Windows 7 - dziwne programy proszą o dostęp do sieci

b3rt · Marzec 19, 2010

Witam.

Wczoraj w końcu dorwałem swoje łapy do Windows 7 (wersja OEM, Ultimate, 32-bitowa). Zainstalowałem, skopiowałem dokumenty ze starego systemu i zabrałem się za instalację programów i gier.

Tu jednak pojawił się problem. Podczas instalacji programu Games for Windows LIVE dla Resident Evil 5, Comodo wyrzucił mi trzy zapytania o dostęp do sieci (dokładnie to programów dm1.exe, 59684668.ex_ oraz setupv.exe). Zablokowałem wszystkim trzem dostęp do internetu (prawie zawsze tak robię kiedy pojawiają się nieznane programy), i wydawało mi się że nic się nie stało. Jednak po włączeniu Firefoxa zauważyłem że strona startowa sama ustawiła się na jakieś pornosy, a wyszukiwarka z toolbara zmieniła się na "IWeird" czy jakoś tak. Poprzestawiałem wszystko na swoje własne ustawienia, i jak na razie nie stwierdziłem żadnych niepokojących akcji komputera. Dla pewności prosiłbym jednak o sprawdzenie logów:

Malwarebytes Anti-Malware:

Pierwszy skan:

Malwarebytes' Anti-Malware 1.44

Wersja bazy definicji: 3884

Windows 6.1.7600

Internet Explorer 8.0.7600.16385


2010-03-19 08:02:38

mbam-log-2010-03-19 (08-02-38).txt


Typ skanowania: Pełne skanowanie (C:\|D:\|)

Przeskanowane obiekty: 186769

Upłynęło: 12 minute(s), 49 second(s)


Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 5

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 0

Zainfekowane foldery: 0

Zainfekowane pliki: 2


Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)


Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)


Zainfekowane klucze rejestru:

HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6d-nuenaqfz4uz (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{acf7af75-6528-a79b-033a-96a8af6c8be7} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{acf7af75-6528-a79b-033a-96a8af6c8be7} (Adware.BHO) -> Quarantined and deleted successfully.


Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)


Zainfekowane pliki rejestru:

(Nie wykryto groźnych plików)


Zainfekowane foldery:

(Nie wykryto groźnych plików)


Zainfekowane pliki:

C:\Windows\System32\6d-NUEnAQfZ4UZ.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Windows\System32\spsRJsYp.dll (Adware.BHO) -> Quarantined and deleted successfully.

Skan po usunięciu zakażonych plików

Malwarebytes' Anti-Malware 1.44

Wersja bazy definicji: 3884

Windows 6.1.7600

Internet Explorer 8.0.7600.16385


2010-03-19 08:19:14

mbam-log-2010-03-19 (08-19-14).txt


Typ skanowania: Pełne skanowanie (C:\|)

Przeskanowane obiekty: 183907

Upłynęło: 13 minute(s), 56 second(s)


Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 0

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 0

Zainfekowane foldery: 0

Zainfekowane pliki: 0


Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)


Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)


Zainfekowane klucze rejestru:

(Nie wykryto groźnych plików)


Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)


Zainfekowane pliki rejestru:

(Nie wykryto groźnych plików)


Zainfekowane foldery:

(Nie wykryto groźnych plików)


Zainfekowane pliki:

(Nie wykryto groźnych plików)

OTL

OTL logfile created on: 2010-03-19 08:16:10 - Run 3

OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\b3rt\Downloads

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 195,31 Gb Total Space | 160,56 Gb Free Space | 82,21% Space Free | Partition Type: NTFS

Drive D: | 270,44 Gb Total Space | 242,75 Gb Free Space | 89,76% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: B3RT-KOMPUTER

Current User Name: b3rt

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-03-19 00:38:21 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\b3rt\Downloads\OTL.exe

PRC - [2010-03-03 19:54:44 | 000,960,080 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2010-03-03 19:54:32 | 001,983,760 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

PRC - [2010-02-12 19:23:32 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010-01-11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010-01-07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2009-11-17 15:18:22 | 006,807,552 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe

PRC - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-03-19 00:38:21 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\b3rt\Downloads\OTL.exe

MOD - [2010-03-03 19:54:42 | 000,276,648 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll

MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll

MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2010-03-18 22:28:41 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010-03-03 19:54:44 | 000,960,080 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV - [2010-02-12 19:23:32 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)

SRV - [2010-01-11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)

SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2010-03-03 19:54:06 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)

DRV - [2010-03-03 19:54:06 | 000,030,032 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2010-03-03 19:54:04 | 000,208,192 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)

DRV - [2010-01-12 05:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010-01-07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2009-07-30 12:58:26 | 000,187,392 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)

DRV - [2009-07-28 15:33:56 | 000,055,656 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009-07-14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)

DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009-05-11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-2345122944-109170285-3351383334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKU\S-1-5-21-2345122944-109170285-3351383334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7

FF - prefs.js..extensions.enabledItems: {b0c795cb-d5cc-5b3f-5707-3d304cc5f2d9}:4.6.6.4



FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-18 21:43:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-18 21:43:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-03-18 21:43:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins


[2010-03-18 21:34:18 | 000,000,000 | ---D | M] -- C:\Users\b3rt\AppData\Roaming\mozilla\Extensions

[2010-03-19 08:12:50 | 000,000,000 | ---D | M] -- C:\Users\b3rt\AppData\Roaming\mozilla\Firefox\Profiles\8kffjvnm.default\extensions

[2010-03-18 21:58:49 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\b3rt\AppData\Roaming\mozilla\Firefox\Profiles\8kffjvnm.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}

[2010-03-18 21:56:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\b3rt\AppData\Roaming\mozilla\Firefox\Profiles\8kffjvnm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-03-18 21:59:40 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\b3rt\AppData\Roaming\mozilla\Firefox\Profiles\8kffjvnm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010-03-19 00:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-03-19 00:02:20 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{b0c795cb-d5cc-5b3f-5707-3d304cc5f2d9}

[2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2010-03-19 00:44:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-2345122944-109170285-3351383334-1000..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\b3rt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esport1.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1

O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-03-19 07:47:59 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\Malwarebytes

[2010-03-19 07:47:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010-03-19 07:47:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010-03-19 07:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-03-19 07:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010-03-19 00:44:21 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-03-19 00:05:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2010-03-18 23:53:00 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll

[2010-03-18 23:53:00 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll

[2010-03-18 23:52:59 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll

[2010-03-18 23:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\CAPCOM

[2010-03-18 23:46:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive

[2010-03-18 23:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE

[2010-03-18 23:28:46 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll

[2010-03-18 23:28:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll

[2010-03-18 23:28:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll

[2010-03-18 23:28:46 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll

[2010-03-18 23:28:45 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll

[2010-03-18 23:28:45 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll

[2010-03-18 23:28:45 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll

[2010-03-18 23:28:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll

[2010-03-18 23:28:45 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll

[2010-03-18 23:28:45 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll

[2010-03-18 23:28:44 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll

[2010-03-18 23:28:44 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll

[2010-03-18 23:28:44 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll

[2010-03-18 23:28:44 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll

[2010-03-18 23:28:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll

[2010-03-18 23:28:44 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll

[2010-03-18 23:28:44 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll

[2010-03-18 23:28:44 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll

[2010-03-18 23:28:43 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll

[2010-03-18 23:28:43 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll

[2010-03-18 23:28:43 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll

[2010-03-18 23:28:43 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll

[2010-03-18 23:28:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll

[2010-03-18 23:28:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll

[2010-03-18 23:28:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll

[2010-03-18 23:28:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll

[2010-03-18 23:28:43 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll

[2010-03-18 23:28:43 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll

[2010-03-18 23:28:43 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll

[2010-03-18 23:28:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll

[2010-03-18 23:28:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll

[2010-03-18 23:28:43 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll

[2010-03-18 23:28:42 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll

[2010-03-18 23:28:42 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll

[2010-03-18 23:28:42 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll

[2010-03-18 23:28:42 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll

[2010-03-18 23:28:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll

[2010-03-18 23:28:42 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll

[2010-03-18 23:28:42 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll

[2010-03-18 23:28:42 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll

[2010-03-18 23:28:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll

[2010-03-18 23:28:42 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll

[2010-03-18 23:28:41 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll

[2010-03-18 23:28:41 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll

[2010-03-18 23:28:41 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll

[2010-03-18 23:28:41 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll

[2010-03-18 23:28:41 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll

[2010-03-18 23:28:41 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll

[2010-03-18 23:28:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll

[2010-03-18 23:28:41 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll

[2010-03-18 23:28:41 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll

[2010-03-18 23:28:40 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll

[2010-03-18 23:28:40 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll

[2010-03-18 23:28:40 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll

[2010-03-18 23:28:40 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll

[2010-03-18 23:28:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll

[2010-03-18 23:28:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll

[2010-03-18 23:28:40 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll

[2010-03-18 23:28:40 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll

[2010-03-18 23:28:40 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll

[2010-03-18 23:28:39 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll

[2010-03-18 23:28:39 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll

[2010-03-18 23:28:39 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll

[2010-03-18 23:28:39 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll

[2010-03-18 23:28:39 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll

[2010-03-18 23:28:39 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll

[2010-03-18 23:28:39 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll

[2010-03-18 23:28:39 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll

[2010-03-18 23:28:39 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll

[2010-03-18 23:28:39 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll

[2010-03-18 23:28:39 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll

[2010-03-18 23:28:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll

[2010-03-18 23:28:37 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll

[2010-03-18 23:28:37 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll

[2010-03-18 23:28:37 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll

[2010-03-18 23:28:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll

[2010-03-18 23:28:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll

[2010-03-18 23:28:37 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll

[2010-03-18 23:28:37 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll

[2010-03-18 23:28:37 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll

[2010-03-18 23:23:03 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Local\GHISLER

[2010-03-18 23:23:03 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Local\Divinity 2

[2010-03-18 23:20:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx

[2010-03-18 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\ProtectDisc

[2010-03-18 23:17:46 | 000,000,000 | ---D | C] -- C:\totalcmd

[2010-03-18 23:17:46 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\GHISLER

[2010-03-18 23:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2

[2010-03-18 23:02:55 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Local\Microsoft Games

[2010-03-18 22:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Divinity II - Ego Draconis

[2010-03-18 22:53:18 | 000,094,208 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll

[2010-03-18 22:53:06 | 000,187,392 | ---- | C] (Realtek                                            ) -- C:\Windows\System32\drivers\Rt86win7.sys

[2010-03-18 22:53:05 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information

[2010-03-18 22:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2010-03-18 22:27:16 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\WinRAR

[2010-03-18 22:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010-03-18 22:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam

[2010-03-18 22:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

[2010-03-18 22:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO

[2010-03-18 22:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2010-03-18 22:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2010-03-18 22:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010-03-18 22:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010-03-18 22:20:33 | 011,586,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2010-03-18 22:20:33 | 000,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe

[2010-03-18 22:20:33 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2010-03-18 22:20:33 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd

[2010-03-18 22:20:32 | 014,924,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2010-03-18 22:20:32 | 004,338,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll

[2010-03-18 22:20:32 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2010-03-18 22:20:32 | 000,318,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll

[2010-03-18 22:20:31 | 011,639,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll

[2010-03-18 22:20:31 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2010-03-18 22:20:31 | 004,061,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2010-03-18 22:20:31 | 001,280,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll

[2010-03-18 22:20:31 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod189.dll

[2010-03-18 22:20:31 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll

[2010-03-18 22:20:29 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2010-03-18 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\Media Player Classic

[2010-03-18 22:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack

[2010-03-18 22:07:24 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\Xfire

[2010-03-18 22:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire

[2010-03-18 22:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire

[2010-03-18 22:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2010-03-18 21:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader

[2010-03-18 21:53:00 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010-03-18 21:53:00 | 000,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010-03-18 21:53:00 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2010-03-18 21:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010-03-18 21:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010-03-18 21:51:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2010-03-18 21:49:17 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010-03-18 21:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm

[2010-03-18 21:48:06 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Local\Last.fm

[2010-03-18 21:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm

[2010-03-18 21:44:46 | 000,000,000 | ---D | C] -- C:\Users\b3rt\WapSter

[2010-03-18 21:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter

[2010-03-18 21:43:44 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010-03-18 21:43:44 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010-03-18 21:43:44 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010-03-18 21:43:44 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010-03-18 21:43:43 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll

[2010-03-18 21:43:43 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

[2010-03-18 21:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative

[2010-03-18 21:36:19 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\foobar2000

[2010-03-18 21:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000

[2010-03-18 21:35:25 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\Thunderbird

[2010-03-18 21:35:25 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Local\Thunderbird

[2010-03-18 21:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2010-03-18 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\Mozilla

[2010-03-18 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Local\Mozilla

[2010-03-18 21:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010-03-18 21:33:52 | 000,000,000 | ---D | C] -- C:\Users\b3rt\Documents\Save

[2010-03-18 21:33:46 | 000,000,000 | ---D | C] -- C:\Users\b3rt\Documents\Pobieranie

[2010-03-18 21:33:45 | 000,000,000 | ---D | C] -- C:\Users\b3rt\Documents\Ikony Ergum

[2010-03-18 21:33:30 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Documents\Downloads

[2010-03-18 21:33:30 | 000,000,000 | ---D | C] -- C:\Users\b3rt\Documents\CAPCOM

[2010-03-18 21:33:27 | 000,000,000 | ---D | C] -- C:\Users\b3rt\Documents\szkola

[2010-03-18 21:30:34 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\Macromedia

[2010-03-18 21:30:34 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\Adobe

[2010-03-18 21:30:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2010-03-18 21:28:38 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Searches

[2010-03-18 21:28:30 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\Identities

[2010-03-18 21:28:29 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Contacts

[2010-03-18 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Local\VirtualStore

[2010-03-18 21:28:22 | 000,000,000 | --SD | C] -- C:\Users\b3rt\AppData\Roaming\Microsoft

[2010-03-18 21:28:22 | 000,000,000 | RHSD | C] -- C:\Users\b3rt\Documents\Moje obrazy

[2010-03-18 21:28:22 | 000,000,000 | RHSD | C] -- C:\Users\b3rt\Documents\Moja muzyka

[2010-03-18 21:28:22 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Videos

[2010-03-18 21:28:22 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Saved Games

[2010-03-18 21:28:22 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Pictures

[2010-03-18 21:28:22 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Music

[2010-03-18 21:28:22 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Links

[2010-03-18 21:28:22 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Favorites

[2010-03-18 21:28:22 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Downloads

[2010-03-18 21:28:22 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Documents

[2010-03-18 21:28:22 | 000,000,000 | R--D | C] -- C:\Users\b3rt\Desktop

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\Ustawienia lokalne

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\AppData\Local\Temporary Internet Files

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\Szablony

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\SendTo

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\Recent

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\PrintHood

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\NetHood

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\Documents\Moje wideo

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\Moje dokumenty

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\Menu Start

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\AppData\Local\Historia

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\Dane aplikacji

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\AppData\Local\Dane aplikacji

[2010-03-18 21:28:22 | 000,000,000 | -HSD | C] -- C:\Users\b3rt\Cookies

[2010-03-18 21:28:22 | 000,000,000 | -H-D | C] -- C:\Users\b3rt\AppData

[2010-03-18 21:28:22 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Local\Temp

[2010-03-18 21:28:22 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Local\Microsoft

[2010-03-18 21:28:22 | 000,000,000 | ---D | C] -- C:\Users\b3rt\AppData\Roaming\Media Center Programs

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\Recovery

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty

[2010-03-18 21:27:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji

[2010-03-18 21:24:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010-03-18 21:22:03 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010-03-18 21:21:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2010-03-18 21:21:05 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010-03-18 21:20:52 | 000,000,000 | -HSD | C] -- C:\Boot

[2010-03-18 21:20:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM

[2010-03-03 19:54:42 | 000,276,648 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll

[2010-03-03 19:54:06 | 000,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2010-03-03 19:54:06 | 000,030,032 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2010-03-03 19:54:04 | 000,208,192 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys

[2010-03-03 19:54:04 | 000,016,664 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-03-19 08:16:41 | 001,835,008 | -HS- | M] () -- C:\Users\b3rt\NTUSER.DAT

[2010-03-19 08:11:51 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-03-19 08:11:51 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-03-19 08:11:07 | 001,523,412 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010-03-19 08:11:07 | 000,687,590 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2010-03-19 08:11:07 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010-03-19 08:11:07 | 000,131,176 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2010-03-19 08:11:07 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010-03-19 08:04:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-03-19 08:04:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-03-19 08:04:05 | 2516,033,536 | -HS- | M] () -- C:\hiberfil.sys

[2010-03-19 08:03:30 | 001,649,464 | -H-- | M] () -- C:\Users\b3rt\AppData\Local\IconCache.db

[2010-03-19 00:44:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2010-03-19 00:08:27 | 000,000,136 | ---- | M] () -- C:\Users\b3rt\Desktop\Resident Evil 5.lnk

[2010-03-18 23:29:08 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000012A3.LCS

[2010-03-18 23:18:15 | 002,933,866 | ---- | M] () -- C:\Users\b3rt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esport1.exe

[2010-03-18 23:11:30 | 000,002,082 | ---- | M] () -- C:\Users\b3rt\Desktop\Divinity II - Ego Draconis.lnk

[2010-03-18 22:35:48 | 000,001,827 | ---- | M] () -- C:\Users\b3rt\Desktop\Left 4 Dead.lnk

[2010-03-18 21:44:59 | 000,057,560 | ---- | M] () -- C:\Users\b3rt\AppData\Local\GDIPFONTCACHEV1.DAT

[2010-03-18 21:35:25 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2010-03-18 21:33:33 | 000,004,299 | ---- | M] () -- C:\Users\b3rt\Documents\avast! Registration.eml

[2010-03-18 21:28:47 | 000,524,288 | -HS- | M] () -- C:\Users\b3rt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010-03-18 21:28:47 | 000,524,288 | -HS- | M] () -- C:\Users\b3rt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010-03-18 21:28:47 | 000,065,536 | -HS- | M] () -- C:\Users\b3rt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010-03-18 21:28:22 | 000,000,020 | -HS- | M] () -- C:\Users\b3rt\ntuser.ini

[2010-03-18 21:28:12 | 000,171,136 | RHS- | M] () -- C:\W7LDR

[2010-03-18 21:25:07 | 000,067,908 | ---- | M] () -- C:\Windows\System32\license.rtf

[2010-03-18 21:22:10 | 000,265,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010-03-18 21:20:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010-03-05 01:11:22 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll

[2010-03-03 19:54:42 | 000,276,648 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

[2010-03-03 19:54:06 | 000,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2010-03-03 19:54:06 | 000,030,032 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2010-03-03 19:54:04 | 000,208,192 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys

[2010-03-03 19:54:04 | 000,016,664 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys

[2010-02-24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-03-19 00:08:27 | 000,000,136 | ---- | C] () -- C:\Users\b3rt\Desktop\Resident Evil 5.lnk

[2010-03-18 23:18:54 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000012A3.LCS

[2010-03-18 23:17:51 | 002,933,866 | ---- | C] () -- C:\Users\b3rt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esport1.exe

[2010-03-18 23:17:46 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF

[2010-03-18 23:17:46 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF

[2010-03-18 23:17:46 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF

[2010-03-18 23:17:46 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF

[2010-03-18 23:17:46 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF

[2010-03-18 23:17:46 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF

[2010-03-18 23:17:46 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF

[2010-03-18 23:11:30 | 000,002,082 | ---- | C] () -- C:\Users\b3rt\Desktop\Divinity II - Ego Draconis.lnk

[2010-03-18 22:53:18 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2010-03-18 22:35:48 | 000,001,827 | ---- | C] () -- C:\Users\b3rt\Desktop\Left 4 Dead.lnk

[2010-03-18 22:20:33 | 000,007,437 | ---- | C] () -- C:\Windows\System32\nvinfo.pb

[2010-03-18 21:35:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010-03-18 21:33:30 | 018,859,561 | ---- | C] () -- C:\Users\b3rt\Documents\Quake.rar

[2010-03-18 21:33:30 | 007,276,497 | ---- | C] () -- C:\Users\b3rt\Documents\Beyond_Good_and_Evil_-_Poradnik_Gry-OnLine.exe

[2010-03-18 21:33:30 | 001,461,791 | ---- | C] () -- C:\Users\b3rt\Documents\GuildWars Tyria Map.jpg

[2010-03-18 21:33:30 | 000,046,592 | ---- | C] () -- C:\Users\b3rt\Documents\Prezentacja Matura!!.doc

[2010-03-18 21:33:30 | 000,004,299 | ---- | C] () -- C:\Users\b3rt\Documents\avast! Registration.eml

[2010-03-18 21:28:22 | 001,835,008 | -HS- | C] () -- C:\Users\b3rt\NTUSER.DAT

[2010-03-18 21:28:22 | 000,524,288 | -HS- | C] () -- C:\Users\b3rt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010-03-18 21:28:22 | 000,524,288 | -HS- | C] () -- C:\Users\b3rt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010-03-18 21:28:22 | 000,065,536 | -HS- | C] () -- C:\Users\b3rt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010-03-18 21:28:22 | 000,000,020 | -HS- | C] () -- C:\Users\b3rt\ntuser.ini

[2010-03-18 21:28:12 | 000,171,136 | RHS- | C] () -- C:\W7LDR

[2010-03-18 21:21:45 | 2516,033,536 | -HS- | C] () -- C:\hiberfil.sys

[2010-03-18 21:20:53 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2010-03-18 21:20:52 | 000,383,562 | RHS- | C] () -- C:\bootmgr

[2010-03-05 01:11:22 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll

[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009-04-22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat


[color=#E56717]========== LOP Check ==========[/color]


[2010-03-18 22:03:06 | 000,000,000 | ---D | M] -- C:\Users\b3rt\AppData\Roaming\foobar2000

[2010-03-18 23:17:46 | 000,000,000 | ---D | M] -- C:\Users\b3rt\AppData\Roaming\GHISLER

[2010-03-18 23:29:00 | 000,000,000 | ---D | M] -- C:\Users\b3rt\AppData\Roaming\ProtectDisc

[2010-03-18 21:35:25 | 000,000,000 | ---D | M] -- C:\Users\b3rt\AppData\Roaming\Thunderbird

[2009-07-14 05:53:46 | 000,002,756 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT


[color=#E56717]========== Purity Check ==========[/color]




[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 785 bytes -> C:\Users\b3rt\Documents\avast! Registration.eml:OECustomProperty

< End of report >

Jakby były potrzebne jeszcze logi z jakichś programów to proszę pisać, a w miarę możliwości postaram się je utworzyć i zamieścić.

EDIT

Przeprowadziłem dodatkowy skan dysków programem Dr.Web CureIt! i program nic nie znalazł. Ale co dziwne, zaraz po wyłączeniu programu wyskoczył BSOD i komputer się zrestartował (pierwszy raz mi się to zdarzyło). Nie wiem czy faktycznie coś mi w systemie siedzi, czy może jestem po prostu przewrażliwiony...

Sevard · Marzec 19, 2010

Nie podoba mi się plik

C:\Users\b3rt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esport1.exe

Sprawdź go na VirusTotal i daj tutaj wyniki.

Usuń też wszystkie pliki tymczasowe za pomocą Temp File Cleaner.

Następnie sprawdź komputer za pomocą jakiegoś skanera Antyspyware, np. a-squared Free.

b3rt · Marzec 19, 2010

Wyniki z VirusTotal

Wyczyściłem Temp za pomocą TFC, cała operacja przebiegła bez problemów.

a-squared właśnie się instaluje, jak tylko będzie na dysku to zrobię skan.

EDIT

Gruntowny skan a-squared Free nie pokazał nic niepokojącego. Chyba 5 plików oznaczonych jako "niskie zagrożenie", które bez problemu zostały usunięte. Nic ponad to.

Sevard · Marzec 19, 2010

Usuń ten plik. Nie znam żadnego programu, który umieszczałby w autostarcie plik wykonywalny zamiast skrótu, a sam plik wykonywalny o tej nazwie jest często powiązany ze szkodliwym oprogramowaniem.

Innych rzeczy nie widać.

[edit]

Wróć. Jest jeszcze jedna rzecz do sprawdzenia.

Wklej na forum zawartość pliku

C:\autoexec.bat

b3rt · Marzec 19, 2010

autoexec.bat ma tylko jedną linijkę:

REM Dummy file for NTVDM

Nic więcej. Plik otwierałem Windowsowym notatnikiem.

Sevard · Marzec 19, 2010

Nic groźnego. REM oznacza komentarz, więc to tak naprawdę jest pusty plik.

System wygląda na czysty. W razie występowania dalszych problemów pisz.

Zaloguj się

Zarchiwizowany

Windows 7 - dziwne programy proszą o dostęp do sieci

Polecane posty

b3rt

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

b3rt

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

b3rt

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

Kto przegląda 0 użytkowników

CD-Action

Przeglądaj

Aktywność