- d-----w- c:\documents and settings\profilux12\Dane aplikacji\ESET
2010-05-13 12:11 . 2010-05-13 12:11 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
2010-05-13 12:10 . 2010-06-02 14:17 -------- d-----w- c:\program files\ESET
2010-05-13 11:38 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-11 13:17 . 2010-05-11 13:17 -------- d-sh--w- c:\documents and settings\profilux12\IECompatCache
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 15:24 . 2008-04-15 12:00 83880 ----a-w- c:\windows\system32\perfc015.dat
2010-06-02 15:24 . 2008-04-15 12:00 490628 ----a-w- c:\windows\system32\perfh015.dat
2010-06-02 11:49 . 2010-04-07 14:52 23016 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-24 07:11 . 2010-04-10 12:33 1 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-13 11:38 . 2010-04-10 12:31 -------- d-----w- c:\program files\Java
2010-05-12 07:48 . 2010-04-21 07:59 -------- d-----w- c:\program files\Microsoft Works
2010-05-11 13:21 . 2010-04-10 10:53 23408 ----a-w- c:\documents and settings\profilux12\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-04-12 07:02 . 2010-04-07 14:54 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-10 14:32 . 2010-04-10 14:32 -------- d-----w- c:\program files\MSBuild
2010-04-10 14:32 . 2010-04-10 14:32 -------- d-----w- c:\program files\Reference Assemblies
2010-04-10 14:22 . 2010-04-10 14:22 -------- d-----w- c:\program files\Common Files\Java
2010-04-10 14:21 . 2010-04-10 14:19 -------- d-----w- c:\program files\Google
2010-04-10 14:19 . 2010-04-10 14:19 503808 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45f062c6-n\msvcp71.dll
2010-04-10 14:19 . 2010-04-10 14:19 499712 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45f062c6-n\jmc.dll
2010-04-10 14:19 . 2010-04-10 14:19 348160 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45f062c6-n\msvcr71.dll
2010-04-10 14:19 . 2010-04-10 14:19 61440 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ffcabd4-n\decora-sse.dll
2010-04-10 14:19 . 2010-04-10 14:19 12800 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ffcabd4-n\decora-d3d.dll
2010-04-10 12:32 . 2010-04-10 12:32 -------- d-----w- c:\documents and settings\profilux12\Dane aplikacji\OpenOffice.org
2010-04-10 12:31 . 2010-04-10 12:31 -------- d-----w- c:\program files\JRE
2010-04-10 12:31 . 2010-04-10 12:31 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-10 11:12 . 2010-04-10 11:12 -------- d-----w- c:\program files\MSXML 4.0
2010-04-10 10:53 . 2010-04-10 10:51 -------- d-----w- c:\program files\Lexmark 9500 Series
2010-04-07 19:08 . 2010-04-07 19:08 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-04-07 19:08 . 2010-04-07 19:08 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-04-07 15:14 . 2010-04-07 15:14 -------- d-----w- c:\documents and settings\profilux12\Dane aplikacji\Nero
2010-04-07 15:13 . 2010-04-07 15:11 -------- d-----w- c:\program files\Common Files\Nero
2010-04-07 15:11 . 2010-04-07 15:11 -------- d-----w- c:\program files\Nero
2010-04-07 15:11 . 2010-04-07 15:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2010-04-07 15:05 . 2010-04-07 15:03 -------- d-----w- c:\program files\Realtek
2010-04-07 15:05 . 2010-04-07 15:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-07 15:03 . 2010-04-07 15:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-07 15:00 . 2010-04-07 15:00 -------- d-----w- c:\program files\Intel
2010-04-07 14:55 . 2010-04-07 14:55 -------- d-----w- c:\program files\microsoft frontpage
2010-04-07 14:53 . 2010-04-07 14:53 -------- d-----w- c:\program files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\profilux12\Menu Start\Programy\Autostart\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\documents and settings\All Users\My applications\
Windows Defender Apps Control.exe [2010-6-2 121133]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-8-6 53317]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdocoms.exe"=
"c:\\Program Files\\Lexmark 9500 Series\\lxdomon.exe"=
"c:\\WINDOWS\\system32\\lxdocfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdotime.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-06-02 207792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-04-07 95872]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-06-02 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --&--#62; c:\windows\system32\lxdocoms.exe -service [?]
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdoserv.exe [2010-04-10 94208]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-06-02 359624]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-04-07 1684736]
--- Inne Usługi/Sterowniki w Pamięci ---
*Deregistered* - PCTSDInjDriver32
.
Zawartość folderu 'Zaplanowane zadania'
2010-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 14:21]
2010-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 14:21]
2010-06-02 c:\windows\Tasks\User_Feed_Synchronization-{70C31738-BABA-4CEF-B994-B12B96B38986}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Skan uzupełniający -------
.
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 17:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay\Applications]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]
@DACL=(02 0000)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - &--#62; 'explorer.exe'(3416)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdocoms.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\All Users\My applications\Windows Defender Apps Control.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Spyware Doctor\pctsSvc.exe
.
**************************************************************************
.
Czas ukończenia: 2010-06-02 17:27:29 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-06-02 15:27
Przed: 75 502 866 432 bajtów wolnych
Po: 75 424 960 512 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - EFF85A31566FC0E2541FBA959CBF62DE
Powstał też dodatkowy log MBR.TXT, wskazujący na rootkita w MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.netdevice: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -&--#62; CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -&--#62; ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -&--#62; atapi.sys @ 0xb9f16852
IoDeviceObjectType -&--#62; DeleteProcedure -&--#62; ntkrnlpa.exe @ 0x805836a8
ParseProcedure -&--#62; ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -&--#62; DeleteProcedure -&--#62; ntkrnlpa.exe @ 0x805836a8
ParseProcedure -&--#62; ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek PCIe FE Family Controller -&--#62; SendCompleteHandler -&--#62; NDIS.sys @ 0xb9de9bb0
PacketIndicateHandler -&--#62; NDIS.sys @ 0xb9df6a21
SendHandler -&--#62; NDIS.sys @ 0xb9dd487b
user & kernel MBR OK
Aktualnie:
DrWeb, A-Squared, MBAMalware, Spyware Doctor, SpyRemover w szybkim skanowaniu nic nie znalazły.
Zainstalowałem nowego Eseta, bo w starym nie można było odblokować zapory.
Na noc zapuściłem pełne skanowanie DrWeb.
Proszę o info, jakimi skryptami skończyć tą walkę.
---
I jeszcze jedno - podczas poprawiania i zapisywania tego wątku na forum wyskakuje
(ale to inny komp, na którym piszę ten post):
Skrypt na tej stronie może być zajęty lub przestał odpowiadać.Można przerwać ten skrypt teraz lub kontynuować, by sprawdzić, czy jego wykonywanie się zakończy.
Skrypt: http://www.fixitpc.p...prettify.js:47.
Przerwij ten skrypt / Kontynuuj.
To wina kompa?
-
Witam,
kilka dni temu przy starcie WinXP Home zaczęło nagle pojawiać się okno logowania z hasłem. I nie przyjmowało żadnych możliwych haseł.
2 programy do resetowania haseł (ActivePasswordChanger i SpotmanPowerSuite) też nie pomagały.
Tzn. resetowały hasła i już wydawało się, że będzie OK, system się ładował, ekran przeskakiwał na inną stronę,
"Trwa ładowanie ustawień osobistych", zapisywał ustawienia, ale potem znów wyskakiwało okno logowania z hasłem.
Przy użytkowniku Administrator pojawiał się komunikat: "Nie można się zalogować z powodu ograniczeń konta".
DrWeb CD-Live nie był w stanie przeskanować dysku. Załadował moduły i stop.
W końcu zrobiłem reinstalkę nakładkową przez 2.R i udało się. Hasła znikły.
Okazało się, że Eset Smart Security był już rozbrojony, bez możliwości pracy.
Zapora systemowa również.
Żadne anty-spyware się nie uruchamiały, próby ściągnięcia czegoś anty były przerywane.
Czyściłem Tempy, Temp.Int.Files, Recycle, cookies. ATF-Cleaner, CCleaner, WWDC, przywracanie systemu.
W Windows\Temp\ były 2 pliki (o takiej lub podobnej nazwie) "temporary1.exe" z wirusami. Usunąłem je ręcznie.
W końcu GMER zaczynał pracować, wskazywał na czerwono działanie rotkita i nagle stopował i reset kompa.
I tak kilka razy. Na czerwono było coś z Windows ... Defender. A zapora systemowa i w Esecie była zablokowana.
Log OTL.Extras:
OTL Extras logfile created on: 2010-06-02 16:29:44 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = c:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 70,32 Gb Free Space | 90,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3,73 Gb Total Space | 2,84 Gb Free Space | 76,25% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FBUH-DC790BF809
Current User Name: profilux12
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\&--#60;extension&--#62;]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\&--#60;key&--#62;\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdocoms.exe" = C:\WINDOWS\system32\lxdocoms.exe:*:Enabled:9500 Series Server -- ( )
"C:\Program Files\Lexmark 9500 Series\lxdomon.exe" = C:\Program Files\Lexmark 9500 Series\lxdomon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\lxdocfg.exe" = C:\WINDOWS\system32\lxdocfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdopswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdopswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdotime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdotime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{8BD6DD52-2F49-4E35-B678-71E1E7D286DB}" = ESET NOD32 Antivirus
"{9168BFE2-8888-11D3-AF63-00C04F443448}" = Microsoft Works 2000
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91045}" = Nero 8 Essentials
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D3D146-67BC-43D0-9015-2E7BAC2E032B}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"CWK" = CWK (Czasowy Wyłącznik Komputera)
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Lexmark 9500 Series" = Lexmark 9500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SpyRemover_is1" = SpyRemover 2.72
"Spyware Doctor" = Spyware Doctor 7.0
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format Runtime
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2010-05-06 05:04:21 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł
powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00036d7a.
Error - 2010-05-13 07:28:14 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł
powodujący błąd flash6.ocx, wersja 6.0.88.0, adres błędu 0x000503b3.
Error - 2010-05-17 02:58:25 | Computer Name = FBUH-DC790BF809 | Source = Windows Product Activation | ID = 1000
Description = Wystąpił błąd podczas sprawdzania przez kreatora licencji bieżącego
produktu Windows. Kod błędu: 4 0x8009001d
Error - 2010-06-02 08:07:59 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd egui.exe, wersja 4.2.40.10, moduł powodujący
błąd egui.exe, wersja 4.2.40.10, adres błędu 0x000537cd.
Error - 2010-06-02 08:10:18 | Computer Name = FBUH-DC790BF809 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.5512, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-06-02 08:35:33 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd egui.exe, wersja 4.2.40.10, moduł powodujący
błąd egui.exe, wersja 4.2.40.10, adres błędu 0x000537cd.
[ Application Events ]
Error - 2010-05-06 05:04:21 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł
powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00036d7a.
Error - 2010-05-13 07:28:14 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł
powodujący błąd flash6.ocx, wersja 6.0.88.0, adres błędu 0x000503b3.
Error - 2010-05-17 02:58:25 | Computer Name = FBUH-DC790BF809 | Source = Windows Product Activation | ID = 1000
Description = Wystąpił błąd podczas sprawdzania przez kreatora licencji bieżącego
produktu Windows. Kod błędu: 4 0x8009001d
Error - 2010-06-02 08:07:59 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd egui.exe, wersja 4.2.40.10, moduł powodujący
błąd egui.exe, wersja 4.2.40.10, adres błędu 0x000537cd.
Error - 2010-06-02 08:10:18 | Computer Name = FBUH-DC790BF809 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.5512, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-06-02 08:35:33 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd egui.exe, wersja 4.2.40.10, moduł powodujący
błąd egui.exe, wersja 4.2.40.10, adres błędu 0x000537cd.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
&--#60; End of report &--#62;
Log OTL.TXT:
OTL logfile created on: 2010-06-02 16:29:44 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = c:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 70,32 Gb Free Space | 90,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3,73 Gb Total Space | 2,84 Gb Free Space | 76,25% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FBUH-DC790BF809
Current User Name: profilux12
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-06-02 16:22:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS\OTL.exe
PRC - [2010-04-10 16:21:04 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010-04-07 21:07:04 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010-03-29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010-01-22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009-11-25 12:30:00 | 002,983,376 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2009-11-18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009-11-06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009-10-30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009-09-24 07:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2008-06-24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-20 16:05:06 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdocoms.exe
PRC - [2007-09-06 16:38:58 | 000,450,560 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\lxdomon.exe
PRC - [2007-08-10 02:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\lxdoamon.exe
PRC - [2007-07-17 08:26:04 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdoserv.exe
PRC - [1999-08-06 09:53:00 | 000,053,317 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
========== Modules (SafeList) ==========
MOD - [2010-06-02 16:22:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS\OTL.exe
MOD - [2010-04-07 21:12:42 | 000,011,952 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
MOD - [2009-10-30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009-09-09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010-04-07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EHttpSrv)
SRV - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010-03-29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010-01-22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009-11-06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009-10-30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2007-09-20 16:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdocoms.exe -- (lxdo_device)
SRV - [2007-07-17 08:26:04 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (cpuxp)
DRV - [2010-04-07 21:08:08 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010-04-07 21:08:08 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010-04-07 21:08:06 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010-04-07 21:08:04 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010-04-07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010-04-07 21:03:44 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010-03-29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009-11-09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009-05-23 01:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-04-24 21:22:16 | 000,141,568 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008-08-05 22:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-20 02:45:50 | 005,955,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006-01-04 17:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-1390067357-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-06-02 16:17:08 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-515967899-1390067357-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-515967899-1390067357-682003330-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [lxdoamon] C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ()
O4 - HKLM..\Run: [lxdomon.exe] C:\Program Files\Lexmark 9500 Series\lxdomon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKU\S-1-5-21-515967899-1390067357-682003330-1004..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-515967899-1390067357-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-20..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1390067357-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 - No CLSID value found
O18 - Protocol\Handler\http\oledb - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-07 16:55:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-03-04 12:28:28 | 000,000,000 | RHSD | M] - F:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2010-03-04 18:44:16 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-06-02 16:17:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010-06-02 16:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-06-02 16:15:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\IECompatCache
[2010-06-02 16:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Macromedia
[2010-06-02 16:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Adobe
[2010-06-02 16:13:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\PrivacIE
[2010-06-02 16:12:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Recent
[2010-06-02 16:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-06-02 16:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Threat Expert
[2010-06-02 16:09:03 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010-06-02 16:09:03 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010-06-02 16:09:03 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010-06-02 16:09:03 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010-06-02 15:57:58 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010-06-02 15:57:46 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010-06-02 15:57:46 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010-06-02 15:57:36 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010-06-02 15:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010-06-02 15:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010-06-02 15:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\PC Tools
[2010-06-02 15:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools
[2010-06-02 15:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-06-02 15:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpyRemover
[2010-06-02 15:31:29 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-06-02 15:06:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\IETldCache
[2010-06-02 15:02:26 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010-06-02 15:02:26 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010-06-02 15:02:26 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010-06-02 15:02:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010-06-02 14:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\GHISLER
[2010-06-02 14:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun
[2010-06-02 14:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS
[2010-06-02 14:38:59 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010-06-02 14:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\GHISLER
[2010-06-02 14:38:02 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010-06-02 14:37:39 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010-06-02 14:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Malwarebytes
[2010-06-02 14:36:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-06-02 14:36:39 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-06-02 14:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-06-02 14:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-06-02 14:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\My applications
[2010-06-02 14:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Temp
[2010-06-02 14:29:37 | 002,191,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010-06-02 14:29:34 | 002,147,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010-06-02 14:29:34 | 002,025,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010-06-02 14:11:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\UserData
[2010-06-02 14:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Google
[2010-06-02 14:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Google
[2010-06-02 14:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Ahead
[2010-06-02 14:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Identities
[2010-06-02 14:06:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Moje dokumenty\Moje obrazy
[2010-06-02 14:06:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Moje dokumenty\Moja muzyka
[2010-06-02 14:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010-06-02 13:52:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010-06-02 13:52:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010-06-02 13:52:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010-06-02 13:52:38 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010-06-02 13:52:37 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010-06-02 13:52:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010-06-02 13:52:36 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010-06-02 13:52:36 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010-06-02 13:52:36 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010-06-02 13:52:35 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010-06-02 13:52:35 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010-06-02 13:52:33 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010-06-02 13:52:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010-06-02 13:52:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010-06-02 13:52:32 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010-06-02 13:52:32 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010-06-02 13:52:32 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010-06-02 13:52:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010-06-02 13:52:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010-06-02 13:52:31 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010-06-02 13:52:31 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010-06-02 13:52:31 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010-06-02 13:52:29 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010-06-02 13:52:28 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010-06-02 13:52:27 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010-06-02 13:52:27 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010-06-02 13:52:27 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010-06-02 13:52:27 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010-06-02 13:52:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010-06-02 13:52:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010-06-02 13:52:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010-06-02 13:52:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010-06-02 13:52:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010-06-02 13:52:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010-06-02 13:52:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010-06-02 13:52:26 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010-06-02 13:52:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010-06-02 13:52:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010-06-02 13:52:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010-06-02 13:52:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010-06-02 13:52:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010-06-02 13:52:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010-06-02 13:52:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010-06-02 13:52:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010-06-02 13:52:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010-06-02 13:52:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010-06-02 13:52:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010-06-02 13:52:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010-06-02 13:52:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010-06-02 13:52:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010-06-02 13:52:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010-06-02 13:52:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010-06-02 13:52:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010-06-02 13:52:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010-06-02 13:52:23 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010-06-02 13:52:22 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010-06-02 13:52:22 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010-06-02 13:52:22 | 000,029,184 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010-06-02 13:52:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010-06-02 13:52:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010-06-02 13:52:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010-06-02 13:52:21 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010-06-02 13:52:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010-06-02 13:52:20 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010-06-02 13:52:20 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010-06-02 13:52:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010-06-02 13:52:18 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010-06-02 13:52:18 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010-06-02 13:52:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010-06-02 13:52:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010-06-02 13:52:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010-06-02 13:52:17 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010-06-02 13:52:17 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010-06-02 13:52:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010-06-02 13:52:17 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010-06-02 13:52:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010-06-02 13:52:16 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010-06-02 13:52:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010-06-02 13:52:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010-06-02 13:52:12 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010-06-02 13:52:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010-06-02 13:52:09 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010-06-02 13:52:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010-06-02 13:52:04 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010-06-02 13:52:04 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010-06-02 13:52:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010-06-02 13:52:03 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010-06-02 13:52:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010-06-02 13:52:02 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010-06-02 13:52:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010-06-02 13:52:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010-06-02 13:52:00 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010-06-02 13:52:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010-06-02 13:52:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010-06-02 13:52:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010-06-02 13:52:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010-06-02 13:51:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010-06-02 13:51:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010-06-02 13:51:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010-06-02 13:51:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010-06-02 13:51:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010-06-02 13:51:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010-06-02 13:51:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010-06-02 13:51:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010-06-02 13:51:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010-06-02 13:51:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010-06-02 13:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010-06-02 13:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010-06-02 13:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010-06-02 13:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010-06-02 13:51:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010-06-02 13:51:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010-06-02 13:51:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010-06-02 13:51:56 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010-06-02 13:51:56 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010-06-02 13:51:56 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010-06-02 13:51:56 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010-06-02 13:51:56 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010-06-02 13:51:56 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010-06-02 13:51:55 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010-06-02 13:51:55 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010-06-02 13:51:55 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010-06-02 13:51:55 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010-06-02 13:51:55 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010-06-02 13:51:55 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010-06-02 13:51:55 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010-06-02 13:51:55 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010-06-02 13:51:55 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010-06-02 13:51:55 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010-06-02 13:51:54 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010-06-02 13:51:54 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010-06-02 13:51:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010-06-02 13:51:54 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010-06-02 13:51:54 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010-06-02 13:51:54 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010-06-02 13:51:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010-06-02 13:51:51 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010-06-02 13:51:46 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010-06-02 13:51:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010-06-02 13:51:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010-06-02 13:51:44 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010-06-02 13:51:44 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010-06-02 13:51:44 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010-06-02 13:51:44 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010-06-02 13:51:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010-06-02 13:51:44 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010-06-02 13:51:44 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010-06-02 13:51:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010-06-02 13:51:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010-06-02 13:51:43 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010-06-02 13:51:43 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010-06-02 13:51:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010-06-02 13:51:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010-06-02 13:51:43 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010-06-02 13:51:43 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010-06-02 13:51:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010-06-02 13:51:43 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010-06-02 13:51:43 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010-06-02 13:51:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010-06-02 13:51:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010-06-02 13:51:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010-06-02 13:51:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010-06-02 13:51:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010-06-02 13:51:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010-06-02 13:51:42 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010-06-02 13:51:42 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010-06-02 13:51:42 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010-06-02 13:51:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010-06-02 13:51:41 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010-06-02 13:51:41 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010-06-02 13:51:41 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010-06-02 13:51:41 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010-06-02 13:51:41 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010-06-02 13:51:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010-06-02 13:51:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010-06-02 13:51:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010-06-02 13:51:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010-06-02 13:51:32 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010-06-02 13:51:31 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010-06-02 13:51:31 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010-06-02 13:51:31 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010-06-02 13:51:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010-06-02 13:51:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010-06-02 13:51:30 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010-06-02 13:51:30 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010-06-02 13:51:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010-06-02 13:51:30 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010-06-02 13:51:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010-06-02 13:51:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010-06-02 13:51:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010-06-02 13:51:29 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010-06-02 13:51:29 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010-06-02 13:51:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010-06-02 13:51:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010-06-02 13:51:23 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010-06-02 13:51:22 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010-06-02 13:51:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010-06-02 13:51:17 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010-06-02 13:51:17 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010-06-02 13:51:17 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010-06-02 13:51:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010-06-02 13:51:13 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010-06-02 13:51:13 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010-06-02 13:51:13 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010-06-02 13:51:12 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010-06-02 13:51:12 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010-06-02 13:51:12 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010-06-02 13:51:12 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010-06-02 13:51:12 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010-06-02 13:51:12 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010-06-02 13:51:12 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010-06-02 13:51:12 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010-06-02 13:51:12 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010-06-02 13:51:12 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010-06-02 13:51:12 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010-06-02 13:51:12 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010-06-02 13:51:12 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010-06-02 13:51:11 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010-06-02 13:51:11 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010-06-02 13:51:11 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010-06-02 13:51:11 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010-06-02 13:51:08 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010-06-02 13:41:15 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010-06-02 13:41:15 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010-06-02 13:41:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010-06-02 13:41:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010-06-01 13:36:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe.bak
[2010-06-01 11:59:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Microsoft
[2010-06-01 11:59:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji
[2010-06-01 11:59:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Moje dokumenty
[2010-06-01 11:59:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Menu Start
[2010-06-01 11:59:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Cookies
[2010-06-01 11:59:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\NetHood
[2010-06-01 11:59:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\SendTo
[2010-06-01 11:59:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ulubione
[2010-06-01 11:59:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne
[2010-06-01 11:59:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Szablony
[2010-06-01 11:59:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\PrintHood
[2010-06-01 11:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit
[2010-06-01 11:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-05-13 14:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
[2010-05-13 14:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-05-13 13:38:58 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-05-13 13:22:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010-04-10 12:51:42 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdoserv.dll
[2010-04-10 12:51:42 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdousb1.dll
[2010-04-10 12:51:42 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdocomc.dll
[2010-04-10 12:51:42 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdohbn3.dll
[2010-04-10 12:51:42 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdopmui.dll
[2010-04-10 12:51:42 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdolmpm.dll
[2010-04-10 12:51:42 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdohcp.dll
[2010-04-10 12:51:42 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdocomm.dll
[2010-04-10 12:51:42 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdoinpa.dll
[2010-04-10 12:51:42 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdoiesc.dll
[2010-04-10 12:51:42 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdoprox.dll
[6 C:\WINDOWS\*.tmp files -&--#62; C:\WINDOWS\*.tmp -&--#62; ]
[1 C:\WINDOWS\System32\*.tmp files -&--#62; C:\WINDOWS\System32\*.tmp -&--#62; ]
========== Files - Modified Within 30 Days ==========
[2010-06-02 16:46:00 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{70C31738-BABA-4CEF-B994-B12B96B38986}.job
[2010-06-02 16:44:24 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CWK.lnk
[2010-06-02 16:44:13 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\NTUSER.DAT
[2010-06-02 16:35:05 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-02 16:35:03 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-02 16:28:08 | 003,702,349 | ---- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\xxxxCFixxxx.exe
[2010-06-02 16:17:44 | 000,023,408 | ---- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-06-02 16:07:17 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\fesoc.sys
[2010-06-02 15:41:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-02 15:41:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-02 15:09:05 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\ntuser.ini
[2010-06-02 15:09:01 | 003,230,264 | -H-- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-06-02 15:06:01 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-02 14:39:01 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\Total Commander.lnk
[2010-06-02 14:36:27 | 000,121,133 | ---- | M] () -- C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe
[2010-06-02 14:06:43 | 000,490,628 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-06-02 14:06:43 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-02 14:06:43 | 000,083,880 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-06-02 14:06:43 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-02 14:06:42 | 001,087,636 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-02 13:54:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-02 13:52:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-06-02 13:50:53 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010-06-02 13:50:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-06-02 13:50:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-06-02 13:50:44 | 000,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010-06-02 13:49:56 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010-06-02 13:49:56 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-06-02 13:49:41 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-06-02 13:49:22 | 000,023,016 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-06-02 13:47:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-06-02 13:46:01 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010-06-02 13:41:20 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-06-01 13:36:03 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe.bak
[2010-05-27 09:51:30 | 000,541,961 | ---- | M] () -- C:\WINDOWS\setupapi.old
[6 C:\WINDOWS\*.tmp files -&--#62; C:\WINDOWS\*.tmp -&--#62; ]
[1 C:\WINDOWS\System32\*.tmp files -&--#62; C:\WINDOWS\System32\*.tmp -&--#62; ]
========== Files Created - No Company Name ==========
[2010-06-02 16:28:08 | 003,702,349 | ---- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\xxxxCFixxxx.exe
[2010-06-02 16:09:03 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010-06-02 16:09:03 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010-06-02 16:09:03 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010-06-02 16:09:03 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010-06-02 16:09:03 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010-06-02 16:07:17 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fesoc.sys
[2010-06-02 15:57:58 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010-06-02 15:57:46 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010-06-02 15:57:46 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010-06-02 15:57:36 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010-06-02 14:39:01 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\Total Commander.lnk
[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010-06-02 14:37:19 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\3bq28k0k.exe
[2010-06-02 14:36:27 | 000,121,133 | ---- | C] () -- C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe
[2010-06-02 13:52:43 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010-06-02 13:52:18 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010-06-02 13:52:18 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010-06-02 13:52:17 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010-06-02 13:52:01 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010-06-02 13:52:01 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010-06-02 13:51:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010-06-02 13:51:55 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010-06-02 13:51:54 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010-06-02 13:51:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010-06-02 13:51:45 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010-06-02 13:51:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010-06-02 13:51:31 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010-06-02 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010-06-02 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010-06-02 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010-06-02 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010-06-02 13:51:27 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010-06-02 13:51:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010-06-02 13:51:27 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010-06-02 13:51:26 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010-06-02 13:51:26 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010-06-02 13:51:26 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010-06-02 13:51:26 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010-06-02 13:51:26 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010-06-02 13:51:26 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010-06-02 13:51:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010-06-02 13:51:25 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010-06-02 13:51:25 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010-06-02 13:51:25 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010-06-02 13:51:25 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010-06-02 13:51:24 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010-06-02 13:51:24 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010-06-02 13:49:56 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-06-02 13:49:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-06-02 13:41:06 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2010-06-02 13:41:06 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010-06-02 13:41:06 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010-06-02 13:41:06 | 000,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010-06-02 13:41:05 | 002,033,887 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010-06-02 13:41:05 | 001,246,357 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010-06-02 13:41:05 | 000,808,524 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010-06-02 13:41:05 | 000,545,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010-06-02 13:41:05 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010-06-02 13:41:05 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010-06-02 13:41:05 | 000,033,765 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010-06-02 13:41:05 | 000,016,825 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010-06-02 13:41:05 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010-06-02 13:41:05 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010-06-01 11:59:25 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\ntuser.ini
[2010-06-01 11:59:23 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\NTUSER.DAT
[2010-06-01 11:59:23 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\NtUser.dat.LOG
[2010-05-11 15:17:51 | 000,000,472 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{70C31738-BABA-4CEF-B994-B12B96B38986}.job
[2010-04-10 12:53:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdovs.dll
[2010-04-10 12:53:47 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdocoin.dll
[2010-04-10 12:53:31 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdodrs.dll
[2010-04-10 12:53:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdocnv4.dll
[2010-04-10 12:53:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdocaps.dll
[2010-04-10 12:51:42 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdoinst.dll
[2010-04-10 12:51:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdogrd.dll
[2010-04-07 17:05:09 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-04-07 17:03:32 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2010-04-07 16:59:40 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010-04-07 16:59:35 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010-04-07 16:59:32 | 000,017,679 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-04-07 16:59:32 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
========== LOP Check ==========
[2010-06-02 16:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-06-02 16:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-06-02 14:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\GHISLER
[2010-05-13 14:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\profilux12\Dane aplikacji\ESET
[2010-05-24 09:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\profilux12\Dane aplikacji\Lexmark Productivity Studio
[2010-04-10 14:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\profilux12\Dane aplikacji\OpenOffice.org
[2010-06-02 14:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\GHISLER
[2010-06-02 16:46:00 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{70C31738-BABA-4CEF-B994-B12B96B38986}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 173 bytes -&--#62; C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -&--#62; C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8
&--#60; End of report &--#62;
Restarty non-stop przy starcie systemu XP
w Dział pomocy doraźnej
Opublikowano · Edytowane przez Landuss
Nie nic już nie musisz podawać
Ok Landuss. Sorry. Oczywiście wiem jakie są zasady.
Tak, wiem, że dużo logów, ale jak miałem zrobić logi Otl i Gmera skoro W OGÓLE system nie wstawał, tylko w kółko się restartował?
Najpierw więc zrobiłem co umiałem, żeby w ogóle odpalić kompa i dostać się do windy (i to chyba z całkiem niezłym skutkiem).
A podałem w poście całą historię naprawy, bo wydawało mi się, że lepiej jak fachowcy zobaczą pełny obraz moich działań i wyłapią w pozostałych logach jeszcze jakieś ślady wirusów w systemie do usunięcia np. skryptami.
Mogłem oczywiście pominąć cały wcześniejszy kontekst, ale czy wtedy z końcowych logów OTL wiedziałbyś o wirusach usuniętych przez CF, MBAM, A-2 czy Kaspresky Virus Removal Tools?
Gmer do końca nie daje logów, bo w trakcie szukania restartuje kompa, więc użyłem TDSS rootkit removing tool, MBR.exe. , EMebRemover.exe, Fixmebroot.exe.
Zapomniałem dodać, że w międzyczasie wykonałem jeszcze WWDC, TFC, CCleaner, AFC, czyszczenie Recycler i wyłączanie Przywracania systemu i resety kompa.
Usunąłem też na końcu Winamp Toolbar, zaktualizowałem Acrobata do 9.3, FireFoxa do 3.6.3, posprzątałem programem Ashampoo WinOptimizer 2010, MyDefrag i zrobiłem aktualizacje krytyczne systemu XP, ale o tym też już nie pisałem.
(A`propos - jeśli ktoś potrzebuje Ashampoo WinOptimizer 2010, to jest do pobrania pełna wersja za FREE)
--
Jutro odinstaluję CF i zrobię aktualizację Javy.
Zapytam nieśmiało, podać na koniec jakieś logi?
Pozdrawiam i dziękuję Landuss.