Skocz do zawartości

Wymuszone logowanie z hasłem w XP Home.


Rekomendowane odpowiedzi

Witam,

kilka dni temu przy starcie WinXP Home zaczęło nagle pojawiać się okno logowania z hasłem. I nie przyjmowało żadnych możliwych haseł.

 

2 programy do resetowania haseł (ActivePasswordChanger i SpotmanPowerSuite) też nie pomagały.

Tzn. resetowały hasła i już wydawało się, że będzie OK, system się ładował, ekran przeskakiwał na inną stronę,

"Trwa ładowanie ustawień osobistych", zapisywał ustawienia, ale potem znów wyskakiwało okno logowania z hasłem.

 

Przy użytkowniku Administrator pojawiał się komunikat: "Nie można się zalogować z powodu ograniczeń konta".

 

DrWeb CD-Live nie był w stanie przeskanować dysku. Załadował moduły i stop.

 

W końcu zrobiłem reinstalkę nakładkową przez 2.R i udało się. Hasła znikły.

 

Okazało się, że Eset Smart Security był już rozbrojony, bez możliwości pracy.

Zapora systemowa również.

 

Żadne anty-spyware się nie uruchamiały, próby ściągnięcia czegoś anty były przerywane.

 

Czyściłem Tempy, Temp.Int.Files, Recycle, cookies. ATF-Cleaner, CCleaner, WWDC, przywracanie systemu.

W Windows\Temp\ były 2 pliki (o takiej lub podobnej nazwie) "temporary1.exe" z wirusami. Usunąłem je ręcznie.

 

W końcu GMER zaczynał pracować, wskazywał na czerwono działanie rotkita i nagle stopował i reset kompa.

I tak kilka razy. Na czerwono było coś z Windows ... Defender. A zapora systemowa i w Esecie była zablokowana.

 

Log OTL.Extras:

 

 

OTL Extras logfile created on: 2010-06-02 16:29:44 - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = c:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78,13 Gb Total Space | 70,32 Gb Free Space | 90,01% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 3,73 Gb Total Space | 2,84 Gb Free Space | 76,25% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FBUH-DC790BF809

Current User Name: profilux12

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\&--#60;extension&--#62;]

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\&--#60;key&--#62;\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\lxdocoms.exe" = C:\WINDOWS\system32\lxdocoms.exe:*:Enabled:9500 Series Server -- ( )

"C:\Program Files\Lexmark 9500 Series\lxdomon.exe" = C:\Program Files\Lexmark 9500 Series\lxdomon.exe:*:Enabled:Printer Device Monitor -- ()

"C:\WINDOWS\system32\lxdocfg.exe" = C:\WINDOWS\system32\lxdocfg.exe:*:Enabled:Printer Communication System -- ( )

"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdopswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdopswx.exe:*:Enabled:Printer Status Window Interface -- ()

"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdotime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdotime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{8BD6DD52-2F49-4E35-B678-71E1E7D286DB}" = ESET NOD32 Antivirus

"{9168BFE2-8888-11D3-AF63-00C04F443448}" = Microsoft Works 2000

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91045}" = Nero 8 Essentials

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2D3D146-67BC-43D0-9015-2E7BAC2E032B}" = OpenOffice.org 3.1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Browser Defender_is1" = Browser Defender 2.0.6.15

"CCleaner" = CCleaner

"CWK" = CWK (Czasowy Wyłącznik Komputera)

"HDMI" = Intel® Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"Lexmark 9500 Series" = Lexmark 9500 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"SpyRemover_is1" = SpyRemover 2.72

"Spyware Doctor" = Spyware Doctor 7.0

"Totalcmd" = Total Commander (Remove or Repair)

"Windows Media Format Runtime" = Windows Media Format Runtime

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2010-05-06 05:04:21 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł

powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00036d7a.

 

Error - 2010-05-13 07:28:14 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł

powodujący błąd flash6.ocx, wersja 6.0.88.0, adres błędu 0x000503b3.

 

Error - 2010-05-17 02:58:25 | Computer Name = FBUH-DC790BF809 | Source = Windows Product Activation | ID = 1000

Description = Wystąpił błąd podczas sprawdzania przez kreatora licencji bieżącego

produktu Windows. Kod błędu: 4 0x8009001d

 

Error - 2010-06-02 08:07:59 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd egui.exe, wersja 4.2.40.10, moduł powodujący

błąd egui.exe, wersja 4.2.40.10, adres błędu 0x000537cd.

 

Error - 2010-06-02 08:10:18 | Computer Name = FBUH-DC790BF809 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.5512, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

 

Error - 2010-06-02 08:35:33 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd egui.exe, wersja 4.2.40.10, moduł powodujący

błąd egui.exe, wersja 4.2.40.10, adres błędu 0x000537cd.

 

[ Application Events ]

Error - 2010-05-06 05:04:21 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł

powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00036d7a.

 

Error - 2010-05-13 07:28:14 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł

powodujący błąd flash6.ocx, wersja 6.0.88.0, adres błędu 0x000503b3.

 

Error - 2010-05-17 02:58:25 | Computer Name = FBUH-DC790BF809 | Source = Windows Product Activation | ID = 1000

Description = Wystąpił błąd podczas sprawdzania przez kreatora licencji bieżącego

produktu Windows. Kod błędu: 4 0x8009001d

 

Error - 2010-06-02 08:07:59 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd egui.exe, wersja 4.2.40.10, moduł powodujący

błąd egui.exe, wersja 4.2.40.10, adres błędu 0x000537cd.

 

Error - 2010-06-02 08:10:18 | Computer Name = FBUH-DC790BF809 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.5512, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

 

Error - 2010-06-02 08:35:33 | Computer Name = FBUH-DC790BF809 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd egui.exe, wersja 4.2.40.10, moduł powodujący

błąd egui.exe, wersja 4.2.40.10, adres błędu 0x000537cd.

 

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

&--#60; End of report &--#62;

 

 

 

Log OTL.TXT:

 

 

OTL logfile created on: 2010-06-02 16:29:44 - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = c:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78,13 Gb Total Space | 70,32 Gb Free Space | 90,01% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 3,73 Gb Total Space | 2,84 Gb Free Space | 76,25% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FBUH-DC790BF809

Current User Name: profilux12

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010-06-02 16:22:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS\OTL.exe

PRC - [2010-04-10 16:21:04 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2010-04-07 21:07:04 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2010-03-29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010-01-22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

PRC - [2009-11-25 12:30:00 | 002,983,376 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe

PRC - [2009-11-18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe

PRC - [2009-11-06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe

PRC - [2009-10-30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe

PRC - [2009-09-24 07:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE

PRC - [2008-06-24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-09-20 16:05:06 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdocoms.exe

PRC - [2007-09-06 16:38:58 | 000,450,560 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\lxdomon.exe

PRC - [2007-08-10 02:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\lxdoamon.exe

PRC - [2007-07-17 08:26:04 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdoserv.exe

PRC - [1999-08-06 09:53:00 | 000,053,317 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010-06-02 16:22:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS\OTL.exe

MOD - [2010-04-07 21:12:42 | 000,011,952 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\eplgHooks.dll

MOD - [2009-10-30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll

MOD - [2009-09-09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll

MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010-04-07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EHttpSrv)

SRV - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2010-03-29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010-01-22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2009-11-06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2009-10-30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2007-09-20 16:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdocoms.exe -- (lxdo_device)

SRV - [2007-07-17 08:26:04 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] -- -- (cpuxp)

DRV - [2010-04-07 21:08:08 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)

DRV - [2010-04-07 21:08:08 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)

DRV - [2010-04-07 21:08:06 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)

DRV - [2010-04-07 21:08:04 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)

DRV - [2010-04-07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010-04-07 21:03:44 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2010-03-29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009-11-09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2009-05-23 01:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009-04-24 21:22:16 | 000,141,568 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008-08-05 22:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008-03-20 02:45:50 | 005,955,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2006-01-04 17:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-515967899-1390067357-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-06-02 16:17:08 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKU\S-1-5-21-515967899-1390067357-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-515967899-1390067357-682003330-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)

O4 - HKLM..\Run: [lxdoamon] C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ()

O4 - HKLM..\Run: [lxdomon.exe] C:\Program Files\Lexmark 9500 Series\lxdomon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKU\S-1-5-21-515967899-1390067357-682003330-1004..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-21-515967899-1390067357-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-20..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)

O4 - Startup: C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-515967899-1390067357-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 - No CLSID value found

O18 - Protocol\Handler\http\oledb - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-04-07 16:55:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-03-04 12:28:28 | 000,000,000 | RHSD | M] - F:\AUTORUN_.INF -- [ FAT32 ]

O32 - AutoRun File - [2010-03-04 18:44:16 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-06-02 16:17:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010-06-02 16:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2010-06-02 16:15:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\IECompatCache

[2010-06-02 16:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Macromedia

[2010-06-02 16:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Adobe

[2010-06-02 16:13:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\PrivacIE

[2010-06-02 16:12:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Recent

[2010-06-02 16:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010-06-02 16:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Threat Expert

[2010-06-02 16:09:03 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll

[2010-06-02 16:09:03 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old

[2010-06-02 16:09:03 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll

[2010-06-02 16:09:03 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll

[2010-06-02 15:57:58 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys

[2010-06-02 15:57:46 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys

[2010-06-02 15:57:46 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys

[2010-06-02 15:57:36 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

[2010-06-02 15:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2010-06-02 15:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2010-06-02 15:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\PC Tools

[2010-06-02 15:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools

[2010-06-02 15:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2010-06-02 15:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpyRemover

[2010-06-02 15:31:29 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010-06-02 15:06:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\IETldCache

[2010-06-02 15:02:26 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2010-06-02 15:02:26 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2010-06-02 15:02:26 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2010-06-02 15:02:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2010-06-02 14:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\GHISLER

[2010-06-02 14:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun

[2010-06-02 14:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\TOOLS

[2010-06-02 14:38:59 | 000,000,000 | ---D | C] -- C:\totalcmd

[2010-06-02 14:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\GHISLER

[2010-06-02 14:38:02 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys

[2010-06-02 14:37:39 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2010-06-02 14:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Malwarebytes

[2010-06-02 14:36:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-06-02 14:36:39 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-06-02 14:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-06-02 14:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-06-02 14:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\My applications

[2010-06-02 14:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Temp

[2010-06-02 14:29:37 | 002,191,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2010-06-02 14:29:34 | 002,147,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2010-06-02 14:29:34 | 002,025,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2010-06-02 14:11:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\UserData

[2010-06-02 14:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Google

[2010-06-02 14:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Google

[2010-06-02 14:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Ahead

[2010-06-02 14:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Identities

[2010-06-02 14:06:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Moje dokumenty\Moje obrazy

[2010-06-02 14:06:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Moje dokumenty\Moja muzyka

[2010-06-02 14:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010-06-02 13:52:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime

[2010-06-02 13:52:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime

[2010-06-02 13:52:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime

[2010-06-02 13:52:38 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime

[2010-06-02 13:52:37 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime

[2010-06-02 13:52:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime

[2010-06-02 13:52:36 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

[2010-06-02 13:52:36 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

[2010-06-02 13:52:36 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

[2010-06-02 13:52:35 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll

[2010-06-02 13:52:35 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll

[2010-06-02 13:52:33 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll

[2010-06-02 13:52:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime

[2010-06-02 13:52:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

[2010-06-02 13:52:32 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime

[2010-06-02 13:52:32 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe

[2010-06-02 13:52:32 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll

[2010-06-02 13:52:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe

[2010-06-02 13:52:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll

[2010-06-02 13:52:31 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

[2010-06-02 13:52:31 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

[2010-06-02 13:52:31 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

[2010-06-02 13:52:29 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

[2010-06-02 13:52:28 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll

[2010-06-02 13:52:27 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll

[2010-06-02 13:52:27 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll

[2010-06-02 13:52:27 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll

[2010-06-02 13:52:27 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll

[2010-06-02 13:52:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll

[2010-06-02 13:52:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe

[2010-06-02 13:52:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

[2010-06-02 13:52:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2010-06-02 13:52:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe

[2010-06-02 13:52:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

[2010-06-02 13:52:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll

[2010-06-02 13:52:26 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe

[2010-06-02 13:52:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll

[2010-06-02 13:52:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

[2010-06-02 13:52:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll

[2010-06-02 13:52:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll

[2010-06-02 13:52:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll

[2010-06-02 13:52:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll

[2010-06-02 13:52:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll

[2010-06-02 13:52:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll

[2010-06-02 13:52:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll

[2010-06-02 13:52:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll

[2010-06-02 13:52:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll

[2010-06-02 13:52:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll

[2010-06-02 13:52:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll

[2010-06-02 13:52:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2010-06-02 13:52:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2010-06-02 13:52:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2010-06-02 13:52:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll

[2010-06-02 13:52:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll

[2010-06-02 13:52:23 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll

[2010-06-02 13:52:22 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2010-06-02 13:52:22 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2010-06-02 13:52:22 | 000,029,184 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll

[2010-06-02 13:52:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll

[2010-06-02 13:52:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime

[2010-06-02 13:52:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

[2010-06-02 13:52:21 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe

[2010-06-02 13:52:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime

[2010-06-02 13:52:20 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys

[2010-06-02 13:52:20 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe

[2010-06-02 13:52:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe

[2010-06-02 13:52:18 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll

[2010-06-02 13:52:18 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe

[2010-06-02 13:52:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll

[2010-06-02 13:52:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll

[2010-06-02 13:52:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll

[2010-06-02 13:52:17 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime

[2010-06-02 13:52:17 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime

[2010-06-02 13:52:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll

[2010-06-02 13:52:17 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll

[2010-06-02 13:52:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll

[2010-06-02 13:52:16 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll

[2010-06-02 13:52:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll

[2010-06-02 13:52:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll

[2010-06-02 13:52:12 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll

[2010-06-02 13:52:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe

[2010-06-02 13:52:09 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex

[2010-06-02 13:52:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll

[2010-06-02 13:52:04 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys

[2010-06-02 13:52:04 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll

[2010-06-02 13:52:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe

[2010-06-02 13:52:03 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll

[2010-06-02 13:52:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll

[2010-06-02 13:52:02 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll

[2010-06-02 13:52:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll

[2010-06-02 13:52:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll

[2010-06-02 13:52:00 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll

[2010-06-02 13:52:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll

[2010-06-02 13:52:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll

[2010-06-02 13:52:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll

[2010-06-02 13:52:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll

[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll

[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll

[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll

[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll

[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll

[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll

[2010-06-02 13:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll

[2010-06-02 13:51:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll

[2010-06-02 13:51:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll

[2010-06-02 13:51:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll

[2010-06-02 13:51:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll

[2010-06-02 13:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll

[2010-06-02 13:51:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll

[2010-06-02 13:51:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll

[2010-06-02 13:51:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll

[2010-06-02 13:51:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll

[2010-06-02 13:51:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll

[2010-06-02 13:51:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll

[2010-06-02 13:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll

[2010-06-02 13:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll

[2010-06-02 13:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll

[2010-06-02 13:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll

[2010-06-02 13:51:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll

[2010-06-02 13:51:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll

[2010-06-02 13:51:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll

[2010-06-02 13:51:56 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll

[2010-06-02 13:51:56 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll

[2010-06-02 13:51:56 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll

[2010-06-02 13:51:56 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe

[2010-06-02 13:51:56 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll

[2010-06-02 13:51:56 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe

[2010-06-02 13:51:55 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll

[2010-06-02 13:51:55 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll

[2010-06-02 13:51:55 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll

[2010-06-02 13:51:55 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe

[2010-06-02 13:51:55 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe

[2010-06-02 13:51:55 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe

[2010-06-02 13:51:55 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe

[2010-06-02 13:51:55 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll

[2010-06-02 13:51:55 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe

[2010-06-02 13:51:55 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe

[2010-06-02 13:51:54 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime

[2010-06-02 13:51:54 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe

[2010-06-02 13:51:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll

[2010-06-02 13:51:54 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll

[2010-06-02 13:51:54 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime

[2010-06-02 13:51:54 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll

[2010-06-02 13:51:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe

[2010-06-02 13:51:51 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll

[2010-06-02 13:51:46 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll

[2010-06-02 13:51:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll

[2010-06-02 13:51:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll

[2010-06-02 13:51:44 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll

[2010-06-02 13:51:44 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll

[2010-06-02 13:51:44 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll

[2010-06-02 13:51:44 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe

[2010-06-02 13:51:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll

[2010-06-02 13:51:44 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll

[2010-06-02 13:51:44 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll

[2010-06-02 13:51:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll

[2010-06-02 13:51:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe

[2010-06-02 13:51:43 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll

[2010-06-02 13:51:43 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll

[2010-06-02 13:51:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe

[2010-06-02 13:51:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe

[2010-06-02 13:51:43 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll

[2010-06-02 13:51:43 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll

[2010-06-02 13:51:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll

[2010-06-02 13:51:43 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll

[2010-06-02 13:51:43 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll

[2010-06-02 13:51:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll

[2010-06-02 13:51:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll

[2010-06-02 13:51:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll

[2010-06-02 13:51:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll

[2010-06-02 13:51:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll

[2010-06-02 13:51:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll

[2010-06-02 13:51:42 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe

[2010-06-02 13:51:42 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll

[2010-06-02 13:51:42 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe

[2010-06-02 13:51:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll

[2010-06-02 13:51:41 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll

[2010-06-02 13:51:41 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe

[2010-06-02 13:51:41 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll

[2010-06-02 13:51:41 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll

[2010-06-02 13:51:41 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll

[2010-06-02 13:51:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe

[2010-06-02 13:51:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys

[2010-06-02 13:51:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime

[2010-06-02 13:51:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe

[2010-06-02 13:51:32 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe

[2010-06-02 13:51:31 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe

[2010-06-02 13:51:31 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll

[2010-06-02 13:51:31 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll

[2010-06-02 13:51:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll

[2010-06-02 13:51:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime

[2010-06-02 13:51:30 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll

[2010-06-02 13:51:30 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll

[2010-06-02 13:51:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime

[2010-06-02 13:51:30 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe

[2010-06-02 13:51:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe

[2010-06-02 13:51:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe

[2010-06-02 13:51:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe

[2010-06-02 13:51:29 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll

[2010-06-02 13:51:29 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2010-06-02 13:51:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll

[2010-06-02 13:51:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll

[2010-06-02 13:51:23 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll

[2010-06-02 13:51:22 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll

[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll

[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll

[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll

[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll

[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll

[2010-06-02 13:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll

[2010-06-02 13:51:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll

[2010-06-02 13:51:17 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe

[2010-06-02 13:51:17 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll

[2010-06-02 13:51:17 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe

[2010-06-02 13:51:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll

[2010-06-02 13:51:13 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll

[2010-06-02 13:51:13 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll

[2010-06-02 13:51:13 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe

[2010-06-02 13:51:12 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll

[2010-06-02 13:51:12 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe

[2010-06-02 13:51:12 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll

[2010-06-02 13:51:12 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll

[2010-06-02 13:51:12 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe

[2010-06-02 13:51:12 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll

[2010-06-02 13:51:12 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll

[2010-06-02 13:51:12 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll

[2010-06-02 13:51:12 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll

[2010-06-02 13:51:12 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll

[2010-06-02 13:51:12 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll

[2010-06-02 13:51:12 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll

[2010-06-02 13:51:12 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe

[2010-06-02 13:51:11 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe

[2010-06-02 13:51:11 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll

[2010-06-02 13:51:11 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe

[2010-06-02 13:51:11 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe

[2010-06-02 13:51:08 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll

[2010-06-02 13:41:15 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll

[2010-06-02 13:41:15 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll

[2010-06-02 13:41:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll

[2010-06-02 13:41:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll

[2010-06-01 13:36:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe.bak

[2010-06-01 11:59:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Microsoft

[2010-06-01 11:59:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji

[2010-06-01 11:59:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Moje dokumenty

[2010-06-01 11:59:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Menu Start

[2010-06-01 11:59:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Cookies

[2010-06-01 11:59:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\NetHood

[2010-06-01 11:59:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\SendTo

[2010-06-01 11:59:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ulubione

[2010-06-01 11:59:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne

[2010-06-01 11:59:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Szablony

[2010-06-01 11:59:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\PrintHood

[2010-06-01 11:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit

[2010-06-01 11:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Microsoft

[2010-05-13 14:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET

[2010-05-13 14:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010-05-13 13:38:58 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010-05-13 13:22:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010-04-10 12:51:42 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdoserv.dll

[2010-04-10 12:51:42 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdousb1.dll

[2010-04-10 12:51:42 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdocomc.dll

[2010-04-10 12:51:42 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdohbn3.dll

[2010-04-10 12:51:42 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdopmui.dll

[2010-04-10 12:51:42 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdolmpm.dll

[2010-04-10 12:51:42 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdohcp.dll

[2010-04-10 12:51:42 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdocomm.dll

[2010-04-10 12:51:42 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdoinpa.dll

[2010-04-10 12:51:42 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdoiesc.dll

[2010-04-10 12:51:42 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdoprox.dll

[6 C:\WINDOWS\*.tmp files -&--#62; C:\WINDOWS\*.tmp -&--#62; ]

[1 C:\WINDOWS\System32\*.tmp files -&--#62; C:\WINDOWS\System32\*.tmp -&--#62; ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-06-02 16:46:00 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{70C31738-BABA-4CEF-B994-B12B96B38986}.job

[2010-06-02 16:44:24 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CWK.lnk

[2010-06-02 16:44:13 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\NTUSER.DAT

[2010-06-02 16:35:05 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-06-02 16:35:03 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-06-02 16:28:08 | 003,702,349 | ---- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\xxxxCFixxxx.exe

[2010-06-02 16:17:44 | 000,023,408 | ---- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-06-02 16:07:17 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\fesoc.sys

[2010-06-02 15:41:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-06-02 15:41:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-06-02 15:09:05 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\ntuser.ini

[2010-06-02 15:09:01 | 003,230,264 | -H-- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-06-02 15:06:01 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-06-02 14:39:01 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\Total Commander.lnk

[2010-06-02 14:36:27 | 000,121,133 | ---- | M] () -- C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe

[2010-06-02 14:06:43 | 000,490,628 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-06-02 14:06:43 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-06-02 14:06:43 | 000,083,880 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-06-02 14:06:43 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-06-02 14:06:42 | 001,087,636 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-06-02 13:54:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-06-02 13:52:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2010-06-02 13:50:53 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010-06-02 13:50:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010-06-02 13:50:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010-06-02 13:50:44 | 000,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2010-06-02 13:49:56 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2010-06-02 13:49:56 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2010-06-02 13:49:41 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-06-02 13:49:22 | 000,023,016 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010-06-02 13:47:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010-06-02 13:46:01 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

[2010-06-02 13:41:20 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-06-01 13:36:03 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe.bak

[2010-05-27 09:51:30 | 000,541,961 | ---- | M] () -- C:\WINDOWS\setupapi.old

[6 C:\WINDOWS\*.tmp files -&--#62; C:\WINDOWS\*.tmp -&--#62; ]

[1 C:\WINDOWS\System32\*.tmp files -&--#62; C:\WINDOWS\System32\*.tmp -&--#62; ]

 

========== Files Created - No Company Name ==========

 

[2010-06-02 16:28:08 | 003,702,349 | ---- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\xxxxCFixxxx.exe

[2010-06-02 16:09:03 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip

[2010-06-02 16:09:03 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll

[2010-06-02 16:09:03 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml

[2010-06-02 16:09:03 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml

[2010-06-02 16:09:03 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip

[2010-06-02 16:07:17 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fesoc.sys

[2010-06-02 15:57:58 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat

[2010-06-02 15:57:46 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat

[2010-06-02 15:57:46 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat

[2010-06-02 15:57:36 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat

[2010-06-02 14:39:01 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\Total Commander.lnk

[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF

[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF

[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF

[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF

[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF

[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF

[2010-06-02 14:38:59 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF

[2010-06-02 14:37:19 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Pulpit\3bq28k0k.exe

[2010-06-02 14:36:27 | 000,121,133 | ---- | C] () -- C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe

[2010-06-02 13:52:43 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls

[2010-06-02 13:52:18 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls

[2010-06-02 13:52:18 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls

[2010-06-02 13:52:17 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2010-06-02 13:52:01 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2010-06-02 13:52:01 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls

[2010-06-02 13:51:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2010-06-02 13:51:55 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2010-06-02 13:51:54 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2010-06-02 13:51:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2010-06-02 13:51:45 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2010-06-02 13:51:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll

[2010-06-02 13:51:31 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2010-06-02 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls

[2010-06-02 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls

[2010-06-02 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls

[2010-06-02 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls

[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls

[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls

[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls

[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls

[2010-06-02 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls

[2010-06-02 13:51:27 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls

[2010-06-02 13:51:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls

[2010-06-02 13:51:27 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls

[2010-06-02 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls

[2010-06-02 13:51:26 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls

[2010-06-02 13:51:26 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls

[2010-06-02 13:51:26 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls

[2010-06-02 13:51:26 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls

[2010-06-02 13:51:26 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls

[2010-06-02 13:51:26 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls

[2010-06-02 13:51:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls

[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls

[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls

[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls

[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls

[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls

[2010-06-02 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls

[2010-06-02 13:51:25 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls

[2010-06-02 13:51:25 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls

[2010-06-02 13:51:25 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls

[2010-06-02 13:51:25 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls

[2010-06-02 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls

[2010-06-02 13:51:24 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls

[2010-06-02 13:51:24 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls

[2010-06-02 13:49:56 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2010-06-02 13:49:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2010-06-02 13:41:06 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat

[2010-06-02 13:41:06 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT

[2010-06-02 13:41:06 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2010-06-02 13:41:06 | 000,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2010-06-02 13:41:05 | 002,033,887 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT

[2010-06-02 13:41:05 | 001,246,357 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT

[2010-06-02 13:41:05 | 000,808,524 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2010-06-02 13:41:05 | 000,545,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT

[2010-06-02 13:41:05 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2010-06-02 13:41:05 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2010-06-02 13:41:05 | 000,033,765 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT

[2010-06-02 13:41:05 | 000,016,825 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT

[2010-06-02 13:41:05 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2010-06-02 13:41:05 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT

[2010-06-01 11:59:25 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\ntuser.ini

[2010-06-01 11:59:23 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\NTUSER.DAT

[2010-06-01 11:59:23 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\NtUser.dat.LOG

[2010-05-11 15:17:51 | 000,000,472 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{70C31738-BABA-4CEF-B994-B12B96B38986}.job

[2010-04-10 12:53:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdovs.dll

[2010-04-10 12:53:47 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdocoin.dll

[2010-04-10 12:53:31 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdodrs.dll

[2010-04-10 12:53:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdocnv4.dll

[2010-04-10 12:53:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdocaps.dll

[2010-04-10 12:51:42 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdoinst.dll

[2010-04-10 12:51:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdogrd.dll

[2010-04-07 17:05:09 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2010-04-07 17:03:32 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll

[2010-04-07 16:59:40 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010-04-07 16:59:35 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2010-04-07 16:59:32 | 000,017,679 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010-04-07 16:59:32 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

 

========== LOP Check ==========

 

[2010-06-02 16:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2010-06-02 16:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2010-06-02 14:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\GHISLER

[2010-05-13 14:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\profilux12\Dane aplikacji\ESET

[2010-05-24 09:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\profilux12\Dane aplikacji\Lexmark Productivity Studio

[2010-04-10 14:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\profilux12\Dane aplikacji\OpenOffice.org

[2010-06-02 14:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\profilux12.FBUH-DC790BF809\Dane aplikacji\GHISLER

[2010-06-02 16:46:00 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{70C31738-BABA-4CEF-B994-B12B96B38986}.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 173 bytes -&--#62; C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -&--#62; C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8

&--#60; End of report &--#62;

 

Odnośnik do komentarza
Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Ponieważ pogodziłem się już z ewentualną reinstalką, użyłem - mimo wszystko, wbrew zaleceniom - wybacz Picasso - ComboFix.

Parę razy nie zaskoczył, tzn. zaczynał się ładować pasek, okienko znikalo i nic.

W końcu na nowo go ściągnąłem, ale zapisałem pod zmienioną nazwą. Odpalił i sytuacja się poprawiła.

 

Oto log ComboFix:

 

 

ComboFix 10-06-01.05 - profilux12 2010-06-02 17:19:32.1.2 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2038.1793 [GMT 2:00]

Uruchomiony z: c:\documents and settings\profilux12.FBUH-DC790BF809\Pulpit\xxxxCFixxxx.exe

AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Zapora osobista *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\profilux12.FBUH-DC790BF809\cpuxp.sys

 

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CPUXP

-------\Service_cpuxp

 

 

((((((((((((((((((((((((( Pliki utworzone od 2010-05-02 do 2010-06-02 )))))))))))))))))))))))))))))))

.

 

2010-06-02 15:12 . 2010-06-02 15:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-06-02 14:44 . 2010-06-02 14:44 -------- d-----w- c:\program files\Damian Pasternak

2010-06-02 14:17 . 2010-06-02 14:17 23408 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2010-06-02 14:17 . 2010-06-02 14:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET

2010-06-02 14:15 . 2010-06-02 14:15 -------- d-sh--w- c:\documents and settings\profilux12.FBUH-DC790BF809\IECompatCache

2010-06-02 14:13 . 2010-06-02 14:13 -------- d-sh--w- c:\documents and settings\profilux12.FBUH-DC790BF809\PrivacIE

2010-06-02 14:11 . 2010-06-02 14:11 -------- d-----w- c:\program files\CCleaner

2010-06-02 14:10 . 2010-06-02 14:10 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Threat Expert

2010-06-02 14:09 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-06-02 14:09 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-06-02 14:09 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-06-02 14:09 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll

2010-06-02 14:09 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip

2010-06-02 14:09 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip

2010-06-02 13:57 . 2009-10-30 09:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-02 13:57 . 2009-11-09 09:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-02 13:57 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-02 13:57 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-02 13:57 . 2010-06-02 14:09 -------- d-----w- c:\program files\Common Files\PC Tools

2010-06-02 13:57 . 2010-06-02 15:10 -------- d-----w- c:\program files\Spyware Doctor

2010-06-02 13:57 . 2010-06-02 13:57 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\PC Tools

2010-06-02 13:57 . 2010-06-02 13:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Tools

2010-06-02 13:38 . 2010-06-02 15:22 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP

2010-06-02 13:06 . 2010-06-02 13:06 -------- d-sh--w- c:\documents and settings\profilux12.FBUH-DC790BF809\IETldCache

2010-06-02 13:02 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-02 13:02 . 2010-02-25 09:49 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-06-02 13:02 . 2010-02-25 06:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-02 13:02 . 2010-02-25 06:19 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-02 13:02 . 2010-02-25 06:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-02 13:02 . 2010-02-25 06:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-02 13:02 . 2010-02-25 06:19 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-06-02 12:58 . 2010-06-02 12:58 -------- d-----w- c:\documents and settings\Marek\Dane aplikacji\GHISLER

2010-06-02 12:44 . 2010-06-02 12:44 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\GHISLER

2010-06-02 12:40 . 2010-06-02 12:40 503808 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6379155f-n\msvcp71.dll

2010-06-02 12:40 . 2010-06-02 12:40 499712 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6379155f-n\jmc.dll

2010-06-02 12:40 . 2010-06-02 12:40 348160 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6379155f-n\msvcr71.dll

2010-06-02 12:40 . 2010-06-02 12:40 61440 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24455117-n\decora-sse.dll

2010-06-02 12:40 . 2010-06-02 12:40 12800 ----a-w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24455117-n\decora-d3d.dll

2010-06-02 12:38 . 2010-06-02 12:57 -------- d-----w- C:\totalcmd

2010-06-02 12:38 . 2010-06-02 12:38 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\GHISLER

2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF

2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF

2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF

2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF

2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF

2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF

2010-06-02 12:38 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF

2010-06-02 12:38 . 2008-06-14 17:36 273024 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-06-02 12:37 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-06-02 12:36 . 2010-06-02 12:36 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji\Malwarebytes

2010-06-02 12:36 . 2010-06-02 12:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2010-06-02 12:36 . 2010-06-02 12:36 -------- d-----w- c:\documents and settings\All Users\My applications

2010-06-02 12:36 . 2010-06-02 13:44 -------- d-----w- c:\program files\Temp

2010-06-02 12:22 . 2010-06-02 12:22 -------- d-----w- c:\documents and settings\Marek\Ustawienia lokalne\Dane aplikacji\Google

2010-06-02 12:11 . 2010-06-02 12:11 -------- d-s---w- c:\documents and settings\profilux12.FBUH-DC790BF809\UserData

2010-06-02 12:09 . 2010-06-02 12:09 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Google

2010-06-02 12:07 . 2010-06-02 12:07 -------- d-----w- c:\documents and settings\profilux12.FBUH-DC790BF809\Ustawienia lokalne\Dane aplikacji\Ahead

2010-06-02 11:51 . 2008-04-15 12:00 7168 -c--a-w- c:\windows\system32\dllcache\kbdibm02.dll

2010-06-02 11:41 . 2008-04-15 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-06-02 11:41 . 2008-04-15 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-06-02 11:41 . 2008-04-15 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-06-02 11:41 . 2008-04-15 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2010-06-01 09:59 . 2010-06-02 15:19 -------- d--h--r- c:\documents and settings\profilux12.FBUH-DC790BF809\Dane aplikacji

2010-06-01 09:36 . 2010-06-01 09:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-05-28 06:35 . 2010-05-28 06:35 -------- d-sh--w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT

2010-05-25 06:31 . 2010-05-25 06:31 503808 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54afdc7f-n\msvcp71.dll

2010-05-25 06:31 . 2010-05-25 06:31 499712 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54afdc7f-n\jmc.dll

2010-05-25 06:31 . 2010-05-25 06:31 348160 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54afdc7f-n\msvcr71.dll

2010-05-25 06:31 . 2010-05-25 06:31 61440 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-744bfe73-n\decora-sse.dll

2010-05-25 06:31 . 2010-05-25 06:31 12800 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-744bfe73-n\decora-d3d.dll

2010-05-24 07:52 . 2010-05-24 07:52 -------- d-----w- c:\documents and settings\profilux12\Dane aplikacji\Lexmark Productivity Studio

2010-05-13 12:13 . 2010-05-13 12:13 -------- d-----w- c:\documents and settings\profilux12\Ustawienia lokalne\Dane aplikacji\ESET

2010-05-13 12:13 . 2010-05-13 12:13 -------- d-----w- c:\documents and settings\profilux12\Dane aplikacji\ESET

2010-05-13 12:11 . 2010-05-13 12:11 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET

2010-05-13 12:10 . 2010-06-02 14:17 -------- d-----w- c:\program files\ESET

2010-05-13 11:38 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-11 13:17 . 2010-05-11 13:17 -------- d-sh--w- c:\documents and settings\profilux12\IECompatCache

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-02 15:24 . 2008-04-15 12:00 83880 ----a-w- c:\windows\system32\perfc015.dat

2010-06-02 15:24 . 2008-04-15 12:00 490628 ----a-w- c:\windows\system32\perfh015.dat

2010-06-02 11:49 . 2010-04-07 14:52 23016 ----a-w- c:\windows\system32\emptyregdb.dat

2010-05-24 07:11 . 2010-04-10 12:33 1 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-05-13 11:38 . 2010-04-10 12:31 -------- d-----w- c:\program files\Java

2010-05-12 07:48 . 2010-04-21 07:59 -------- d-----w- c:\program files\Microsoft Works

2010-05-11 13:21 . 2010-04-10 10:53 23408 ----a-w- c:\documents and settings\profilux12\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2010-04-12 07:02 . 2010-04-07 14:54 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-10 14:32 . 2010-04-10 14:32 -------- d-----w- c:\program files\MSBuild

2010-04-10 14:32 . 2010-04-10 14:32 -------- d-----w- c:\program files\Reference Assemblies

2010-04-10 14:22 . 2010-04-10 14:22 -------- d-----w- c:\program files\Common Files\Java

2010-04-10 14:21 . 2010-04-10 14:19 -------- d-----w- c:\program files\Google

2010-04-10 14:19 . 2010-04-10 14:19 503808 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45f062c6-n\msvcp71.dll

2010-04-10 14:19 . 2010-04-10 14:19 499712 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45f062c6-n\jmc.dll

2010-04-10 14:19 . 2010-04-10 14:19 348160 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-45f062c6-n\msvcr71.dll

2010-04-10 14:19 . 2010-04-10 14:19 61440 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ffcabd4-n\decora-sse.dll

2010-04-10 14:19 . 2010-04-10 14:19 12800 ----a-w- c:\documents and settings\profilux12\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ffcabd4-n\decora-d3d.dll

2010-04-10 12:32 . 2010-04-10 12:32 -------- d-----w- c:\documents and settings\profilux12\Dane aplikacji\OpenOffice.org

2010-04-10 12:31 . 2010-04-10 12:31 -------- d-----w- c:\program files\JRE

2010-04-10 12:31 . 2010-04-10 12:31 -------- d-----w- c:\program files\OpenOffice.org 3

2010-04-10 11:12 . 2010-04-10 11:12 -------- d-----w- c:\program files\MSXML 4.0

2010-04-10 10:53 . 2010-04-10 10:51 -------- d-----w- c:\program files\Lexmark 9500 Series

2010-04-07 19:08 . 2010-04-07 19:08 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys

2010-04-07 19:08 . 2010-04-07 19:08 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys

2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys

2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys

2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys

2010-04-07 15:14 . 2010-04-07 15:14 -------- d-----w- c:\documents and settings\profilux12\Dane aplikacji\Nero

2010-04-07 15:13 . 2010-04-07 15:11 -------- d-----w- c:\program files\Common Files\Nero

2010-04-07 15:11 . 2010-04-07 15:11 -------- d-----w- c:\program files\Nero

2010-04-07 15:11 . 2010-04-07 15:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero

2010-04-07 15:05 . 2010-04-07 15:03 -------- d-----w- c:\program files\Realtek

2010-04-07 15:05 . 2010-04-07 15:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-07 15:03 . 2010-04-07 15:03 -------- d-----w- c:\program files\Common Files\InstallShield

2010-04-07 15:00 . 2010-04-07 15:00 -------- d-----w- c:\program files\Intel

2010-04-07 14:55 . 2010-04-07 14:55 -------- d-----w- c:\program files\microsoft frontpage

2010-04-07 14:53 . 2010-04-07 14:53 -------- d-----w- c:\program files\Usługi online

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-10 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]

"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]

"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752]

"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

 

c:\documents and settings\profilux12\Menu Start\Programy\Autostart\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

 

c:\documents and settings\All Users\My applications\

Windows Defender Apps Control.exe [2010-6-2 121133]

 

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-8-6 53317]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\lxdocoms.exe"=

"c:\\Program Files\\Lexmark 9500 Series\\lxdomon.exe"=

"c:\\WINDOWS\\system32\\lxdocfg.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdopswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdotime.exe"=

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-06-02 207792]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-04-07 95872]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-06-02 112592]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]

R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --&--#62; c:\windows\system32\lxdocoms.exe -service [?]

R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdoserv.exe [2010-04-10 94208]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-06-02 359624]

S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-04-07 1684736]

 

--- Inne Usługi/Sterowniki w Pamięci ---

 

*Deregistered* - PCTSDInjDriver32

.

Zawartość folderu 'Zaplanowane zadania'

 

2010-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 14:21]

 

2010-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 14:21]

 

2010-06-02 c:\windows\Tasks\User_Feed_Synchronization-{70C31738-BABA-4CEF-B994-B12B96B38986}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Skan uzupełniający -------

.

IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-02 17:23

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay\Applications]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]

@DACL=(02 0000)

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - &--#62; 'explorer.exe'(3416)

c:\windows\system32\WININET.dll

c:\program files\Spyware Doctor\pctgmhk.dll

c:\windows\system32\webcheck.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxdocoms.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\documents and settings\All Users\My applications\Windows Defender Apps Control.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Spyware Doctor\pctsSvc.exe

.

**************************************************************************

.

Czas ukończenia: 2010-06-02 17:27:29 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2010-06-02 15:27

 

Przed: 75 502 866 432 bajtów wolnych

Po: 75 424 960 512 bajtów wolnych

 

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - EFF85A31566FC0E2541FBA959CBF62DE

 

 

Powstał też dodatkowy log MBR.TXT, wskazujący na rootkita w MBR:

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -&--#62; CLASSPNP.SYS @ 0xba0ecf28

\Driver\ACPI -&--#62; ACPI.sys @ 0xb9f7ecb8

\Driver\atapi -&--#62; atapi.sys @ 0xb9f16852

IoDeviceObjectType -&--#62; DeleteProcedure -&--#62; ntkrnlpa.exe @ 0x805836a8

ParseProcedure -&--#62; ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -&--#62; DeleteProcedure -&--#62; ntkrnlpa.exe @ 0x805836a8

ParseProcedure -&--#62; ntkrnlpa.exe @ 0x805827e8

NDIS: Realtek PCIe FE Family Controller -&--#62; SendCompleteHandler -&--#62; NDIS.sys @ 0xb9de9bb0

PacketIndicateHandler -&--#62; NDIS.sys @ 0xb9df6a21

SendHandler -&--#62; NDIS.sys @ 0xb9dd487b

user & kernel MBR OK

 

Aktualnie:

DrWeb, A-Squared, MBAMalware, Spyware Doctor, SpyRemover w szybkim skanowaniu nic nie znalazły.

Zainstalowałem nowego Eseta, bo w starym nie można było odblokować zapory.

Na noc zapuściłem pełne skanowanie DrWeb.

 

Proszę o info, jakimi skryptami skończyć tą walkę.

 

 

---

 

I jeszcze jedno - podczas poprawiania i zapisywania tego wątku na forum wyskakuje

(ale to inny komp, na którym piszę ten post):

 

Skrypt na tej stronie może być zajęty lub przestał odpowiadać.

Można przerwać ten skrypt teraz lub kontynuować, by sprawdzić, czy jego wykonywanie się zakończy.

Skrypt: http://www.fixitpc.p...prettify.js:47.

Przerwij ten skrypt / Kontynuuj.

 

To wina kompa?

Odnośnik do komentarza
Powstał też dodatkowy log MBR.TXT, wskazujący na rootkita w MBR:

 

Absolutnie taki odczyt nie oznacza rootkita w MBR szczególnie przy istnieniu tej linijki:

 

user & kernel MBR OK

 

Ten odczyt jest najczęściej głównie z powodu aktywnych emulatorów napędów wirtualnych co powinieneś wyłączyć według tego tematu: KLIK

 

W logach natomiast widać innego rootkita Windows Defender Apps Control:

 

skanowanie ukrytych procesów ...  

 

c:\documents and settings\All Users\My applications\Windows Defender Apps Control.exe [1884] 0x89371B80

 

*********************************

 

1. Start > Uruchom > regedit i w kluczu:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

 

Dwuklik na wartość Startup i zamieniasz ciąg na taki %USERPROFILE%\Menu Start\Programy\Autostart

 

2. Wklej do notatnika taki tekst:

 

Rootkit::
c:\documents and settings\All Users\My applications\Windows Defender Apps Control.exe
 
Folder::
C:\Program Files\Temp
c:\documents and settings\All Users\My applications
 
File::
c:\documents and settings\profilux12.FBUH-DC790BF809\cpuxp.sys
 
Driver::
cpuxp

Plik >>> zapisz pod nazwą CFScript.txt a nastepnie przeciągnij go i upuść na ikonę ComboFixa w taki sposób:

 

cfscript.gif

 

3. Wklejasz wynikowy log z ComboFix oraz brakujący log z GMER

 

 

 

Odnośnik do komentarza

OK Landuss.

Dziwna sprawa z tymi aktywnymi emulatorami napędów wirtualnych, bo to komp co miał minimum rzeczy poinstalowane i nikt na nim specjalnie ich nie instalował. Chyba.

Sprawdzę oczywiście, ale dopiero w piątek, jak będę miał dostęp do zainfekowanego kompa.

 

Jeszcze jedna informacja, robactwa mogło być więcej, ale logi ich nie pokazują, bo przed skanowaniami i reinstalką - jak miałem dostęp do kompa tylko przez CD-Live DrWeb ,

czyściłem ręcznie Tempy, Temp.Int.Files, Recykled, Cookies.

W C:\Program Files\Temp\... były 2 pliki (o takiej lub podobnej nazwie) "TEMPORARY1.EXE" z wirusami. Usunąłem je również.

 

Czy jest możliwe stwierdzenie - w przybliżeniu chociaż, źródła / sposobu zarażenia?

Odnośnik do komentarza
Dziwna sprawa z tymi aktywnymi emulatorami napędów wirtualnych, bo to komp co miał minimum rzeczy poinstalowane i nikt na nim specjalnie ich nie instalował. Chyba.

 

Log z MBR.EXE jest niejasny. Dlatego, że ja tu nie widzę żadnego emulatora napędów (nie ma ani jednego sterownika tego rodzaju w spisie). Na wszelki wypadek sprawdź co mówi TDSSKiller.

Odnośnik do komentarza

OK Picasso.

Ale niestety dopiero jutro.

I dziękuję za wyrozumiałość w sprawie CF ;)

 

Picasso:

Log z MBR.EXE jest niejasny

 

Może jeszcze to w czymś pomoże. Mianowicie po skanowaniach CF zastosowałem Clean w OTL.

Pozostał folder C:\xxxCFixxx (pod taką nazwą zapisałem CF jak ściągałem z sieci).

W nim były 3 pliki. Podałem w poście zawartość MBR.TXT.

Załączam teraz pozostałe, może da Ci się je podglądnąć.

 

Próbuję, ale wyskakuje

Błąd! Nie masz uprawnień by wgrywać ten rodzaj pliku.

Te 2 pliki to: mbr.cfxxe i CF8710.cfxxe.

Waga: 75 i 375 kB.

 

Hostuję na Sendspace:

 

edytowane

Odnośnik do komentarza
Błąd! Nie masz uprawnień by wgrywać ten rodzaj pliku.

 

Pisałam w organizacyjnej: nie można tu wgrywać żadnych innych plików niż TXT i formaty graficzne.

 

Może jeszcze to w czymś pomoże. Mianowicie po skanowaniach CF zastosowałem Clean w OTL.

Pozostał folder C:\xxxCFixxx (pod taką nazwą zapisałem CF jak ściągałem z sieci).

W nim były 3 pliki. Podałem w poście zawartość MBR.TXT.

Załączam teraz pozostałe, może da Ci się je podglądnąć.

 

Te pliki są nieistotne (elementy ComboFix) i w niczym tu nie pomogą. Nie hostuj proszę plików tego rodzaju na zewnętrznych serwisach. Usuwam linki.

 

A by uzyskać nowy log z MBR nie potrzeba ComboFix, on po prostu używa narzędzie MBR.EXE.

 

 

.

Odnośnik do komentarza

Witam ponownie.

 

A teraz po kolei logi:

 

- CF script used:

Rootkit::

c:\documents and settings\All Users\My applications\Windows Defender Apps Control.exe

 

Folder::

C:\Program Files\Temp

c:\documents and settings\All Users\My applications

 

File::

c:\documents and settings\profilux12.FBUH-DC790BF809\cpuxp.sys

 

Driver::

cpuxp

 

 

- CATCHME LOG:

 

-------- 2010-06-04 - 08:35:16 -------------

 

 

-------- 2010-06-04 - 08:39:57 -------------

 

file zipped: C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe -> _Windows Defender Apps Control_.exe.zip -> Windows Defender Apps Control.exe ( 121133 bytes )

PE file "C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe" killed successfully

 

Z początku wyskakiwały błędy i nie działały skanery MBR (chyba były blokowane przez wirusy?):

 

- screen1

 

- screen2

 

 

- TDSSKiller nic nie znalazł.

 

 

- SnapShot@2010-06-04 - wkleic? Bo długi i może nudny ;)

 

 

 

 

- ComboFix - Quarantantined Files:

 

2010-06-04 06:43:03 . 2010-06-04 06:43:03 40,575 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip

2010-06-04 06:42:27 . 2010-06-04 06:42:27 2,856 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpuxp.reg.dat

2010-06-04 06:42:27 . 2010-06-04 06:42:27 1,234 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CPUXP.reg.dat

2010-06-04 06:42:22 . 2010-06-04 06:42:22 4,934 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2010-06-04 06:40:49 . 2010-06-04 06:40:49 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt

2010-06-04 06:35:16 . 2010-06-04 06:43:04 418 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-06-02 19:03:48 . 2010-06-02 19:03:48 5,918,720 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Temp\temporary2.exe.vir

2010-06-02 19:03:47 . 2010-06-02 19:03:47 121,133 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir

2010-06-02 12:36:27 . 2010-06-04 06:43:04 121,133 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe.vir

 

- FixMebroot v1.0.1

 

FixMebroot could not open its device driver!

 

 

- Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

 

Spróbowałem OTL w trybie awaryjnym:

 

OTL.txt

 

OTL.extras

 

 

 

A oto log z Kaspersky Virus Removal Tools:

 

Autoscan: completed 14764 days ago (events: 17, objects: 217860, time: 01:14:33)

2010-06-04 11:19:29 Task started

2010-06-04 11:41:00 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe/data0000.res

2010-06-04 11:41:00 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe/data0000.res

2010-06-04 11:41:00 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir/data0000.res

2010-06-04 11:41:21 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe/data0001.res

2010-06-04 11:41:22 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe/data0002.res

2010-06-04 11:41:26 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe/data0001.res

2010-06-04 11:41:28 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe/data0002.res

2010-06-04 11:41:28 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir/data0001.res

2010-06-04 11:41:30 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir/data0002.res

2010-06-04 11:43:17 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir/#

2010-06-04 11:43:17 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe/#

2010-06-04 11:43:17 Deleted: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Program Files\Temp\temporary1.exe.vir

2010-06-04 11:43:17 Deleted: Trojan-GameThief.Win32.Tibia.fpn C:\System Volume Information\_restore{93D4E559-81EE-4C57-A8D9-CE2FC37B1BC8}\RP11\A0008034.exe

2010-06-04 11:43:17 Detected: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe/#

2010-06-04 11:43:18 Deleted: Trojan-GameThief.Win32.Tibia.fpn C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip/Windows Defender Apps Control.exe

2010-06-04 12:34:02 Task completed

 

Od razu pytanie: czy jest możliwe tego syfa złapać nie grając w Tibię?

 

 

DrWeb, MBAM nic nie znalazł.

KasperskyVirusRemovalTools znalazł i pousuwał:

 

Results of system analysis Kaspersky Virus Removal Tools:

 

avz_sysinfo.htm

 

avz_sysinfo.xml

 

 

 

 

OTL.txt

 

OTL.extras

 

 

 

Log FixMebroot v1.0.1

FixMebroot has finished scanning your MBR.

It contains no Mebroot infection.

 

MBR.exe log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

 

screen3

 

 

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 16:31 on 04/06/2010 (profilux12)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=

 

 

 

 

------- 2010-06-04 - 08:35:16  -------------


-------- 2010-06-04 - 08:39:57  -------------

file zipped: C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe -> _Windows Defender Apps Control_.exe.zip -> Windows Defender Apps Control.exe ( 121133 bytes ) 
PE file "C:\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe" killed successfully 

-------- 2010-06-04 - 18:06:52 -------------

2010-06-04 06:43:03 . 2010-06-04 09:43:18 22 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\_Windows Defender Apps Control_.exe.zip

2010-06-04 06:42:27 . 2010-06-04 06:42:27 2,856 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpuxp.reg.dat

2010-06-04 06:42:27 . 2010-06-04 06:42:27 1,234 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CPUXP.reg.dat

2010-06-04 06:42:22 . 2010-06-04 16:09:21 4,934 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2010-06-04 06:40:49 . 2010-06-04 06:40:49 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt

2010-06-04 06:35:16 . 2010-06-04 16:06:52 469 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-06-02 19:03:48 . 2010-06-02 19:03:48 5,918,720 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Temp\temporary2.exe.vir

2010-06-02 12:36:27 . 2010-06-04 06:43:04 121,133 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\My applications\Windows Defender Apps Control.exe.vir

 

Ostatni ComboFix log::ComboFix

 

 

 

 

GMER nie ukończył ani razu skanowania. Wieszał się XP i klepsydra non-stop.

Zamieszczę więc skróconą wersję loga, bez opcji szukaj.

 

GMER

 

GMER 1.0.15.15281 - http://www.gmer.net

 

Rootkit quick scan 2010-06-04 18:18:51

Windows 5.1.2600 Dodatek Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\PROFIL~1.FBU\USTAWI~1\Temp\kwlyifob.sys

 

 

---- System - GMER 1.0.15 ----

 

Code \??\C:\DOCUME~1\PROFIL~1.FBU\USTAWI~1\Temp\catchme.sys pIofCallDriver

 

---- Devices - GMER 1.0.15 ----

 

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

 

AttachedDevice eamon.sys (Amon monitor/ESET)

 

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

 

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

 

---- EOF - GMER 1.0.15 ----

 

 

 

Komp normalnie się otwiera, ale bardzo często się zawiesza.

Proszę o instrukcje jak sfinalizować sanację.

Odnośnik do komentarza
Od razu pytanie: czy jest możliwe tego syfa złapać nie grając w Tibię?

 

Pewnie, ze jest. Niech cię nie mylą nazwy wykrywane przez skaner. Ja tej infekcji raczej nie wiąże z Tibią.

 

W logach juz nie widać aktywnej infekcji więc wykonaj jeszcze drobne rzeczy.

 

1. Start > Uruchom > wklej i wywołaj polecenie "c:\documents and settings\profilux12.FBUH-DC790BF809\Pulpit\xxxxCFixxxx.exe" /uninstall

 

2. Wyłącz tymczasowo przywracanie systemu w celu pozbycia się kopii szkodników: KLIK

 

3. Wyczyść lokalizacje tymczasowe używając TFC - Temp Cleaner

 

 

 

Odnośnik do komentarza

OK Landuss, ale dopiero w poniedziałek jak będę miał dostęp.

 

A masz jakiś pomysł na zawieszenia się tego kompa?

Bo można przełączać się między aplikacjami (Alt+Tab), ale trzeba bardzo długo czekać na wejście do nich.

Nie zawsze, ale często się to zdarza. Czasem wolę zrobić reset niż czekać na reakcję.

Wcześniej tego nie było.

Odnośnik do komentarza

Dla porządku podaję ostatnie logi:

 

OTL.txt

 

OTL.Extras

 

GMER

 

Komp chyba w końcu czysty, nawet Gmer nie protestował i zeskanował kompa :cheer:

 

 

 

Proszę jednak o pomoc w kilku innych kwestiach.

 

1. Czasem wyskaują BSODy:

 

 

STOP. Page_fault_In_nonpaged_area.

Przyczyna problemu: ntfs.sys - adres base at B9E01000 , DateStamp 48025be5.

 

0 x 00000050

(0 x A82AEA74, 0 x 00000000, 0 x B9E0365B, 0 x 00000000)

 

STOP.

0 x 0000008E

(0 x C0000005, 0 x 805C3133, 0 x BA4CF9E0, 0 x 00000000)

 

 

 

2) Logowanie do XP HE.

 

Jak zrobić by nie wyskaiwało żadne okno logowania i jak naprawić konto administratora?

 

Próbowałem przez Control userspaswords2, resetowałem hasła, uprawnienia.

Wyskakuje okienko logowania się konta Administratora z komunikatem, że "Nie można się zalogować z powodu ograniczeń konta."

Jak wpiszę nazwę użytkownika "Lucyna", to wchodzę.

Ale nie chcę ani ikonek do klikania, ani okienek do wpisywania użytkowników i haseł.

Odnośnik do komentarza

Do nnneooo:

OK, spróbuję coś podziałać, ale jak skończy się MEMTEST.

Po nocy - wynik: "18 pass complete, no errors".

 

------------

 

Jak chodzi o logowanie - sprawa załatwiona. Pomogło to co poleciłeś od M$:

Thx :cheer:

 

Korzystając z Edytora rejestru, można dodać informacje użytkownika związane z logowaniem. Aby to zrobić, wykonaj następujące kroki:

Kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie regedit, a następnie kliknij przycisk OK.

Zlokalizuj następujący klucz rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Korzystając ze swojej nazwy konta i hasła, kliknij dwukrotnie wpis DefaultUserName, wpisz swoją nazwę użytkownika, a następnie kliknij przycisk OK.

Kliknij dwukrotnie wpis DefaultPassword, wpisz swoje hasło w polu danych wartości, a następnie kliknij przycisk OK.

 

Jeżeli wartość DefaultPassword nie istnieje, utwórz tę wartość. Aby to zrobić, wykonaj następujące kroki:

W Edytorze rejestru kliknij menu Edycja, kliknij polecenie Nowy, a następnie kliknij polecenie Wartość ciągu.

Wpisz nazwę wartości DefaultPassword, a następnie naciśnij klawisz ENTER.

Kliknij dwukrotnie nowo utworzony klucz, a następnie wpisz swoje hasło w polu Dane wartości.

Jeżeli nie określono ciągu DefaultPassword, system Windows XP automatycznie zmienia wartość klucza rejestru AutoAdminLogon z 1 (prawda) na 0 (fałsz), aby wyłączyć funkcję logowania automatycznego (AutoAdminLogon).

Kliknij dwukrotnie wpis AutoAdminLogon, wpisz 1 w polu tekstowym Dane wartości, a następnie kliknij przycisk OK.

 

Jeżeli wpis AutoAdminLogon nie istnieje, utwórz ten wpis. Aby to zrobić, wykonaj następujące kroki:

W Edytorze rejestru kliknij menu Edycja, kliknij polecenie Nowy, a następnie kliknij polecenie Wartość ciągu.

Wpisz nazwę wartości AutoAdminLogon, a następnie naciśnij klawisz ENTER.

Kliknij dwukrotnie nowo utworzony klucz, a następnie wpisz 1 w polu Dane wartości.

Zamknij Edytor rejestru.

Kliknij przycisk Start,kliknij polecenie Zamknij, kliknij przycisk Uruchom ponownie, a następnie kliknij przycisk OK.

Po ponownym uruchomieniu komputera i uruchomieniu systemu Windows XP można logować się automatycznie.

 

--------

 

 

A czy w sprawie STOP - Blue Screen`ów coś można zaradzić?

 

-------

 

Zrobiłem jeszcze profilaktyczny scan Spware Doctor - o dziwo znalazł jeszcze i usunął 2 trojany (27 infekcji):

Trojan-Downloader.Murlo i Trojan-Downloader.Bagle

 

Log Spyware Doctor

 

 

============

 

Minęło kilka dni. Komp chodzi bez zarzutu. Temat do zamknięcia . Dziękuję wszystkim za pomoc. :thumbsup:

Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...