svhost.exe i gg.exe...

mtx25 · Maj 30, 2010

Witaam.

Mam pewien problem, załączyłem USB od kolegi i pojawiły mi się dwa wirusy.

Svhost.exe oraz gg.exe .

Jak to usunąć?

Nie mam żadnego antyvira.

Pozdrawiam.

Sevard · Maj 30, 2010

To warto zacząć mieć. Daj logi z programów Malwarebytes' Anti-Malware oraz OTL.

[Ekspert] voodoo1907 · Maj 30, 2010

Świetny darmowy antywirus: Microsoft Security Essentials. Polecam, lekki i skuteczny.

mtx25 · Maj 31, 2010

Spróbuje z tym Essentialem .

Loga z malware nie będę dawał, bo skanowałem ostatnio i nic nie wykrył.

(Skan po zainfekowaniu kompa).

OTL:

Drive D: | 244,14 Gb Total Space | 221,37 Gb Free Space | 90,68% Space Free | Partition Type: NTFS

Drive E: | 4,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MATEUSZ-2E33BD0

Current User Name: Mateusz

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-05-03 17:01:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2010-04-01 20:05:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010-03-18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe

PRC - [2009-05-19 16:37:56 | 007,673,112 | ---- | M] (CAPCOM U.S.A., INC.) -- D:\Street Fighter IV\SF4Launcher.exe

PRC - [2008-06-03 22:22:56 | 000,579,096 | -H-- | M] () -- C:\WINDOWS\svchost.exe

PRC - [2008-06-03 22:22:56 | 000,579,096 | -H-- | M] () -- C:\gg.exe

PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004-12-14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

PRC - [2004-12-13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2010-05-03 17:01:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Moje dokumenty\Pobieranie\OTL.exe

MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010-04-10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)

SRV - [2006-03-03 21:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2004-12-13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2009-06-10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008-12-25 02:56:42 | 000,433,792 | R--- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wfeaglxt.sys -- (WFLR6654) WinFast DTV1800 H (XC4000)

DRV - [2008-11-12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)

DRV - [2008-04-14 02:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)

DRV - [2008-04-14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2007-11-02 13:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)

DRV - [2007-11-02 13:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)

DRV - [2007-11-02 13:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex)

DRV - [2007-11-02 13:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)

DRV - [2007-11-02 13:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm)

DRV - [2007-11-02 13:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)

DRV - [2007-11-02 13:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl)

DRV - [2006-07-01 23:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006-06-27 14:24:16 | 000,031,744 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdTools.sys -- (AmdTools)

DRV - [2006-04-25 02:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2006-04-15 05:09:06 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2006-04-15 05:09:04 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2004-08-13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-29 10:45:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-26 16:28:44 | 000,000,000 | ---D | M]

[2010-04-29 10:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Extensions

[2010-05-27 15:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\jhgw4px9.default\extensions

[2010-05-07 13:01:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\jhgw4px9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-04-29 10:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-04-01 19:33:11 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-04-01 19:33:11 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-04-01 19:33:11 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-04-01 19:33:11 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-04-01 19:33:11 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-04-01 19:33:11 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)

O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe ()

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKCU..\Run: [gadu-gadu] C:\gg.exe ()

O4 - HKCU..\Run: [svchost] C:\WINDOWS\svchost.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.241.79.38 78.133.144.4 158.75.33.142

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-04-28 16:53:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009-04-30 11:00:46 | 000,234,776 | R--- | M] (CAPCOM U.S.A., INC.) - E:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2009-04-21 15:13:44 | 000,000,055 | R--- | M] () - E:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{4d766f41-52e5-11df-b04c-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{4d766f41-52e5-11df-b04c-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009-04-30 11:00:46 | 000,234,776 | R--- | M] (CAPCOM U.S.A., INC.)

O33 - MountPoints2\{ae6af48e-65bc-11df-b0f2-001e8c9ea885}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-05-26 16:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\m4a1

[2010-05-26 16:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Adobe

[2010-05-26 16:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010-05-26 16:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe

[2010-05-26 16:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010-05-25 18:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Robster Productions

[2010-05-24 16:58:17 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys

[2010-05-24 16:58:15 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys

[2010-05-24 16:58:13 | 000,082,944 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll

[2010-05-24 16:58:11 | 000,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll

[2010-05-24 16:58:07 | 000,029,696 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll

[2010-05-24 16:58:06 | 000,028,160 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll

[2010-05-24 16:58:05 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys

[2010-05-24 16:58:03 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys

[2010-05-24 16:58:01 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys

[2010-05-24 16:57:58 | 000,010,240 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll

[2010-05-24 16:57:56 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys

[2010-05-24 16:57:55 | 000,079,232 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys

[2010-05-24 16:57:53 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys

[2010-05-24 16:57:50 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll

[2010-05-24 16:57:26 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys

[2010-05-24 16:57:23 | 000,715,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys

[2010-05-24 16:57:21 | 000,899,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys

[2010-05-24 16:57:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll

[2010-05-24 16:57:18 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys

[2010-05-24 16:57:14 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys

[2010-05-24 16:57:12 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys

[2010-05-24 16:57:10 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys

[2010-05-24 16:57:08 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys

[2010-05-24 16:57:06 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys

[2010-05-24 16:57:05 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys

[2010-05-24 16:57:02 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys

[2010-05-24 16:57:01 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys

[2010-05-24 16:56:59 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys

[2010-05-24 16:56:58 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll

[2010-05-24 16:56:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll

[2010-05-24 16:56:54 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll

[2010-05-24 16:56:52 | 000,016,256 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys

[2010-05-24 16:56:51 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys

[2010-05-24 16:56:49 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys

[2010-05-24 16:56:49 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys

[2010-05-24 16:56:46 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys

[2010-05-24 16:56:40 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll

[2010-05-24 16:56:38 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys

[2010-05-24 16:56:36 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys

[2010-05-24 16:56:34 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys

[2010-05-24 16:56:32 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys

[2010-05-24 16:56:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll

[2010-05-24 16:56:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax

[2010-05-24 16:56:28 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll

[2010-05-24 16:56:28 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll

[2010-05-24 16:56:28 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys

[2010-05-24 16:56:27 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys

[2010-05-24 16:56:25 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys

[2010-05-24 16:56:23 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys

[2010-05-24 16:56:23 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys

[2010-05-24 16:56:21 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe

[2010-05-24 16:56:19 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys

[2010-05-24 16:56:17 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys

[2010-05-24 16:56:15 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys

[2010-05-24 16:56:13 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys

[2010-05-24 16:56:13 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys

[2010-05-24 16:56:11 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys

[2010-05-24 16:56:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll

[2010-05-24 16:56:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll

[2010-05-24 16:56:04 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys

[2010-05-24 16:56:02 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe

[2010-05-24 16:56:00 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll

[2010-05-24 16:55:58 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys

[2010-05-24 16:55:56 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll

[2010-05-24 16:55:55 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys

[2010-05-24 16:55:53 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys

[2010-05-24 16:55:51 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys

[2010-05-24 16:55:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys

[2010-05-24 16:55:47 | 000,054,570 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys

[2010-05-24 16:55:43 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys

[2010-05-24 16:55:41 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys

[2010-05-24 16:55:34 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys

[2010-05-24 16:55:32 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll

[2010-05-24 16:55:27 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys

[2010-05-24 16:55:23 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys

[2010-05-24 16:55:21 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys

[2010-05-24 16:55:21 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys

[2010-05-24 16:55:17 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys

[2010-05-24 16:55:16 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys

[2010-05-24 16:55:13 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys

[2010-05-24 16:55:13 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys

[2010-05-24 16:55:09 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys

[2010-05-24 16:55:06 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys

[2010-05-24 16:55:05 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll

[2010-05-24 16:55:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys

[2010-05-24 16:54:59 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll

[2010-05-24 16:54:58 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys

[2010-05-24 16:54:56 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys

[2010-05-24 16:54:54 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll

[2010-05-24 16:54:52 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys

[2010-05-24 16:54:50 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll

[2010-05-24 16:54:49 | 000,129,024 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys

[2010-05-24 16:54:47 | 000,052,767 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys

[2010-05-24 16:54:45 | 000,076,288 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys

[2010-05-24 16:54:43 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll

[2010-05-24 16:54:41 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys

[2010-05-24 16:54:40 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll

[2010-05-24 16:54:38 | 000,022,016 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys

[2010-05-24 16:54:36 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys

[2010-05-24 16:54:29 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys

[2010-05-24 16:54:26 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys

[2010-05-24 16:54:21 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys

[2010-05-24 16:54:20 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys

[2010-05-24 16:54:12 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys

[2010-05-24 16:54:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys

[2010-05-24 16:54:10 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys

[2010-05-24 16:54:05 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys

[2010-05-24 16:54:00 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys

[2010-05-24 16:53:55 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys

[2010-05-24 16:53:53 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys

[2010-05-24 16:53:51 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll

[2010-05-24 16:53:50 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys

[2010-05-24 16:53:48 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll

[2010-05-24 16:53:46 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys

[2010-05-24 16:53:44 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys

[2010-05-24 16:53:42 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys

[2010-05-24 16:53:35 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys

[2010-05-24 16:53:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll

[2010-05-24 16:53:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll

[2010-05-24 16:53:30 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys

[2010-05-24 16:53:30 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys

[2010-05-24 16:53:28 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys

[2010-05-24 16:53:26 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys

[2010-05-24 16:53:26 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys

[2010-05-24 16:53:25 | 000,421,760 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys

[2010-05-24 16:53:24 | 000,577,130 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys

[2010-05-24 16:53:23 | 000,607,068 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys

[2010-05-24 16:53:22 | 000,728,170 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys

[2010-05-24 16:53:20 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys

[2010-05-24 16:53:17 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys

[2010-05-24 16:53:15 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys

[2010-05-24 16:53:14 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys

[2010-05-24 16:53:12 | 000,016,000 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys

[2010-05-24 16:53:11 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys

[2010-05-24 16:53:09 | 000,026,666 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys

[2010-05-24 16:53:08 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys

[2010-05-24 16:53:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll

[2010-05-24 16:53:03 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll

[2010-05-24 16:53:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll

[2010-05-24 16:52:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll

[2010-05-24 16:52:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll

[2010-05-24 16:52:52 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys

[2010-05-24 16:52:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll

[2010-05-24 16:52:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll

[2010-05-24 16:52:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll

[2010-05-24 16:52:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll

[2010-05-24 16:52:40 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys

[2010-05-24 16:52:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll

[2010-05-24 16:52:38 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys

[2010-05-24 16:52:36 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe

[2010-05-24 16:52:36 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys

[2010-05-24 16:52:36 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys

[2010-05-24 16:52:32 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys

[2010-05-24 16:52:31 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll

[2010-05-24 16:52:29 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys

[2010-05-24 16:52:28 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys

[2010-05-24 16:52:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys

[2010-05-24 16:52:25 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys

[2010-05-24 16:52:13 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll

[2010-05-24 16:52:11 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys

[2010-05-24 16:52:10 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll

[2010-05-24 16:52:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll

[2010-05-24 16:52:07 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys

[2010-05-24 16:52:05 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll

[2010-05-24 16:52:03 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll

[2010-05-24 16:52:02 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll

[2010-05-24 16:52:00 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys

[2010-05-24 16:51:59 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys

[2010-05-24 16:51:57 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys

[2010-05-24 16:51:56 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys

[2010-05-24 16:51:54 | 000,009,728 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll

[2010-05-24 16:51:53 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys

[2010-05-24 16:51:51 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll

[2010-05-24 16:51:51 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys

[2010-05-24 16:51:50 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys

[2010-05-24 16:51:48 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll

[2010-05-24 16:51:48 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys

[2010-05-24 16:51:47 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys

[2010-05-24 16:51:33 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys

[2010-05-24 16:51:31 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys

[2010-05-24 16:51:30 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys

[2010-05-24 16:51:28 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys

[2010-05-24 16:51:27 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys

[2010-05-24 16:51:25 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys

[2010-05-24 16:51:24 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys

[2010-05-24 16:51:22 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll

[2010-05-24 16:51:21 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys

[2010-05-24 16:51:19 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys

[2010-05-24 16:51:18 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys

[2010-05-24 16:51:16 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys

[2010-05-24 16:51:15 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys

[2010-05-24 16:51:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll

[2010-05-24 16:51:11 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys

[2010-05-24 16:51:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll

[2010-05-24 16:51:08 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll

[2010-05-24 16:51:07 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys

[2010-05-22 19:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-05-22 18:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\Corel User Files

[2010-05-22 18:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Thinstall

[2010-05-21 15:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo

[2010-05-17 08:08:08 | 000,457,248 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe

[2010-05-17 08:07:48 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2010-05-16 19:23:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll

[2010-05-16 19:23:03 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll

[2010-05-16 17:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bus Driver

[2010-05-15 20:26:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mateusz\PrivacIE

[2010-05-15 18:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\JustCause

[2010-05-15 18:51:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\Runes of Magic

[2010-05-15 18:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Runes of Magic

[2010-05-15 13:14:06 | 000,000,000 | ---D | C] -- C:\Runes_of_Magic_2.1.6.2049

[2010-05-15 13:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\FOG Downloader

[2010-05-14 16:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Identities

[2010-05-14 14:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center

[2010-05-14 14:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS

[2010-05-14 14:51:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[2010-05-14 14:35:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\HaxFix

[2010-05-14 14:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010-05-14 14:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

[2010-05-13 19:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Image Zone Express

[2010-05-11 07:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Ashampoo

[2010-05-11 07:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\ashampoo

[2010-05-11 07:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo

[2010-05-10 15:41:46 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll

[2010-05-10 15:40:10 | 000,433,792 | R--- | C] (Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\wfeaglxt.sys

[2010-05-09 14:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\Super Simple Wall v4.2

[2010-05-08 18:14:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mateusz\IETldCache

[2010-05-08 17:49:43 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2010-05-08 17:49:43 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2010-05-08 17:49:43 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2010-05-08 17:49:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2010-05-08 17:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010-05-08 17:49:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2010-05-08 17:49:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010-05-08 15:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\fizzy

[2010-05-08 15:03:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache

[2010-05-08 15:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\SSIII Solo Ultratus

[2010-05-07 16:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\HLTooLz

[2010-05-07 16:43:57 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe

[2010-05-07 16:43:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE

[2010-05-07 14:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Rockstar Games

[2010-05-06 17:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\Manhunt User Files

[2010-05-06 10:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010-05-06 10:15:44 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe

[2010-05-05 20:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2010-05-05 20:35:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2010-05-05 20:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\ManHunt

[2010-05-05 20:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Toolbar4

[2010-05-05 20:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam Toolbar

[2010-05-05 20:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2

[2010-05-05 16:42:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2010-05-04 18:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\Bus Driver

[2010-05-04 18:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\DoctorWeb

[2010-05-04 18:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\Bus.Driver

[2010-05-04 18:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\WinRAR

[2010-05-04 18:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010-05-04 15:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\DirectX Happy Uninstall

[2010-05-04 15:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010-05-04 15:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

[2010-05-04 15:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\OpenOffice.org

[2010-05-04 15:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2010-05-04 15:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\OpenOffice.org 3.2 (pl) Installation Files

[2010-05-04 06:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune

[2010-05-03 17:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Malwarebytes

[2010-05-03 17:03:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-05-03 17:03:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-05-03 17:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-05-03 17:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-05-02 13:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\cache

[2010-05-02 13:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\ipla

[2010-05-02 13:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla

[2010-05-02 13:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\ipla

[2010-05-02 13:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu 10

[2010-05-02 13:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2010-05-02 13:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10

[2010-05-02 12:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2010-05-01 19:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\RegCure

[2010-05-01 18:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\gtk-2.0

[2010-05-01 18:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\.thumbnails

[2010-05-01 12:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\.gimp-2.6

[2010-05-01 12:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\gegl-0.0

[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-05-31 06:18:05 | 000,019,272 | ---- | M] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-05-31 06:17:30 | 000,131,151 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010-05-31 06:17:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-05-31 06:17:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-05-31 06:17:25 | 000,257,752 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor

[2010-05-30 15:49:33 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Mateusz\NTUSER.DAT

[2010-05-30 15:49:33 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Mateusz\ntuser.ini

[2010-05-30 12:30:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegistryConvoy.job

[2010-05-28 15:53:01 | 004,060,053 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\grubson - nowa fala [www.MP3-find.eu].mp3

[2010-05-26 17:10:25 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Counter Strike 1.6 Non Steam.lnk

[2010-05-26 17:10:25 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Dedicated Server.lnk

[2010-05-26 16:28:44 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

[2010-05-26 16:28:44 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 7.0.lnk

[2010-05-26 16:27:54 | 000,013,275 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini

[2010-05-25 19:05:36 | 000,004,726 | ---- | M] () -- C:\Documents and Settings\Mateusz\.recently-used.xbel

[2010-05-25 19:00:01 | 000,003,406 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Bez nazwy.jpg

[2010-05-25 18:57:43 | 000,009,655 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Bez nazwy.xcf

[2010-05-25 18:48:02 | 000,013,096 | R--- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\tempdecal

[2010-05-25 18:46:37 | 000,005,063 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\lol2.JPG

[2010-05-25 18:46:02 | 000,006,894 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\lol.jpg

[2010-05-22 19:36:05 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\HiJackThis.lnk

[2010-05-22 19:28:52 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-05-22 19:07:43 | 000,014,030 | ---- | M] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\Rysunek15.cdr

[2010-05-22 18:53:44 | 000,014,034 | ---- | M] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\Kopia_zapasowa_Rysunek15.cdr

[2010-05-22 18:14:02 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010-05-21 17:34:51 | 005,366,594 | -H-- | M] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-05-21 15:43:51 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ashampoo Burning Studio 9.lnk

[2010-05-20 07:54:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-05-19 15:30:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-05-16 17:58:43 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Bus Driver.lnk

[2010-05-15 18:57:24 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Just Cause.lnk

[2010-05-15 18:53:32 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\ROM.rtf

[2010-05-14 14:52:33 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Microsoft Fix it Center.lnk

[2010-05-14 14:21:32 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010-05-13 19:38:17 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-05-10 15:41:32 | 000,001,433 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\WinFast PVR2.lnk

[2010-05-08 17:41:20 | 000,000,532 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-05-08 17:41:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-05-08 17:41:20 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[2010-05-08 07:00:02 | 001,087,636 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-05-08 07:00:02 | 000,490,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-05-08 07:00:02 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-05-08 07:00:02 | 000,083,660 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-05-08 07:00:02 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-05-07 16:43:57 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe

[2010-05-07 16:43:56 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE

[2010-05-07 16:03:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-05-07 14:38:25 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Manhunt 2.lnk

[2010-05-06 17:40:34 | 002,139,235 | ---- | M] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\Prezentacja..odp

[2010-05-05 20:11:03 | 277,726,512 | ---- | M] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\clip0001.avi

[2010-05-04 15:48:01 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DirectX Happy Uninstall.lnk

[2010-05-04 15:24:00 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenOffice.org 3.2.lnk

[2010-05-03 17:03:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-05-01 12:06:28 | 000,445,515 | ---- | M] () -- C:\WINDOWS\0901.zip

[2010-05-01 10:56:31 | 000,000,002 | ---- | M] () -- C:\WINDOWS\System32\Dvbpws.dll

[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-05-26 16:53:18 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Dedicated Server.lnk

[2010-05-26 16:38:32 | 004,060,053 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\grubson - nowa fala [www.MP3-find.eu].mp3

[2010-05-26 16:28:44 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

[2010-05-26 16:28:44 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 7.0.lnk

[2010-05-25 19:05:36 | 000,004,726 | ---- | C] () -- C:\Documents and Settings\Mateusz\.recently-used.xbel

[2010-05-25 18:58:30 | 000,003,406 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Bez nazwy.jpg

[2010-05-25 18:57:43 | 000,009,655 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Bez nazwy.xcf

[2010-05-25 18:48:03 | 000,013,096 | R--- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\tempdecal

[2010-05-25 18:46:37 | 000,005,063 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\lol2.JPG

[2010-05-25 18:46:02 | 000,006,894 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\lol.jpg

[2010-05-24 16:58:19 | 000,182,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\s3mt3d.dll

[2010-05-24 16:55:45 | 000,043,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys

[2010-05-22 19:36:05 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\HiJackThis.lnk

[2010-05-22 19:07:43 | 000,014,034 | ---- | C] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\Kopia_zapasowa_Rysunek15.cdr

[2010-05-22 18:53:44 | 000,014,030 | ---- | C] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\Rysunek15.cdr

[2010-05-22 18:14:00 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010-05-22 18:13:22 | 000,579,096 | -H-- | C] () -- C:\WINDOWS\svchost.exe

[2010-05-22 18:13:22 | 000,579,096 | -H-- | C] () -- C:\gg.exe

[2010-05-21 15:43:51 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ashampoo Burning Studio 9.lnk

[2010-05-17 08:08:08 | 000,019,495 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu

[2010-05-16 17:58:43 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Bus Driver.lnk

[2010-05-15 18:57:24 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Just Cause.lnk

[2010-05-15 18:53:32 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\ROM.rtf

[2010-05-14 14:52:33 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Microsoft Fix it Center.lnk

[2010-05-14 14:35:59 | 000,537,842 | ---- | C] () -- C:\HaxFix.exe

[2010-05-13 19:38:17 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-05-10 15:41:32 | 000,001,433 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\WinFast PVR2.lnk

[2010-05-07 14:38:25 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Manhunt 2.lnk

[2010-05-06 17:40:33 | 002,139,235 | ---- | C] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\Prezentacja..odp

[2010-05-05 20:35:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010-05-05 20:06:12 | 277,726,512 | ---- | C] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\clip0001.avi

[2010-05-04 15:48:01 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DirectX Happy Uninstall.lnk

[2010-05-04 15:24:00 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenOffice.org 3.2.lnk

[2010-05-03 17:03:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-05-03 16:55:35 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Counter Strike 1.6 Non Steam.lnk

[2010-05-01 12:06:28 | 001,048,576 | ---- | C] () -- C:\WINDOWS\0901.BIN

[2010-05-01 12:06:17 | 000,445,515 | ---- | C] () -- C:\WINDOWS\0901.zip

[2010-04-30 21:06:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Dvbpws.dll

[2010-04-28 17:22:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2010-04-28 16:57:12 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010-04-28 16:57:11 | 000,013,275 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010-04-28 16:56:55 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-01-04 11:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2001-07-07 03:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

< End of report >

Oo, na początku loga są uruchomione procesy.Jest tam svchost.exe (to ten wir) i gg.exe.

To teraz co muszę zrobić?

Sevard · Maj 31, 2010

svchost.exe w tej lokalizacji (tzn. C:\Windows\svchost.exe jest szkodnikiem), gg.exe też tak wygląda.

gg.exe może być zainstalowanym w złym miejscu gadu-gadu, ale usuniemy to. Najwyżej sobie gg przeinstalujesz.

Uruchom OTL, w Custom Scans/Fixes w OTL wklej to co poniżej:

:Processes

killallprocesses


:OTL

O4 - HKCU..\Run: [gadu-gadu] C:\gg.exe ()

O4 - HKCU..\Run: [svchost] C:\WINDOWS\svchost.exe ()


:Files

C:\gg.exe

C:\WINDOWS\svchost.exe


:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


:Commands

[emptytemp]

i kliknij run fix. Wrzuć na forum log z tej operacji. Następnie wrzuć nowe logi z OTL, tylko tym razem zaznacz opcje: Scan All Users, LOP Check, Purity Check. Zaznacz też opcję Use Safelist w Extra registry. Wklej oba wygenerowane przez OTL logi.

Zaloguj się

Zarchiwizowany

svhost.exe i gg.exe...

Polecane posty

mtx25

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

[Ekspert] voodoo1907

Link do komentarza

Udostępnij na innych stronach

mtx25

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

Kto przegląda 0 użytkowników

CD-Action

Przeglądaj

Aktywność