maciasdTk Opublikowano 8 Listopada 2010 Zgłoś Udostępnij Opublikowano 8 Listopada 2010 Witam, Mam problem. Wczoraj chciałem właczyć Google Chrome ale wyskoczył mi taki sam błąd co niżej rożnił się jedynie plikiem dll i ścieżką. Zainstalowałem przeglądarke Mozille i po kilku włączeniach wyskoczył błąd n/w i pokazuje się za każdym razem.: "Firefox - Zły obraz Program C:\Program Files\ Mozilla Firefox\sqlite3.dll nie jest przeznaczony do uruchamiania w systemie Windows albo zawiera błąd. Zainstaluj program ponownie, używając oryginalnego nośnika instalacyjnego..... " Przeskanowałem komuter Combofix'em a oto log: ComboFix 10-11-07.09 - maciasdTk 2010-11-08 15:57:22.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3070.2175 [GMT 1:00] Uruchomiony z: c:\users\maciasdTk.macias\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\page c:\programdata\page\page.ico c:\programdata\page\page.URL D:\1hqup.exe D:\Autorun.inf E:\12gn6id2.exe E:\1hqup.exe E:\autorun.inf E:\biriprg.exe E:\qhbfqx.exe G:\09lf.exe G:\12gn6id2.exe G:\1hqup.exe G:\2bbi1ax.exe G:\2ul.exe G:\Autorun.inf G:\biriprg.exe G:\bu8.exe G:\cgaqyi.exe G:\g6jk.exe G:\ggb6w.exe G:\i8gcgmg.exe G:\krwyrv0d.exe G:\qhbfqx.exe G:\x3xh.exe G:\yqq8eqil.exe I:\12gn6id2.exe I:\1hqup.exe I:\Autorun.inf I:\biriprg.exe I:\qhbfqx.exe J:\12gn6id2.exe J:\1hqup.exe J:\autorun.inf J:\biriprg.exe J:\qhbfqx.exe Zainfekowana kopia c:\windows\explorer.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe . ((((((((((((((((((((((((( Pliki utworzone od 2010-10-08 do 2010-11-08 ))))))))))))))))))))))))))))))) . 2010-11-08 15:01 . 2010-11-08 15:01 -------- d-----w- c:\users\martuśka\AppData\Local\temp 2010-11-08 14:38 . 2010-11-08 14:38 -------- d-----w- C:\found.000 2010-11-07 20:40 . 2008-09-03 12:57 333288 ----a-w- c:\windows\system32\sqlite3.dll 2010-11-07 20:40 . 2008-09-03 12:57 333288 ----a-w- c:\windows\system\sqlite3.dll 2010-11-07 20:28 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco322050.dll 2010-11-07 20:28 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco322030.dll 2010-11-07 20:28 . 2010-10-22 06:23 57960 ----a-w- c:\windows\system32\OpenCL.dll 2010-11-07 20:28 . 2010-10-22 06:23 14899816 ----a-w- c:\windows\system32\nvoglv32.dll 2010-11-07 20:28 . 2010-10-22 06:23 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2010-11-07 20:28 . 2010-10-22 06:23 4837480 ----a-w- c:\windows\system32\nvcuda.dll 2010-11-07 20:28 . 2010-10-22 06:23 2912360 ----a-w- c:\windows\system32\nvcuvid.dll 2010-11-07 20:28 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-11-07 20:28 . 2010-10-22 06:23 13019752 ----a-w- c:\windows\system32\nvcompiler.dll 2010-11-07 17:41 . 2010-11-07 17:41 -------- d-----w- c:\users\martuśka\AppData\Roaming\Mozilla 2010-11-07 17:41 . 2010-11-07 17:41 -------- d-----w- c:\users\martuśka\AppData\Local\Mozilla 2010-11-06 20:45 . 2010-11-06 20:45 -------- d-----w- c:\users\maciasdTk.macias\AppData\Local\Mozilla 2010-11-06 20:38 . 2010-11-06 20:38 -------- d-----w- c:\program files\CCleaner 2010-11-04 14:42 . 2010-11-04 14:42 -------- d-----w- c:\program files\Common Files\Java 2010-10-26 15:57 . 2010-10-26 15:57 -------- d-----w- c:\users\maciasdTk.macias\AppData\Local\ElevatedDiagnostics 2010-10-26 15:51 . 2010-10-26 15:51 686400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-10-25 16:30 . 2002-06-10 13:01 110592 ----a-w- c:\windows\system32\immpid.dll 2010-10-25 16:30 . 2002-06-10 13:01 30920 ----a-w- c:\windows\system32\drivers\imhidusb.sys 2010-10-25 16:30 . 2002-06-10 13:01 16384 ----a-w- c:\windows\system32\imm_enu.dll 2010-10-25 16:30 . 2002-06-10 13:00 1024000 ----a-w- c:\windows\system32\immcpl.dll 2010-10-25 16:30 . 2001-07-02 20:45 196608 ----a-w- c:\windows\system32\IFC22.dll 2010-10-25 16:08 . 2010-10-25 16:08 -------- d-----w- c:\programdata\PC Drivers HeadQuarters Inc 2010-10-25 16:05 . 2010-10-25 16:06 -------- d-----w- c:\users\maciasdTk.macias\AppData\Roaming\GetRightToGo 2010-10-24 15:19 . 2010-10-24 15:19 -------- d-----w- c:\programdata\Codemasters 2010-10-24 14:52 . 2010-03-01 18:51 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll 2010-10-24 14:52 . 2010-07-28 17:10 1380352 ----a-w- c:\windows\system32\rapture3d_oal.dll 2010-10-24 14:51 . 2010-10-24 14:52 -------- d-----w- c:\program files\BRS 2010-10-24 14:51 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmpEC4E.tmp 2010-10-24 14:51 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-10-24 14:51 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-10-24 14:51 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-10-24 14:51 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-10-24 14:51 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-10-24 14:51 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-10-24 14:51 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-10-24 14:51 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-10-24 14:50 . 2010-10-24 14:50 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2010-10-24 14:50 . 2010-10-24 14:50 -------- d-----w- c:\windows\system32\xlive 2010-10-24 14:43 . 2010-10-24 14:43 -------- d-----w- c:\program files\Codemasters 2010-10-22 16:22 . 2010-10-22 16:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2010-10-20 15:33 . 2010-10-20 15:33 -------- d-sh--w- c:\programdata\DSS 2010-10-20 15:21 . 2010-10-20 15:21 -------- d-----w- c:\programdata\Electronic Arts 2010-10-19 17:02 . 2010-10-19 17:02 -------- d-----w- c:\program files\VideoLAN 2010-10-19 16:59 . 2010-10-19 16:59 -------- d-----w- c:\program files\AGEIA Technologies 2010-10-19 16:59 . 2010-10-19 16:59 -------- d-----w- c:\windows\system32\AGEIA 2010-10-19 16:59 . 2010-10-19 16:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-10-17 18:52 . 2010-11-06 12:14 -------- d-----w- c:\program files\cFosSpeed 2010-10-17 18:52 . 2010-09-22 14:34 1065176 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys 2010-10-16 11:42 . 2010-10-16 11:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe 2010-10-16 11:42 . 2010-10-16 11:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll 2010-10-16 11:42 . 2010-10-16 11:42 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-10-16 11:42 . 2010-10-16 11:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll 2010-10-16 11:42 . 2010-10-16 11:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll 2010-10-16 08:30 . 2010-10-16 08:30 -------- d-----w- c:\windows\system32\auralog . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-06 12:24 . 2009-07-13 23:41 2613248 ----a-w- c:\windows\explorer_.exe.Back.3.39404581039867 2010-10-26 15:51 . 2010-09-21 08:11 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2010-10-24 14:51 . 2010-09-20 16:18 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2010-10-24 14:51 . 2010-09-20 16:18 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2010-10-22 06:23 . 2009-06-10 21:19 10023528 ----a-w- c:\windows\system32\nvd3dum.dll 2010-10-22 06:23 . 2010-11-07 20:28 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2010-10-22 06:23 . 2010-09-17 20:13 1719912 ----a-w- c:\windows\system32\nvapi.dll 2010-09-27 17:04 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll 2010-09-27 17:04 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll 2010-09-27 17:04 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll 2010-09-27 03:52 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll 2010-09-27 03:52 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll 2010-09-27 03:52 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll 2010-09-23 20:58 . 2010-09-23 20:59 8192 ----a-w- c:\windows\system32\srvany.exe 2010-09-23 20:58 . 2010-09-23 20:59 151552 ----a-w- c:\windows\KMService.exe 2010-09-21 08:10 . 2010-09-21 08:10 686400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-09-20 15:40 . 2010-09-20 15:40 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-09-17 19:56 . 2010-09-17 19:56 577536 ----a-w- c:\windows\soundman.exe 2010-09-17 19:56 . 2010-09-17 19:56 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl 2010-09-17 19:56 . 2010-09-17 19:56 10528768 ----a-w- c:\windows\system32\RTLCPL.exe 2010-09-17 19:56 . 2010-09-17 19:56 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll 2010-09-17 19:56 . 2010-09-17 19:56 4025088 ----a-w- c:\windows\system32\drivers\alcxwdm.sys 2010-09-17 19:56 . 2010-09-17 19:56 217088 ----a-w- c:\windows\alcrmv.exe 2010-09-17 19:56 . 2010-09-17 19:56 49152 ----a-w- c:\windows\system32\ChCfg.exe 2010-09-17 19:56 . 2010-09-17 19:56 315392 ----a-w- c:\windows\alcupd.exe 2010-09-17 19:49 . 2010-09-17 19:50 24576 ----a-w- c:\windows\system32\AsIO.dll 2010-09-17 19:49 . 2010-09-17 19:50 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys 2010-09-17 19:49 . 2006-10-18 11:44 7680 ----a-w- c:\windows\system32\drivers\ASACPI.sys 2010-09-16 08:24 . 2010-09-17 19:49 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7493BD2B-29B7-47A3-81EC-928CF6FBBB01}\mpengine.dll 2010-09-15 03:50 . 2010-09-18 09:04 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-18 15:10 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmpEC2E.tmp 2010-08-18 05:58 . 2010-08-18 05:58 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-08-18 05:58 . 2010-08-18 05:58 348160 ----a-w- c:\windows\system32\msvcr71.dll . ------- Sigcheck ------- [-] 2010-09-27 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736] [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] 2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736] [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736] [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Immcheck"="immcheck.exe -1" [X] "SoundMan"="SOUNDMAN.EXE" [2010-09-17 577536] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk backup=c:\windows\pss\Rainmeter.lnk.CommonStartup backupExtension=.CommonStartup R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\DRIVERS\imhidusb.sys [2002-06-10 30920] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-20 691696] S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-09-23 8192] . Zawartość folderu 'Zaplanowane zadania' . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Trusted Zone: wroclaw.pl\tmm.wsb Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\maciasdTk.macias\AppData\Roaming\Mozilla\Firefox\Profiles\6qwjm8rn.default\ FF - prefs.js: browser.startup.homepage - google.pl FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-IFSplash - ImmSplsh.exe . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\AUDIODG.EXE c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\KMService.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Czas ukończenia: 2010-11-08 16:05:54 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-11-08 15:05 Przed: 277Â 636Â 460Â 544 bajtów wolnych Po: 277Â 347Â 049Â 472 bajtów wolnych - - End Of File - - 85E3E8B8DB9DCDAF87227CFAECF06E37 Mój system to Windows 7 32-bit. Z góry dzieki za pomoc. Odnośnik do komentarza
Landuss Opublikowano 8 Listopada 2010 Zgłoś Udostępnij Opublikowano 8 Listopada 2010 Zacznij od zastosowania się do zasad działu i wklej logi z wymaganych narzędzi - OTL + GMER. Jako, że była tu też infekcja z urządzenia przenośnego wykonaj też log z USBFix z opcji Listing. Odnośnik do komentarza
maciasdTk Opublikowano 8 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 8 Listopada 2010 reszta logow: log z OTL: OTL logfile created on: 2010-11-08 17:43:45 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\maciasdTk.macias\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 302,73 Gb Total Space | 257,61 Gb Free Space | 85,09% Space Free | Partition Type: NTFS Drive D: | 21,86 Gb Total Space | 19,38 Gb Free Space | 88,69% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 84,70 Mb Free Space | 84,70% Space Free | Partition Type: NTFS Drive F: | 85,57 Gb Total Space | 85,48 Gb Free Space | 99,89% Space Free | Partition Type: NTFS Drive G: | 63,47 Gb Total Space | 51,01 Gb Free Space | 80,36% Space Free | Partition Type: NTFS Drive H: | 61,98 Gb Total Space | 61,89 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive I: | 302,73 Gb Total Space | 215,94 Gb Free Space | 71,33% Space Free | Partition Type: NTFS Drive J: | 325,94 Gb Total Space | 273,74 Gb Free Space | 83,98% Space Free | Partition Type: NTFS Computer Name: MACIAS | User Name: maciasdTk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010-11-08 17:42:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\maciasdTk.macias\Desktop\OTL.exe PRC - [2010-10-16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010-09-29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe PRC - [2010-09-29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe PRC - [2010-09-17 20:56:09 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\soundman.exe PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010-03-15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-07-14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe ========== Modules (SafeList) ========== MOD - [2010-11-08 17:42:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\maciasdTk.macias\Desktop\OTL.exe MOD - [2010-08-04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010-09-29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2010-09-27 18:03:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-09-27 04:52:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2010-09-23 21:58:38 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) SRV - [2010-03-25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010-03-18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-03-18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010-03-18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010-03-18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2010-03-15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV) SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MACIAS~1.MAC\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MACIAS~1.MAC\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2010-10-22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-09-20 16:40:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-09-17 20:56:07 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2010-09-17 20:49:49 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2010-09-17 20:49:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2010-08-18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2010-07-16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA) DRV - [2010-07-16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS) DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2002-06-10 14:01:18 | 000,030,920 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\imhidusb.sys -- (imhidusb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-315759391-259986645-1219633573-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2405280 IE - HKU\S-1-5-21-315759391-259986645-1219633573-1004\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-315759391-259986645-1219633573-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-315759391-259986645-1219633573-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-09-26 19:59:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-06 21:45:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-06 21:45:31 | 000,000,000 | ---D | M] [2010-11-06 21:45:48 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\mozilla\Extensions [2010-11-07 11:48:21 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\mozilla\Firefox\Profiles\6qwjm8rn.default\extensions [2010-11-07 11:48:21 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\mozilla\Firefox\Profiles\6qwjm8rn.default\extensions\personas@christopher.beard [2010-11-06 21:45:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-10-27 06:37:26 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-27 06:37:26 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-27 06:37:26 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-27 06:37:26 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-10-27 06:37:26 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-10-27 06:37:26 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-11-08 16:03:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKU\S-1-5-21-315759391-259986645-1219633573-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-315759391-259986645-1219633573-1004\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [immcheck] File not found O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [soundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-315759391-259986645-1219633573-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-315759391-259986645-1219633573-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-315759391-259986645-1219633573-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-315759391-259986645-1219633573-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O15 - HKLM\..Trusted Domains: wroclaw.pl ([tmm.wsb] http in Trusted sites) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1288283540709 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006-01-01 03:21:46 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-11-08 17:42:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\maciasdTk.macias\Desktop\OTL.exe [2010-11-08 16:35:54 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2010-11-08 16:35:54 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2010-11-08 16:35:53 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2010-11-08 16:35:53 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2010-11-08 16:35:51 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\Malwarebytes [2010-11-08 16:35:49 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2010-11-08 16:35:49 | 000,159,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2010-11-08 16:35:43 | 000,123,712 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys [2010-11-08 16:35:43 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys [2010-11-08 16:35:43 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys [2010-11-08 16:35:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010-11-08 16:35:41 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2010-11-08 16:35:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010-11-08 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-11-08 16:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010-11-08 16:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010-11-08 16:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security [2010-11-08 16:35:31 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\PC Tools [2010-11-08 16:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2010-11-08 16:20:07 | 000,000,000 | --SD | C] -- C:\ComboFix [2010-11-08 16:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010-11-08 16:05:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010-11-08 16:05:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010-11-08 15:56:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010-11-08 15:56:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010-11-08 15:56:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010-11-08 15:56:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010-11-08 15:56:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010-11-08 15:53:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-11-08 15:38:15 | 000,000,000 | ---D | C] -- C:\found.000 [2010-11-07 21:28:02 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010-11-07 21:28:02 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010-11-07 21:28:02 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010-11-07 21:28:02 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010-11-07 21:28:02 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010-11-07 21:28:02 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010-11-07 21:28:02 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll [2010-11-07 21:28:02 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll [2010-11-07 21:28:02 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010-11-07 21:28:02 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010-11-07 21:13:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2010-11-06 21:45:35 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\Mozilla [2010-11-06 21:45:35 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Local\Mozilla [2010-11-06 21:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010-11-06 21:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-11-06 13:17:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010-11-04 15:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-11-04 15:42:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010-11-04 15:42:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010-11-04 15:42:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010-10-26 16:57:16 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Local\ElevatedDiagnostics [2010-10-25 17:30:23 | 001,024,000 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\immcpl.dll [2010-10-25 17:30:23 | 000,196,608 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\IFC22.dll [2010-10-25 17:30:23 | 000,110,592 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\immpid.dll [2010-10-25 17:30:23 | 000,030,920 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\drivers\imhidusb.sys [2010-10-25 17:30:23 | 000,016,384 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\imm_enu.dll [2010-10-25 17:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters Inc [2010-10-25 17:05:53 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\GetRightToGo [2010-10-24 16:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2010-10-24 16:19:09 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\Documents\My Games [2010-10-24 16:19:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010-10-24 15:52:01 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll [2010-10-24 15:52:00 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll [2010-10-24 15:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\BRS [2010-10-24 15:51:56 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010-10-24 15:51:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010-10-24 15:51:51 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010-10-24 15:51:51 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010-10-24 15:51:51 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010-10-24 15:51:50 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010-10-24 15:51:50 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010-10-24 15:51:50 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010-10-24 15:50:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2010-10-24 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2010-10-24 15:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters [2010-10-20 16:33:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2010-10-20 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\Documents\EA Games [2010-10-20 16:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010-10-19 18:03:46 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010-10-19 18:03:46 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010-10-19 18:03:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010-10-19 18:03:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010-10-19 18:03:46 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010-10-19 18:03:45 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010-10-19 18:03:45 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010-10-19 18:03:45 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010-10-19 18:03:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010-10-19 18:03:45 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2010-10-19 18:03:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2010-10-19 18:03:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2010-10-19 18:03:45 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010-10-19 18:03:45 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010-10-19 18:03:44 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010-10-19 18:03:44 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010-10-19 18:03:44 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010-10-19 18:03:44 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010-10-19 18:03:44 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010-10-19 18:03:44 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010-10-19 18:03:44 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010-10-19 18:03:43 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2010-10-19 18:03:43 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2010-10-19 18:03:42 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2010-10-19 18:03:42 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2010-10-19 18:03:42 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010-10-19 18:03:42 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2010-10-19 18:03:42 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2010-10-19 18:03:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010-10-19 18:03:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2010-10-19 18:03:42 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010-10-19 18:03:42 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2010-10-19 18:03:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2010-10-19 18:03:41 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2010-10-19 18:03:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2010-10-19 18:03:41 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2010-10-19 18:03:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2010-10-19 18:03:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2010-10-19 18:03:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2010-10-19 18:03:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2010-10-19 18:03:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2010-10-19 18:03:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2010-10-19 18:03:40 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2010-10-19 18:03:40 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2010-10-19 18:03:40 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2010-10-19 18:03:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2010-10-19 18:03:40 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2010-10-19 18:03:39 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2010-10-19 18:03:39 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2010-10-19 18:03:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2010-10-19 18:03:39 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2010-10-19 18:03:39 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2010-10-19 18:03:12 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\vlc [2010-10-19 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010-10-19 17:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2010-10-19 17:59:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA [2010-10-19 17:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010-10-17 19:52:14 | 001,065,176 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys [2010-10-17 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2010-10-16 12:42:46 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2010-10-16 12:42:46 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2010-10-16 12:42:42 | 003,420,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2010-10-16 12:42:38 | 002,079,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2010-10-16 09:30:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\auralog [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-11-08 17:44:44 | 000,296,448 | ---- | M] () -- C:\Users\maciasdTk.macias\Desktop\bnulqov4.exe [2010-11-08 17:42:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\maciasdTk.macias\Desktop\OTL.exe [2010-11-08 17:40:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-315759391-259986645-1219633573-1001UA.job [2010-11-08 16:59:56 | 000,737,242 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-11-08 16:59:56 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-11-08 16:59:56 | 000,153,930 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-11-08 16:59:56 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-11-08 16:55:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-11-08 16:55:34 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2010-11-08 16:36:00 | 000,873,410 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2010-11-08 16:35:48 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010-11-08 16:35:44 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-11-08 16:16:10 | 000,507,360 | ---- | M] () -- C:\Users\maciasdTk.macias\Desktop\sdsetup[1].exe [2010-11-08 16:03:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010-11-08 15:40:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-315759391-259986645-1219633573-1001Core.job [2010-11-08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe [2010-11-06 21:45:33 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-06 21:38:48 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010-11-06 13:24:16 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer_.exe.Back.3.39404581039867 [2010-11-06 13:19:45 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Sunrise Seven.lnk [2010-11-04 16:15:25 | 000,013,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-11-04 16:15:24 | 000,013,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-10-29 18:52:07 | 000,007,024 | ---- | M] () -- C:\bootsqm.dat [2010-10-24 15:51:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010-10-24 15:51:57 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010-10-22 07:23:05 | 014,899,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010-10-22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010-10-22 07:23:05 | 010,023,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2010-10-22 07:23:05 | 000,888,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll [2010-10-22 07:23:05 | 000,813,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll [2010-10-22 07:23:05 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010-10-22 07:23:05 | 000,004,962 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2010-10-22 07:23:04 | 004,837,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010-10-22 07:23:04 | 002,912,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010-10-22 07:23:04 | 002,666,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010-10-22 07:23:02 | 013,019,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010-10-22 07:23:02 | 001,719,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2010-10-22 07:23:02 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010-10-19 18:03:07 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010-10-16 12:42:46 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2010-10-16 12:42:46 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2010-10-16 12:42:42 | 003,420,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2010-10-16 12:42:38 | 002,079,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-11-08 17:44:42 | 000,296,448 | ---- | C] () -- C:\Users\maciasdTk.macias\Desktop\bnulqov4.exe [2010-11-08 16:35:55 | 000,873,410 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2010-11-08 16:35:48 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010-11-08 16:35:44 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-11-08 16:16:10 | 000,507,360 | ---- | C] () -- C:\Users\maciasdTk.macias\Desktop\sdsetup[1].exe [2010-11-08 15:56:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010-11-08 15:56:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010-11-08 15:56:43 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2010-11-08 15:56:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010-11-08 15:56:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010-11-07 21:40:45 | 000,333,288 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2010-11-07 21:40:08 | 000,333,288 | ---- | C] () -- C:\Windows\System\sqlite3.dll [2010-11-06 21:45:33 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-06 21:38:48 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010-10-29 18:52:07 | 000,007,024 | ---- | C] () -- C:\bootsqm.dat [2010-10-25 17:30:23 | 000,080,205 | ---- | C] () -- C:\Windows\System32\ImmGDRef.chm [2010-10-25 17:30:23 | 000,043,254 | ---- | C] () -- C:\Windows\System32\immwc.bmp [2010-10-19 18:03:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\D3DX9_38.dll [2010-10-19 18:03:07 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010-10-07 16:42:30 | 000,001,696 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010-09-20 16:40:24 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010-09-17 20:56:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll [2010-09-17 20:50:19 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2010-09-17 20:50:19 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2010-09-17 20:50:06 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2010-09-17 20:50:06 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2009-11-06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009-07-14 01:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll [2009-07-14 01:13:40 | 001,782,272 | ---- | C] () -- C:\Windows\System32\NlsLexicons0039.dll [2009-07-14 01:13:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\NlsData0019.dll [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006-10-18 12:44:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys ========== LOP Check ========== [2010-09-22 18:33:35 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\Ashampoo [2010-10-19 17:58:53 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\DAEMON Tools Lite [2010-10-25 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\GetRightToGo [2010-09-20 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\RigNRoll_pol [2010-09-27 05:34:33 | 000,000,000 | ---D | M] -- C:\Users\martuśka\AppData\Roaming\Rainmeter [2010-11-07 21:04:38 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Odnośnik do komentarza
maciasdTk Opublikowano 8 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 8 Listopada 2010 log z Extras: OTL Extras logfile created on: 2010-11-08 17:43:45 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\maciasdTk.macias\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 302,73 Gb Total Space | 257,61 Gb Free Space | 85,09% Space Free | Partition Type: NTFS Drive D: | 21,86 Gb Total Space | 19,38 Gb Free Space | 88,69% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 84,70 Mb Free Space | 84,70% Space Free | Partition Type: NTFS Drive F: | 85,57 Gb Total Space | 85,48 Gb Free Space | 99,89% Space Free | Partition Type: NTFS Drive G: | 63,47 Gb Total Space | 51,01 Gb Free Space | 80,36% Space Free | Partition Type: NTFS Drive H: | 61,98 Gb Total Space | 61,89 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive I: | 302,73 Gb Total Space | 215,94 Gb Free Space | 71,33% Space Free | Partition Type: NTFS Drive J: | 325,94 Gb Total Space | 273,74 Gb Free Space | 83,98% Space Free | Partition Type: NTFS Computer Name: MACIAS | User Name: maciasdTk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-315759391-259986645-1219633573-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet "{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22 "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BD-0415-0000-0000000FF1CE}" = Język etykietek ekranowych pakietu Microsoft Office 2010 — polski "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AB0DBC9A-422A-4888-A8E5-A32EC1779E68}_is1" = Sunrise Seven 1.1.54 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E6E0CA31-FE55-41CD-BD04-413DAFE2CB29}_is1" = RigNRoll (Tylko Usuń) "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe AIR" = Adobe AIR "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010 "AuralogComponentsUninstall9.exe" = AuralogComponentsUninstall9 "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DreamMaker" = DreamMaker "EasyBCD" = EasyBCD 2.0 "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar "Spyware Doctor" = Spyware Doctor 8.0 "VLC media player" = VLC media player 1.1.4 "WinRAR archiver" = Archiwizator WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010-11-07 16:44:43 | Computer Name = macias | Source = Windows Search Service | ID = 7042 Description = Error - 2010-11-07 16:44:43 | Computer Name = macias | Source = Windows Search Service | ID = 3029 Description = Error - 2010-11-07 16:44:43 | Computer Name = macias | Source = Windows Search Service | ID = 3028 Description = Error - 2010-11-07 16:44:43 | Computer Name = macias | Source = Windows Search Service | ID = 3058 Description = Error - 2010-11-07 16:44:43 | Computer Name = macias | Source = Windows Search Service | ID = 7010 Description = Error - 2010-11-07 16:44:43 | Computer Name = macias | Source = Windows Search Service | ID = 7040 Description = Error - 2010-11-07 16:44:43 | Computer Name = macias | Source = Windows Search Service | ID = 7042 Description = Error - 2010-11-08 10:40:03 | Computer Name = macias | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2010-11-08 11:03:30 | Computer Name = macias | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2010-11-08 11:55:50 | Computer Name = macias | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. [ Media Center Events ] Error - 2010-10-17 04:04:11 | Computer Name = macias | Source = MCUpdate | ID = 0 Description = 10:04:11 - Błąd podczas nawiązywania połączenia z Internetem. 10:04:11 - Nie można skontaktować się z serwerem.. Error - 2010-10-22 11:21:53 | Computer Name = macias | Source = MCUpdate | ID = 0 Description = 17:21:53 - Błąd podczas nawiązywania połączenia z Internetem. 17:21:53 - Nie można skontaktować się z serwerem.. Error - 2010-10-22 11:22:03 | Computer Name = macias | Source = MCUpdate | ID = 0 Description = 17:21:58 - Błąd podczas nawiązywania połączenia z Internetem. 17:21:58 - Nie można skontaktować się z serwerem.. Error - 2010-10-25 11:51:54 | Computer Name = macias | Source = MCUpdate | ID = 0 Description = 17:51:54 - Błąd podczas nawiązywania połączenia z Internetem. 17:51:54 - Nie można skontaktować się z serwerem.. Error - 2010-10-25 11:52:03 | Computer Name = macias | Source = MCUpdate | ID = 0 Description = 17:51:59 - Błąd podczas nawiązywania połączenia z Internetem. 17:51:59 - Nie można skontaktować się z serwerem.. Error - 2010-10-26 10:50:29 | Computer Name = macias | Source = MCUpdate | ID = 0 Description = 16:50:16 - Błąd podczas nawiązywania połączenia z Internetem. 16:50:16 - Nie można skontaktować się z serwerem.. Error - 2010-10-26 10:51:24 | Computer Name = macias | Source = MCUpdate | ID = 0 Description = 16:51:04 - Błąd podczas nawiązywania połączenia z Internetem. 16:51:04 - Nie można skontaktować się z serwerem.. Error - 2010-10-31 06:00:02 | Computer Name = macias | Source = MCUpdate | ID = 0 Description = 10:59:56 - Błąd podczas nawiązywania połączenia z Internetem. 10:59:56 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2010-11-07 16:56:59 | Computer Name = macias | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 2010-11-08 10:40:03 | Computer Name = macias | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 2010-11-08 10:40:10 | Computer Name = macias | Source = DCOM | ID = 10001 Description = Error - 2010-11-08 10:53:24 | Computer Name = macias | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 2010-11-08 10:57:16 | Computer Name = macias | Source = Service Control Manager | ID = 7031 Description = Usługa KMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-11-08 10:57:16 | Computer Name = macias | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2010-11-08 11:00:15 | Computer Name = macias | Source = Service Control Manager | ID = 7031 Description = Usługa KMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-11-08 11:03:16 | Computer Name = macias | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 16:01:46 na ?2010-?11-?08 było nieoczekiwane. Error - 2010-11-08 11:03:45 | Computer Name = macias | Source = DCOM | ID = 10001 Description = Error - 2010-11-08 11:56:20 | Computer Name = macias | Source = DCOM | ID = 10001 Description = < End of report > log z USBFIX: ############################## | UsbFix 7.034 | [Listing] User: maciasdTk (Administrator) # MACIAS [ ] Updated 25/10/10 by El Desaparecido / C_XX Started at 19:00:23 | 08/11/2010 Website: http://www.teamxscript.org Contact: eldesaparecido@teamxscript.org CPU: AMD Athlon 64 X2 Dual Core Processor 4200+ CPU 2: AMD Athlon 64 X2 Dual Core Processor 4200+ Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) # Internet Explorer 8.0.7600.16385 Windows Firewall: Enabled RAM -> 3070 Mb C:\ (%systemdrive%) -> Fixed drive # 303 Gb (257 Mb free - 85%) [] # NTFS D:\ -> Fixed drive # 22 Gb (19 Mb free - 89%) [] # NTFS E:\ -> Fixed drive # 100 Mb (85 Mb free - 85%) [Zastrzeżone przez system] # NTFS F:\ -> Fixed drive # 86 Gb (85 Mb free - 100%) [] # NTFS G:\ -> Fixed drive # 63 Gb (51 Mb free - 80%) [] # NTFS H:\ -> Fixed drive # 62 Gb (62 Mb free - 100%) [] # NTFS I:\ -> Fixed drive # 303 Gb (216 Mb free - 71%) [] # NTFS J:\ -> Fixed drive # 326 Gb (274 Mb free - 84%) [] # NTFS K:\ -> CD-ROM L:\ -> CD-ROM ################## | Listing | [08/11/2010 - 16:05:35 | SHD ] C:\$RECYCLE.BIN [10/06/2009 - 22:42:20 | A | 24] C:\autoexec.bat [29/10/2010 - 18:52:07 | N | 10312] C:\bootsqm.dat [08/11/2010 - 16:20:09 | SD ] C:\ComboFix [08/11/2010 - 16:05:55 | A | 16583] C:\ComboFix.txt [08/11/2010 - 16:35:35 | D ] C:\Config.Msi [10/06/2009 - 22:42:20 | A | 10] C:\config.sys [14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings [08/11/2010 - 15:38:15 | D ] C:\found.000 [08/11/2010 - 18:41:57 | SHD ] C:\found.001 [08/11/2010 - 18:43:28 | ASH | 2414731264] C:\hiberfil.sys [23/09/2010 - 21:51:32 | RD ] C:\MSOCache [17/09/2010 - 21:13:54 | D ] C:\NVIDIA [08/11/2010 - 18:43:30 | ASH | 3219644416] C:\pagefile.sys [14/07/2009 - 03:37:05 | D ] C:\PerfLogs [08/11/2010 - 16:35:41 | RD ] C:\Program Files [08/11/2010 - 16:35:41 | D ] C:\ProgramData [08/11/2010 - 16:20:08 | AD ] C:\Qoobox [17/09/2010 - 16:33:25 | D ] C:\Recovery [08/11/2010 - 16:35:55 | SHD ] C:\System Volume Information [08/11/2010 - 18:03:54 | D ] C:\UsbFix [08/11/2010 - 19:00:15 | A | 2103] C:\UsbFix.txt [20/09/2010 - 16:09:33 | RD ] C:\Users [08/11/2010 - 18:10:24 | D ] C:\Windows [20/09/2010 - 16:09:38 | D ] D:\$RECYCLE.BIN [01/01/2006 - 03:21:46 | A | 0] D:\AUTOEXEC.BAT [17/09/2010 - 17:22:28 | D ] D:\Boot [16/09/2010 - 20:52:23 | H | 313] D:\Boot.BAK [17/09/2010 - 17:22:28 | RSH | 457] D:\boot.ini [22/07/2001 - 02:13:54 | RASH | 4952] D:\Bootfont.bin [14/07/2009 - 02:38:58 | RASH | 383562] D:\bootmgr [17/09/2010 - 17:22:29 | RASH | 8192] D:\BOOTSECT.BAK [01/01/2006 - 03:21:46 | A | 0] D:\CONFIG.SYS [01/01/2006 - 03:24:14 | D ] D:\Documents and Settings [01/01/2006 - 03:21:46 | RASH | 0] D:\IO.SYS [01/01/2006 - 03:21:46 | RASH | 0] D:\MSDOS.SYS [13/04/2008 - 23:13:04 | RASH | 47564] D:\NTDETECT.COM [14/04/2008 - 01:02:00 | RASH | 251152] D:\ntldr [01/01/2006 - 03:21:18 | RD ] D:\Program Files [08/11/2010 - 16:35:57 | SHD ] D:\System Volume Information [26/09/2010 - 11:43:06 | D ] D:\trening [01/01/2006 - 03:24:12 | D ] D:\WINDOWS [20/09/2010 - 16:09:38 | D ] E:\$RECYCLE.BIN [19/08/2010 - 15:37:46 | D ] E:\RECYCLER [08/11/2010 - 16:35:56 | SHD ] E:\System Volume Information [27/09/2010 - 05:34:24 | D ] F:\$RECYCLE.BIN [08/11/2010 - 16:35:56 | SHD ] F:\System Volume Information [27/09/2010 - 05:34:24 | D ] G:\$RECYCLE.BIN [26/01/2010 - 15:16:37 | D ] G:\marta aparat [15/05/2010 - 09:43:58 | RSH | 112640] G:\p9rs.exe [04/02/2010 - 22:22:20 | D ] G:\RECYCLER [08/11/2010 - 16:35:56 | SHD ] G:\System Volume Information [25/06/2010 - 13:38:15 | D ] G:\szkoła [16/01/2010 - 12:38:06 | ASH | 5632] G:\Thumbs.db [25/06/2010 - 17:32:36 | RSH | 116736] G:\vi8f.exe [26/05/2010 - 15:29:56 | RSH | 114176] G:\wa.exe [26/10/2010 - 15:43:56 | D ] G:\wesele [27/09/2010 - 05:34:24 | D ] H:\$RECYCLE.BIN [08/11/2010 - 16:35:56 | SHD ] H:\System Volume Information [20/09/2010 - 16:09:38 | D ] I:\$Recycle.Bin [26/09/2010 - 11:34:35 | D ] I:\Eduweb.Video.Kurs.Tworzenia.Stron.Internetowych-NiKKA [19/10/2010 - 17:36:07 | D ] I:\filmy [23/10/2010 - 15:33:59 | D ] I:\muzyka [19/08/2010 - 20:18:10 | D ] I:\RECYCLER [26/09/2010 - 11:30:06 | D ] I:\suite [08/11/2010 - 16:35:56 | SHD ] I:\System Volume Information [17/09/2010 - 16:55:33 | ASH | 268435456] I:\WinPEpge.sys [26/09/2010 - 11:16:26 | D ] I:\zdjecia macias [20/09/2010 - 16:09:38 | D ] J:\$RECYCLE.BIN [16/09/2010 - 21:12:30 | D ] J:\arex [07/11/2010 - 21:19:43 | D ] J:\msdownld.tmp [31/10/2010 - 12:49:52 | D ] J:\New Folder [19/08/2010 - 20:18:11 | D ] J:\RECYCLER [08/11/2010 - 16:35:56 | SHD ] J:\System Volume Information [26/09/2010 - 11:41:19 | D ] J:\trening ################## | E.O.F | i log z GMER: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-08 18:57:19 Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6 SAMSUNG_HD103SJ rev.1AJ10001 Running: bnulqov4.exe; Driver: C:\Users\MACIAS~1.MAC\AppData\Local\Temp\uwldypod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x83762A96] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x83762D5E] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8376305A] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x83762506] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A46579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A6AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 32C 82A7282C 8 Bytes [96, 2A, 76, 83, 5E, 2D, 76, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 364 82A72864 4 Bytes [5A, 30, 76, 83] {POP EDX; XOR [ESI-0x7d], DH} .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82A72CB8 4 Bytes [06, 25, 76, 83] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1420] ole32.dll!OleLoadFromStream 75FA5B88 5 Bytes JMP 6A425B74 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!CreateWindowExW 778F0E51 5 Bytes JMP 6A2D7AA7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!DialogBoxIndirectParamW 77914AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!DialogBoxIndirectParamW 77914AA7 5 Bytes JMP 6A4258AB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!DialogBoxParamW 7791564A 5 Bytes JMP 6A1F490B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!DialogBoxParamA 7792CF6A 5 Bytes JMP 6A425848 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!DialogBoxIndirectParamA 7792D29C 5 Bytes JMP 6A42590E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!MessageBoxIndirectA 7793E8C9 5 Bytes JMP 6A4257DD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!MessageBoxIndirectW 7793E9C3 5 Bytes JMP 6A425772 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!MessageBoxExA 7793EA29 5 Bytes JMP 6A425710 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1420] USER32.dll!MessageBoxExW 7793EA4D 5 Bytes JMP 6A4256AE C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] ole32.dll!OleLoadFromStream 75FA5B88 5 Bytes JMP 6A425B74 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] ole32.dll!CoCreateInstance 75FF57FC 5 Bytes JMP 6A2D8595 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!UnhookWindowsHookEx 778ECC7B 5 Bytes JMP 6A2E7E18 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!CallNextHookEx 778ECC8F 5 Bytes JMP 6A2C94EC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!CreateWindowExW 778F0E51 5 Bytes JMP 6A2D7AA7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!SetWindowsHookExW 778F210A 5 Bytes JMP 6A284243 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!DialogBoxIndirectParamW 77914AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!DialogBoxIndirectParamW 77914AA7 5 Bytes JMP 6A4258AB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!DialogBoxParamW 7791564A 5 Bytes JMP 6A1F490B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!DialogBoxParamA 7792CF6A 5 Bytes JMP 6A425848 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!DialogBoxIndirectParamA 7792D29C 5 Bytes JMP 6A42590E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!MessageBoxIndirectA 7793E8C9 5 Bytes JMP 6A4257DD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!MessageBoxIndirectW 7793E9C3 5 Bytes JMP 6A425772 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!MessageBoxExA 7793EA29 5 Bytes JMP 6A425710 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2652] USER32.dll!MessageBoxExW 7793EA4D 5 Bytes JMP 6A4256AE C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Windows\system32\taskhost.exe[2804] USER32.dll!SetForegroundWindow 778ED3AE 6 Bytes JMP 71AF0F5A .text C:\Windows\system32\taskhost.exe[2804] USER32.dll!SetWindowPos 778F3581 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2804] USER32.dll!SetWindowPos + 4 778F3585 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\system32\taskhost.exe[2804] USER32.dll!ChangeDisplaySettingsExA 779081B7 6 Bytes JMP 71A60F5A .text C:\Windows\system32\taskhost.exe[2804] USER32.dll!ChangeDisplaySettingsExW 7792FA61 6 Bytes JMP 71A30F5A .text C:\Windows\soundman.exe[3016] USER32.dll!SetForegroundWindow 778ED3AE 6 Bytes JMP 71AF0F5A .text C:\Windows\soundman.exe[3016] USER32.dll!SetWindowPos 778F3581 3 Bytes [FF, 25, 1E] .text C:\Windows\soundman.exe[3016] USER32.dll!SetWindowPos + 4 778F3585 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Windows\soundman.exe[3016] USER32.dll!ChangeDisplaySettingsExA 779081B7 6 Bytes JMP 71A60F5A .text C:\Windows\soundman.exe[3016] USER32.dll!ChangeDisplaySettingsExW 7792FA61 6 Bytes JMP 71A30F5A .text C:\Program Files\Internet Explorer\iexplore.exe[3064] ole32.dll!OleLoadFromStream 75FA5B88 5 Bytes JMP 6A425B74 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] ole32.dll!CoCreateInstance 75FF57FC 5 Bytes JMP 6A2D8595 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!UnhookWindowsHookEx 778ECC7B 5 Bytes JMP 6A2E7E18 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!CallNextHookEx 778ECC8F 5 Bytes JMP 6A2C94EC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!CreateWindowExW 778F0E51 5 Bytes JMP 6A2D7AA7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!SetWindowsHookExW 778F210A 5 Bytes JMP 6A284243 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!DialogBoxIndirectParamW 77914AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!DialogBoxIndirectParamW 77914AA7 5 Bytes JMP 6A4258AB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!DialogBoxParamW 7791564A 5 Bytes JMP 6A1F490B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!DialogBoxParamA 7792CF6A 5 Bytes JMP 6A425848 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!DialogBoxIndirectParamA 7792D29C 5 Bytes JMP 6A42590E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!MessageBoxIndirectA 7793E8C9 5 Bytes JMP 6A4257DD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!MessageBoxIndirectW 7793E9C3 5 Bytes JMP 6A425772 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!MessageBoxExA 7793EA29 5 Bytes JMP 6A425710 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3064] USER32.dll!MessageBoxExW 7793EA4D 5 Bytes JMP 6A4256AE C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3160] USER32.dll!SetForegroundWindow 778ED3AE 6 Bytes JMP 71AF0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3160] USER32.dll!SetWindowPos 778F3581 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3160] USER32.dll!SetWindowPos + 4 778F3585 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3160] USER32.dll!ChangeDisplaySettingsExA 779081B7 6 Bytes JMP 71A60F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3160] USER32.dll!ChangeDisplaySettingsExW 7792FA61 6 Bytes JMP 71A30F5A .text C:\Program Files\Internet Explorer\iexplore.exe[3212] ole32.dll!OleLoadFromStream 75FA5B88 5 Bytes JMP 6A425B74 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] ole32.dll!CoCreateInstance 75FF57FC 5 Bytes JMP 6A2D8595 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!UnhookWindowsHookEx 778ECC7B 5 Bytes JMP 6A2E7E18 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!CallNextHookEx 778ECC8F 5 Bytes JMP 6A2C94EC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!CreateWindowExW 778F0E51 5 Bytes JMP 6A2D7AA7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!SetWindowsHookExW 778F210A 5 Bytes JMP 6A284243 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxIndirectParamW 77914AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxIndirectParamW 77914AA7 5 Bytes JMP 6A4258AB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxParamW 7791564A 5 Bytes JMP 6A1F490B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxParamA 7792CF6A 5 Bytes JMP 6A425848 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxIndirectParamA 7792D29C 5 Bytes JMP 6A42590E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!MessageBoxIndirectA 7793E8C9 5 Bytes JMP 6A4257DD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!MessageBoxIndirectW 7793E9C3 5 Bytes JMP 6A425772 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!MessageBoxExA 7793EA29 5 Bytes JMP 6A425710 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!MessageBoxExW 7793EA4D 5 Bytes JMP 6A4256AE C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Users\maciasdTk.macias\Desktop\bnulqov4.exe[3256] USER32.dll!SetForegroundWindow 778ED3AE 6 Bytes JMP 71AF0F5A .text C:\Users\maciasdTk.macias\Desktop\bnulqov4.exe[3256] USER32.dll!SetWindowPos 778F3581 3 Bytes [FF, 25, 1E] .text C:\Users\maciasdTk.macias\Desktop\bnulqov4.exe[3256] USER32.dll!SetWindowPos + 4 778F3585 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Users\maciasdTk.macias\Desktop\bnulqov4.exe[3256] USER32.dll!ChangeDisplaySettingsExA 779081B7 6 Bytes JMP 71A60F5A .text C:\Users\maciasdTk.macias\Desktop\bnulqov4.exe[3256] USER32.dll!ChangeDisplaySettingsExW 7792FA61 6 Bytes JMP 71A30F5A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\PC Tools Security\pctsSvc.exe[1764] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BE34] C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools) IAT C:\Program Files\PC Tools Security\pctsSvc.exe[1764] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044C038] C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools) IAT C:\Program Files\PC Tools Security\pctsSvc.exe[1764] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BE34] C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools) IAT C:\Program Files\PC Tools Security\pctsSvc.exe[1764] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044C038] C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools) IAT C:\Program Files\PC Tools Security\pctsGui.exe[2788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BAE8] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools) IAT C:\Program Files\PC Tools Security\pctsGui.exe[2788] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BCEC] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools) IAT C:\Program Files\PC Tools Security\pctsGui.exe[2788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BAE8] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools) IAT C:\Program Files\PC Tools Security\pctsGui.exe[2788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BCEC] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools) IAT C:\Program Files\PC Tools Security\pctsGui.exe[2788] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [0044BAE8] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x9E 0xA2 0xB1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0xDC 0x19 0xFF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA8 0x8F 0xC4 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x15 0x43 0xDC 0xCA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x9E 0xA2 0xB1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0xDC 0x19 0xFF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA8 0x8F 0xC4 0x16 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x15 0x43 0xDC 0xCA ... ---- EOF - GMER 1.0.15 ---- Odnośnik do komentarza
Landuss Opublikowano 8 Listopada 2010 Zgłoś Udostępnij Opublikowano 8 Listopada 2010 1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MACIAS~1.MAC\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MACIAS~1.MAC\AppData\Local\Temp\catchme.sys -- (catchme) IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-315759391-259986645-1219633573-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://search.condui...&ctid=CT2405280" IE - HKU\S-1-5-21-315759391-259986645-1219633573-1004\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-315759391-259986645-1219633573-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found O4 - HKLM..\Run: [immcheck] File not found :Files $RECYCLE.BIN /alldrives RECYCLER /alldrives G:\p9rs.exe G:\vi8f.exe G:\wa.exe :Commands [emptyflash] [emptytemp] Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. 2. Z panelu sterowania odinstaluj śmieci - DAEMON Tools Toolbar / Softonic-Eng7 Toolbar 3. Wklejasz nowe logi z OTL i USBFix. Daj też znać czy problem dalej występuje. Odnośnik do komentarza
maciasdTk Opublikowano 8 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 8 Listopada 2010 log z USBFIX: ############################## | UsbFix 7.034 | [Listing] User: maciasdTk (Administrator) # MACIAS [ ] Updated 25/10/10 by El Desaparecido / C_XX Started at 19:55:33 | 08/11/2010 Website: http://www.teamxscript.org Contact: eldesaparecido@teamxscript.org CPU: AMD Athlon 64 X2 Dual Core Processor 4200+ CPU 2: AMD Athlon 64 X2 Dual Core Processor 4200+ Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) # Internet Explorer 8.0.7600.16385 Windows Firewall: Enabled RAM -> 3070 Mb C:\ (%systemdrive%) -> Fixed drive # 303 Gb (259 Mb free - 86%) [] # NTFS D:\ -> Fixed drive # 22 Gb (19 Mb free - 89%) [] # NTFS E:\ -> Fixed drive # 100 Mb (85 Mb free - 85%) [Zastrzeżone przez system] # NTFS F:\ -> Fixed drive # 86 Gb (85 Mb free - 100%) [] # NTFS G:\ -> Fixed drive # 63 Gb (51 Mb free - 80%) [] # NTFS H:\ -> Fixed drive # 62 Gb (62 Mb free - 100%) [] # NTFS I:\ -> Fixed drive # 303 Gb (216 Mb free - 71%) [] # NTFS J:\ -> Fixed drive # 326 Gb (274 Mb free - 84%) [] # NTFS K:\ -> CD-ROM L:\ -> CD-ROM ################## | Listing | [08/11/2010 - 19:26:33 | SHD ] C:\$RECYCLE.BIN [10/06/2009 - 22:42:20 | A | 24] C:\autoexec.bat [29/10/2010 - 18:52:07 | N | 10312] C:\bootsqm.dat [08/11/2010 - 16:20:09 | SD ] C:\ComboFix [08/11/2010 - 16:05:55 | A | 16583] C:\ComboFix.txt [08/11/2010 - 16:35:35 | D ] C:\Config.Msi [10/06/2009 - 22:42:20 | A | 10] C:\config.sys [14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings [08/11/2010 - 15:38:15 | D ] C:\found.000 [08/11/2010 - 18:41:57 | SHD ] C:\found.001 [08/11/2010 - 19:31:24 | ASH | 2414731264] C:\hiberfil.sys [23/09/2010 - 21:51:32 | RD ] C:\MSOCache [17/09/2010 - 21:13:54 | D ] C:\NVIDIA [08/11/2010 - 19:31:27 | ASH | 3219644416] C:\pagefile.sys [14/07/2009 - 03:37:05 | D ] C:\PerfLogs [08/11/2010 - 16:35:41 | RD ] C:\Program Files [08/11/2010 - 16:35:41 | D ] C:\ProgramData [08/11/2010 - 16:20:08 | AD ] C:\Qoobox [17/09/2010 - 16:33:25 | D ] C:\Recovery [08/11/2010 - 19:30:30 | SHD ] C:\System Volume Information [08/11/2010 - 18:03:54 | D ] C:\UsbFix [08/11/2010 - 19:55:24 | A | 2103] C:\UsbFix.txt [20/09/2010 - 16:09:33 | RD ] C:\Users [08/11/2010 - 18:10:24 | D ] C:\Windows [08/11/2010 - 19:23:59 | D ] C:\_OTL [08/11/2010 - 19:26:33 | SHD ] D:\$RECYCLE.BIN [01/01/2006 - 03:21:46 | A | 0] D:\AUTOEXEC.BAT [17/09/2010 - 17:22:28 | D ] D:\Boot [16/09/2010 - 20:52:23 | H | 313] D:\Boot.BAK [17/09/2010 - 17:22:28 | RSH | 457] D:\boot.ini [22/07/2001 - 02:13:54 | RASH | 4952] D:\Bootfont.bin [14/07/2009 - 02:38:58 | RASH | 383562] D:\bootmgr [17/09/2010 - 17:22:29 | RASH | 8192] D:\BOOTSECT.BAK [01/01/2006 - 03:21:46 | A | 0] D:\CONFIG.SYS [01/01/2006 - 03:24:14 | D ] D:\Documents and Settings [01/01/2006 - 03:21:46 | RASH | 0] D:\IO.SYS [01/01/2006 - 03:21:46 | RASH | 0] D:\MSDOS.SYS [13/04/2008 - 23:13:04 | RASH | 47564] D:\NTDETECT.COM [14/04/2008 - 01:02:00 | RASH | 251152] D:\ntldr [01/01/2006 - 03:21:18 | RD ] D:\Program Files [08/11/2010 - 16:35:57 | SHD ] D:\System Volume Information [26/09/2010 - 11:43:06 | D ] D:\trening [01/01/2006 - 03:24:12 | D ] D:\WINDOWS [08/11/2010 - 19:26:33 | SHD ] E:\$RECYCLE.BIN [08/11/2010 - 16:35:56 | SHD ] E:\System Volume Information [08/11/2010 - 19:26:33 | SHD ] F:\$RECYCLE.BIN [08/11/2010 - 16:35:56 | SHD ] F:\System Volume Information [08/11/2010 - 19:26:33 | SHD ] G:\$RECYCLE.BIN [26/01/2010 - 15:16:37 | D ] G:\marta aparat [08/11/2010 - 16:35:56 | SHD ] G:\System Volume Information [25/06/2010 - 13:38:15 | D ] G:\szkoła [16/01/2010 - 12:38:06 | ASH | 5632] G:\Thumbs.db [26/10/2010 - 15:43:56 | D ] G:\wesele [08/11/2010 - 19:26:33 | SHD ] H:\$RECYCLE.BIN [08/11/2010 - 16:35:56 | SHD ] H:\System Volume Information [08/11/2010 - 19:26:33 | SHD ] I:\$RECYCLE.BIN [26/09/2010 - 11:34:35 | D ] I:\Eduweb.Video.Kurs.Tworzenia.Stron.Internetowych-NiKKA [19/10/2010 - 17:36:07 | D ] I:\filmy [23/10/2010 - 15:33:59 | D ] I:\muzyka [26/09/2010 - 11:30:06 | D ] I:\suite [08/11/2010 - 16:35:56 | SHD ] I:\System Volume Information [17/09/2010 - 16:55:33 | ASH | 268435456] I:\WinPEpge.sys [26/09/2010 - 11:16:26 | D ] I:\zdjecia macias [08/11/2010 - 19:26:33 | SHD ] J:\$RECYCLE.BIN [16/09/2010 - 21:12:30 | D ] J:\arex [07/11/2010 - 21:19:43 | D ] J:\msdownld.tmp [31/10/2010 - 12:49:52 | D ] J:\New Folder [08/11/2010 - 16:35:56 | SHD ] J:\System Volume Information [26/09/2010 - 11:41:19 | D ] J:\trening ################## | E.O.F | log z OTL: OTL logfile created on: 2010-11-08 19:55:16 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\maciasdTk.macias\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 302,73 Gb Total Space | 259,04 Gb Free Space | 85,57% Space Free | Partition Type: NTFS Drive D: | 21,86 Gb Total Space | 19,38 Gb Free Space | 88,69% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 84,70 Mb Free Space | 84,70% Space Free | Partition Type: NTFS Drive F: | 85,57 Gb Total Space | 85,48 Gb Free Space | 99,89% Space Free | Partition Type: NTFS Drive G: | 63,47 Gb Total Space | 51,01 Gb Free Space | 80,36% Space Free | Partition Type: NTFS Drive H: | 61,98 Gb Total Space | 61,89 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive I: | 302,73 Gb Total Space | 215,94 Gb Free Space | 71,33% Space Free | Partition Type: NTFS Drive J: | 325,94 Gb Total Space | 273,74 Gb Free Space | 83,98% Space Free | Partition Type: NTFS Computer Name: MACIAS | User Name: maciasdTk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010-11-08 17:42:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\maciasdTk.macias\Desktop\OTL.exe PRC - [2010-10-16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010-09-29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe PRC - [2010-09-29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe PRC - [2010-09-17 20:56:09 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\soundman.exe PRC - [2010-03-15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-07-14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe ========== Modules (SafeList) ========== MOD - [2010-11-08 17:42:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\maciasdTk.macias\Desktop\OTL.exe MOD - [2010-08-04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010-09-29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2010-09-27 18:03:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-09-27 04:52:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2010-09-23 21:58:38 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) SRV - [2010-03-25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010-03-18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-03-18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010-03-18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010-03-18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2010-03-15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV) SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-10-22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-09-17 20:56:07 | 004,025,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2010-09-17 20:49:49 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2010-09-17 20:49:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2010-08-18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2010-07-16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA) DRV - [2010-07-16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS) DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2002-06-10 14:01:18 | 000,030,920 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\imhidusb.sys -- (imhidusb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-09-26 19:59:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-06 21:45:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-06 21:45:31 | 000,000,000 | ---D | M] [2010-11-06 21:45:48 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\mozilla\Extensions [2010-11-07 11:48:21 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\mozilla\Firefox\Profiles\6qwjm8rn.default\extensions [2010-11-07 11:48:21 | 000,000,000 | ---D | M] -- C:\Users\maciasdTk.macias\AppData\Roaming\mozilla\Firefox\Profiles\6qwjm8rn.default\extensions\personas@christopher.beard [2010-11-06 21:45:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-10-27 06:37:26 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-27 06:37:26 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-27 06:37:26 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-27 06:37:26 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-10-27 06:37:26 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-10-27 06:37:26 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-11-08 16:03:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found. O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [soundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKLM..\RunOnce: [] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O15 - HKLM\..Trusted Domains: wroclaw.pl ([tmm.wsb] http in Trusted sites) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1288283540709 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006-01-01 03:21:46 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-11-08 19:26:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010-11-08 19:23:59 | 000,000,000 | ---D | C] -- C:\_OTL [2010-11-08 18:41:57 | 000,000,000 | -HSD | C] -- C:\found.001 [2010-11-08 18:03:54 | 000,000,000 | ---D | C] -- C:\UsbFix [2010-11-08 18:03:40 | 001,218,134 | ---- | C] (El Desaparecido & C_XX) -- C:\Users\maciasdTk.macias\Desktop\UsbFix.exe [2010-11-08 17:42:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\maciasdTk.macias\Desktop\OTL.exe [2010-11-08 16:35:54 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2010-11-08 16:35:54 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2010-11-08 16:35:53 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2010-11-08 16:35:53 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2010-11-08 16:35:51 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\Malwarebytes [2010-11-08 16:35:49 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2010-11-08 16:35:49 | 000,159,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2010-11-08 16:35:43 | 000,123,712 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys [2010-11-08 16:35:43 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys [2010-11-08 16:35:43 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys [2010-11-08 16:35:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010-11-08 16:35:41 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2010-11-08 16:35:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010-11-08 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-11-08 16:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010-11-08 16:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010-11-08 16:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security [2010-11-08 16:35:31 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\PC Tools [2010-11-08 16:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2010-11-08 16:20:07 | 000,000,000 | --SD | C] -- C:\ComboFix [2010-11-08 16:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010-11-08 16:05:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010-11-08 15:56:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010-11-08 15:56:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010-11-08 15:56:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010-11-08 15:56:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010-11-08 15:56:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010-11-08 15:53:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-11-08 15:38:15 | 000,000,000 | ---D | C] -- C:\found.000 [2010-11-07 21:28:02 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010-11-07 21:28:02 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010-11-07 21:28:02 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010-11-07 21:28:02 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010-11-07 21:28:02 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010-11-07 21:28:02 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010-11-07 21:28:02 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll [2010-11-07 21:28:02 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll [2010-11-07 21:28:02 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010-11-07 21:28:02 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010-11-07 21:13:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2010-11-06 21:45:35 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\Mozilla [2010-11-06 21:45:35 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Local\Mozilla [2010-11-06 21:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010-11-06 21:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-11-06 13:17:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010-11-04 15:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-11-04 15:42:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010-11-04 15:42:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010-11-04 15:42:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010-10-26 16:57:16 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Local\ElevatedDiagnostics [2010-10-25 17:30:23 | 001,024,000 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\immcpl.dll [2010-10-25 17:30:23 | 000,196,608 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\IFC22.dll [2010-10-25 17:30:23 | 000,110,592 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\immpid.dll [2010-10-25 17:30:23 | 000,030,920 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\drivers\imhidusb.sys [2010-10-25 17:30:23 | 000,016,384 | ---- | C] (Immersion Corporation) -- C:\Windows\System32\imm_enu.dll [2010-10-25 17:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters Inc [2010-10-25 17:05:53 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\GetRightToGo [2010-10-24 16:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2010-10-24 16:19:09 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\Documents\My Games [2010-10-24 16:19:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010-10-24 15:52:01 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll [2010-10-24 15:52:00 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll [2010-10-24 15:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\BRS [2010-10-24 15:51:56 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010-10-24 15:51:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010-10-24 15:51:51 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010-10-24 15:51:51 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010-10-24 15:51:51 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010-10-24 15:51:50 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010-10-24 15:51:50 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010-10-24 15:51:50 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010-10-24 15:50:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2010-10-24 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2010-10-24 15:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters [2010-10-20 16:33:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2010-10-20 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\Documents\EA Games [2010-10-20 16:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010-10-19 18:03:46 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010-10-19 18:03:46 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010-10-19 18:03:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010-10-19 18:03:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010-10-19 18:03:46 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010-10-19 18:03:45 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010-10-19 18:03:45 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010-10-19 18:03:45 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010-10-19 18:03:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010-10-19 18:03:45 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2010-10-19 18:03:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2010-10-19 18:03:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2010-10-19 18:03:45 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010-10-19 18:03:45 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010-10-19 18:03:44 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010-10-19 18:03:44 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010-10-19 18:03:44 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010-10-19 18:03:44 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010-10-19 18:03:44 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010-10-19 18:03:44 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010-10-19 18:03:44 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010-10-19 18:03:43 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2010-10-19 18:03:43 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2010-10-19 18:03:42 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2010-10-19 18:03:42 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2010-10-19 18:03:42 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010-10-19 18:03:42 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2010-10-19 18:03:42 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2010-10-19 18:03:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010-10-19 18:03:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2010-10-19 18:03:42 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010-10-19 18:03:42 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2010-10-19 18:03:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2010-10-19 18:03:41 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2010-10-19 18:03:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2010-10-19 18:03:41 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2010-10-19 18:03:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2010-10-19 18:03:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2010-10-19 18:03:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2010-10-19 18:03:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2010-10-19 18:03:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2010-10-19 18:03:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2010-10-19 18:03:40 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2010-10-19 18:03:40 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2010-10-19 18:03:40 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2010-10-19 18:03:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2010-10-19 18:03:40 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2010-10-19 18:03:39 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2010-10-19 18:03:39 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2010-10-19 18:03:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2010-10-19 18:03:39 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2010-10-19 18:03:39 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2010-10-19 18:03:12 | 000,000,000 | ---D | C] -- C:\Users\maciasdTk.macias\AppData\Roaming\vlc [2010-10-19 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010-10-19 17:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2010-10-19 17:59:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA [2010-10-19 17:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010-10-17 19:52:14 | 001,065,176 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys [2010-10-17 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2010-10-16 12:42:46 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2010-10-16 12:42:46 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2010-10-16 12:42:42 | 003,420,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2010-10-16 12:42:38 | 002,079,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2010-10-16 09:30:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\auralog ========== Files - Modified Within 30 Days ========== [2010-11-08 19:40:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-315759391-259986645-1219633573-1001UA.job [2010-11-08 19:36:07 | 000,749,472 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-11-08 19:36:07 | 000,655,534 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-11-08 19:36:07 | 000,157,964 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-11-08 19:36:07 | 000,124,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-11-08 19:31:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-11-08 19:31:24 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2010-11-08 18:10:24 | 450,788,869 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010-11-08 18:03:49 | 001,218,134 | ---- | M] (El Desaparecido & C_XX) -- C:\Users\maciasdTk.macias\Desktop\UsbFix.exe [2010-11-08 17:50:24 | 000,296,448 | ---- | M] () -- C:\Users\maciasdTk.macias\Desktop\bnulqov4.exe [2010-11-08 17:42:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\maciasdTk.macias\Desktop\OTL.exe [2010-11-08 16:36:00 | 000,873,410 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2010-11-08 16:35:48 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010-11-08 16:35:44 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-11-08 16:16:10 | 000,507,360 | ---- | M] () -- C:\Users\maciasdTk.macias\Desktop\sdsetup[1].exe [2010-11-08 16:03:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010-11-08 15:40:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-315759391-259986645-1219633573-1001Core.job [2010-11-08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe [2010-11-06 21:45:33 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-06 21:38:48 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010-11-06 13:24:16 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer_.exe.Back.3.39404581039867 [2010-11-06 13:19:45 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Sunrise Seven.lnk [2010-11-04 16:15:25 | 000,013,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-11-04 16:15:24 | 000,013,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-10-29 18:52:07 | 000,010,312 | ---- | M] () -- C:\bootsqm.dat [2010-10-24 15:51:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010-10-24 15:51:57 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010-10-22 07:23:05 | 014,899,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010-10-22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010-10-22 07:23:05 | 010,023,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2010-10-22 07:23:05 | 000,888,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll [2010-10-22 07:23:05 | 000,813,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll [2010-10-22 07:23:05 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010-10-22 07:23:05 | 000,004,962 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2010-10-22 07:23:04 | 004,837,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010-10-22 07:23:04 | 002,912,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010-10-22 07:23:04 | 002,666,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010-10-22 07:23:02 | 013,019,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010-10-22 07:23:02 | 001,719,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2010-10-22 07:23:02 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010-10-19 18:03:07 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010-10-16 12:42:46 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2010-10-16 12:42:46 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2010-10-16 12:42:42 | 003,420,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2010-10-16 12:42:38 | 002,079,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll ========== Files Created - No Company Name ========== [2010-11-08 18:10:24 | 450,788,869 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010-11-08 17:44:42 | 000,296,448 | ---- | C] () -- C:\Users\maciasdTk.macias\Desktop\bnulqov4.exe [2010-11-08 16:35:55 | 000,873,410 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2010-11-08 16:35:48 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010-11-08 16:35:44 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-11-08 16:16:10 | 000,507,360 | ---- | C] () -- C:\Users\maciasdTk.macias\Desktop\sdsetup[1].exe [2010-11-08 15:56:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010-11-08 15:56:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010-11-08 15:56:43 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2010-11-08 15:56:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010-11-08 15:56:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010-11-07 21:40:45 | 000,333,288 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2010-11-07 21:40:08 | 000,333,288 | ---- | C] () -- C:\Windows\System\sqlite3.dll [2010-11-06 21:45:33 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-06 21:38:48 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010-10-29 18:52:07 | 000,010,312 | ---- | C] () -- C:\bootsqm.dat [2010-10-25 17:30:23 | 000,080,205 | ---- | C] () -- C:\Windows\System32\ImmGDRef.chm [2010-10-25 17:30:23 | 000,043,254 | ---- | C] () -- C:\Windows\System32\immwc.bmp [2010-10-19 18:03:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\D3DX9_38.dll [2010-10-19 18:03:07 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010-10-07 16:42:30 | 000,001,696 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010-09-17 20:56:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll [2010-09-17 20:50:19 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2010-09-17 20:50:19 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2010-09-17 20:50:06 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2010-09-17 20:50:06 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2009-11-06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009-07-14 01:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll [2009-07-14 01:13:40 | 001,782,272 | ---- | C] () -- C:\Windows\System32\NlsLexicons0039.dll [2009-07-14 01:13:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\NlsData0019.dll [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006-10-18 12:44:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > problemy nadal wystepuja dla różnych programów... nic nie pomogło Czyli juz nikt mi nie pomoże? Odnośnik do komentarza
picasso Opublikowano 11 Listopada 2010 Zgłoś Udostępnij Opublikowano 11 Listopada 2010 (edytowane) Zainfekowana kopia c:\windows\explorer.exe została znaleziona. Problem naprawionoPlik odzyskano z - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe No nie wiem czy explorer.exe był tu na pewno zainfekowany, bo jest wskazówka, że mógł być patchowany z intencją: [2010-11-06 13:24:16 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer_.exe.Back.3.39404581039867[2010-11-06 13:19:45 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Sunrise Seven.lnk ... oraz są również ślady wskazujące na potencjalną modyfikację plików theme (odblokowanie nakładania tematów niedomyślnych): 2010-09-27 17:04 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll2010-09-27 17:04 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll2010-09-27 17:04 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll2010-09-27 03:52 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll2010-09-27 03:52 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll2010-09-27 03:52 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll Czy tu nie było jakiś brutalnych praktyk z patchowaniem Windows? Poza tym: crackowanie aktywacyjne? (bo że jeden crack masz to pewne). Więc? Wczoraj chciałem właczyć Google Chrome ale wyskoczył mi taki sam błąd co niżej rożnił się jedynie plikiem dll i ścieżką. Zainstalowałem przeglądarke Mozille i po kilku włączeniach wyskoczył błąd n/w i pokazuje się za każdym razem.: "Firefox - Zły obraz Program C:\Program Files\ Mozilla Firefox\sqlite3.dll nie jest przeznaczony do uruchamiania w systemie Windows albo zawiera błąd. Zainstaluj program ponownie, używając oryginalnego nośnika instalacyjnego..... " (...) problemy nadal wystepuja dla różnych programów... nic nie pomogło Błędy rodzaju "zły obraz" występują m.in. wtedy gdy plik jest nieprawidłowy / uszkodzony. Jaki plik był pokazany przy Google Chrome? Jaki plik pokazuje się dla innych programów? Wstępnie, odnoszę się tylko do jedynego pewnego tu błędu wskazującego konkretny plik. Widzę w logu ten zestaw plików: [2010-11-07 21:40:45 | 000,333,288 | ---- | C] () -- C:\Windows\System32\sqlite3.dll[2010-11-07 21:40:08 | 000,333,288 | ---- | C] () -- C:\Windows\System\sqlite3.dll Poproszę o zestawienie wszystkich kopii tego pliku (jeszcze powinien być dodatkowy w folderze Firefox). Uruchom SystemLook i w oknie szukania wklej co poniżej: :filefind sqlite3.dll Kliknij w Look i pokaż wyniki końcowe. . Edytowane 13 Grudnia 2010 przez picasso 13.12.2010 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi