Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Przekierowywanie na bing'a

Rozpoczęty przez kicken , 13 08 2011 14:57

Temat jest zamknięty

5 odpowiedzi w tym temacie

#1 kicken

Nowy

3 postów

Napisano 13 08 2011 - 14:57

Witam, po zainstalowaniu Hotspot shield firmy anchorfree złapałem redirecting virus na wyszukiwarkę Bing we wszystkich przeglądarkach. Sprawdziłem opcje internetowe, nie mam proxy. Wyszukiwarka domyślna to google.
HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:07, on 2011-08-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS.1\RTHDCPL.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS.1\system32\spoolsv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.1\system32\nvsvc32.exe
C:\WINDOWS.1\system32\PnkBstrA.exe
C:\WINDOWS.1\system32\wbem\wmiapsrv.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\notepad.exe
C:\WINDOWS.1\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS.1\system32\NOTEPAD.EXE
C:\Program Files\Hjt\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wp.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.1\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\User\Pulpit\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\User\Pulpit\PartyPoker.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows.1\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.1\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.1\system32\browseui.dll
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS.1\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS.1\system32\cisvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.1\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.1\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5739 bytes

ComboFix

ComboFix 11-08-13.02 - User 2011-08-13  14:23:06.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1566 [GMT 2:00]
Uruchomiony z: c:\documents and settings\User\Moje dokumenty\Pobieranie\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\5100_plk_win2k_xp.exe
c:\anoirsoft\Key Downloads
c:\anoirsoft\Key Downloads\AS2011.zip
c:\anoirsoft\Key Downloads\AS2011\Anoirsoft Corporation\HBEDV.KEY
c:\anoirsoft\Key Downloads\AS20112.zip
c:\anoirsoft\Key Downloads\AS20112\hadji50 Bramjnet\HBEDV.KEY
c:\documents and settings\User\WINDOWS
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\program files\Steam\steam.exe
c:\windows.1\pvpeformr.dll
.
c:\windows.1\system32\midimap.dll . . . jest zainfekowany!!
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-07-13 do 2011-08-13  )))))))))))))))))))))))))))))))
.
.
2011-08-13 12:03 . 2011-08-13 12:03	--------	d-----w-	c:\documents and settings\All Users.WINDOWS.1\Dane aplikacji\hssff
2011-08-13 11:17 . 2011-08-13 11:17	--------	d-----w-	c:\windows.1\LastGood
2011-08-13 11:16 . 2011-06-22 22:05	755016	----a-w-	c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2011-08-13 11:16 . 2011-06-22 22:05	756552	----a-w-	c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-08-13 11:16 . 2011-08-13 11:17	--------	d-----w-	c:\program files\Hotspot Shield
2011-08-12 23:56 . 2011-07-04 11:36	309848	----a-w-	c:\windows.1\system32\drivers\aswSP.sys
2011-08-12 23:56 . 2011-07-04 11:32	19544	----a-w-	c:\windows.1\system32\drivers\aswFsBlk.sys
2011-08-12 23:56 . 2011-07-04 11:32	25432	----a-w-	c:\windows.1\system32\drivers\aswRdr.sys
2011-08-12 23:56 . 2011-07-04 11:35	43608	----a-w-	c:\windows.1\system32\drivers\aswTdi.sys
2011-08-12 23:56 . 2011-07-04 11:36	441176	----a-w-	c:\windows.1\system32\drivers\aswSnx.sys
2011-08-12 23:56 . 2011-07-04 11:35	102616	----a-w-	c:\windows.1\system32\drivers\aswmon2.sys
2011-08-12 23:56 . 2011-07-04 11:35	96344	----a-w-	c:\windows.1\system32\drivers\aswmon.sys
2011-08-12 23:56 . 2011-07-04 11:32	30808	----a-w-	c:\windows.1\system32\drivers\aavmker4.sys
2011-08-12 23:55 . 2011-07-04 11:43	40112	----a-w-	c:\windows.1\avastSS.scr
2011-08-12 23:55 . 2011-07-04 11:43	199304	----a-w-	c:\windows.1\system32\aswBoot.exe
2011-08-12 23:55 . 2011-08-12 23:55	--------	d-----w-	c:\program files\AVAST Software
2011-08-12 23:55 . 2011-08-12 23:55	--------	d-----w-	c:\documents and settings\All Users.WINDOWS.1\Dane aplikacji\AVAST Software
2011-08-12 22:06 . 2011-08-13 11:17	--------	d-----w-	C:\Hotspot Shield
2011-08-09 16:43 . 2011-08-12 17:37	--------	d-----w-	c:\documents and settings\User\riotsGamesLogs
2011-08-09 16:29 . 2011-08-09 16:29	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\LolClient
2011-08-09 15:09 . 2011-08-09 15:09	--------	d-----w-	C:\Riot Games
2011-08-09 14:17 . 2011-08-09 14:17	--------	d-----w-	c:\program files\Pando Networks
2011-08-09 09:27 . 2011-08-09 09:27	--------	d-----w-	c:\program files\LogMeIn Hamachi
2011-08-04 15:58 . 2011-08-04 16:10	--------	d-----w-	c:\documents and settings\All Users.WINDOWS.1\Dane aplikacji\Blizzard Entertainment
2011-08-04 07:32 . 2011-08-05 17:53	--------	d-----w-	c:\program files\World of Warcraft
2011-08-04 04:22 . 2011-08-04 04:22	--------	d-----w-	c:\documents and settings\All Users.WINDOWS.1\Dane aplikacji\Blizzard
2011-08-04 04:18 . 2011-08-04 15:20	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2011-08-01 18:20 . 2011-08-01 18:20	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\Mozilla-Cache
2011-08-01 18:19 . 2011-08-02 16:12	--------	d-----w-	c:\program files\PartyGaming
2011-07-31 22:35 . 2011-07-31 22:35	319488	----a-w-	c:\windows.1\HideWin.exe
2011-07-31 19:31 . 2011-07-31 19:31	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\NVIDIA
2011-07-31 19:16 . 2011-07-31 19:16	--------	d-----w-	c:\documents and settings\All Users.WINDOWS.1\Dane aplikacji\NVIDIA Corporation
2011-07-31 19:16 . 2011-07-31 19:16	--------	d-----w-	c:\documents and settings\UpdatusUser
2011-07-31 19:16 . 2011-07-31 19:16	--------	d-----w-	c:\documents and settings\All Users.WINDOWS.1\Dane aplikacji\NVIDIA
2011-07-31 19:16 . 2011-05-25 07:26	543336	----a-w-	c:\windows.1\system32\easyupdatusapiu.dll
2011-07-31 19:16 . 2011-07-31 20:05	274220	----a-w-	c:\windows.1\system32\nvdrsdb1.bin
2011-07-31 19:16 . 2011-07-31 20:05	1	----a-w-	c:\windows.1\system32\nvdrssel.bin
2011-07-31 19:16 . 2011-07-31 20:04	274212	----a-w-	c:\windows.1\system32\nvdrsdb0.bin
2011-07-31 19:15 . 2011-05-25 07:25	61440	----a-w-	c:\windows.1\system32\OpenCL.dll
2011-07-31 19:15 . 2011-05-25 07:25	899688	----a-w-	c:\windows.1\system32\nvdispco3220150.dll
2011-07-31 19:15 . 2011-05-25 07:25	865896	----a-w-	c:\windows.1\system32\nvgenco322090.dll
2011-07-31 19:15 . 2011-05-25 07:25	2808936	----a-w-	c:\windows.1\system32\nvcuvid.dll
2011-07-31 19:15 . 2011-05-25 07:25	2082408	----a-w-	c:\windows.1\system32\nvcuvenc.dll
2011-07-31 19:15 . 2011-05-25 07:25	13004800	----a-w-	c:\windows.1\system32\nvcompiler.dll
2011-07-31 19:14 . 2011-07-31 19:14	--------	d-----w-	C:\NVIDIA
2011-07-31 19:01 . 2011-07-31 19:01	--------	d-----w-	c:\program files\OCCT
2011-07-31 17:40 . 2011-07-31 17:40	--------	d-----w-	c:\program files\CPUID
2011-07-31 17:40 . 2010-11-09 13:35	21992	----a-w-	c:\windows.1\system32\drivers\cpuz135_x32.sys
2011-07-30 16:27 . 2011-07-30 16:27	--------	d-----w-	c:\program files\SopCast
2011-07-19 13:31 . 2011-07-19 13:33	--------	d-----w-	c:\documents and settings\User\.screenshooter
2011-07-19 13:31 . 2011-07-19 13:31	--------	d-----w-	c:\program files\ScreenShooter
2011-07-19 01:34 . 2011-07-19 01:34	--------	d-----w-	c:\documents and settings\User\yf
2011-07-19 01:04 . 1998-02-06 20:37	299520	----a-w-	c:\windows.1\uninst.exe
2011-07-18 23:59 . 2011-07-18 23:59	--------	d-----w-	c:\program files\Common Files\Java
2011-07-18 23:25 . 2011-07-18 23:25	--------	d-s---w-	c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Ulubione
2011-07-18 23:16 . 2005-09-27 10:16	14944	----a-w-	c:\windows.1\system32\drivers\wg6n.sys
2011-07-18 23:16 . 2005-09-27 10:16	14944	----a-w-	c:\windows.1\system32\drivers\wg5n.sys
2011-07-18 23:16 . 2005-09-27 10:16	14944	----a-w-	c:\windows.1\system32\drivers\wg4n.sys
2011-07-18 23:16 . 2005-09-27 10:16	14944	----a-w-	c:\windows.1\system32\drivers\wg3n.sys
2011-07-18 23:16 . 2005-09-27 09:44	21075	----a-w-	c:\windows.1\system32\drivers\wpsdrvnt.sys
2011-07-18 23:16 . 2005-09-27 09:43	61008	----a-w-	c:\windows.1\system32\drivers\Teefer.sys
2011-07-18 23:16 . 2004-10-15 16:32	83096	----a-w-	c:\windows.1\system32\SSSensor.dll
2011-07-18 23:16 . 2011-07-18 23:16	--------	d-----w-	c:\program files\Sygate
2011-07-18 22:02 . 2011-07-19 01:10	--------	d-----w-	c:\program files\PeerGuardian2
2011-07-18 20:47 . 2011-07-18 20:47	--------	d-----w-	c:\program files\KLC
2011-07-18 20:47 . 2000-05-21 22:00	203976	----a-w-	c:\windows.1\system32\RICHTX32.OCX
2011-07-18 20:47 . 1999-12-07 05:00	61491	----a-w-	c:\windows.1\system32\wbemdisp.TLB
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-27 16:59 . 2011-05-27 16:59	404640	----a-w-	c:\windows.1\system32\FlashPlayerCPLApp.cpl
2011-05-25 07:26 . 2008-02-19 08:35	54272	----a-w-	c:\windows.1\system32\nvwddi.dll
2011-05-25 07:26 . 2008-02-19 08:35	274432	----a-w-	c:\windows.1\system32\nvrspt.dll
2011-05-25 07:26 . 2008-02-19 08:35	270336	----a-w-	c:\windows.1\system32\nvrsru.dll
2011-05-25 07:26 . 2008-02-19 08:35	270336	----a-w-	c:\windows.1\system32\nvrsptb.dll
2011-05-25 07:26 . 2008-02-19 08:35	258048	----a-w-	c:\windows.1\system32\nvrstr.dll
2011-05-25 07:26 . 2008-02-19 08:35	258048	----a-w-	c:\windows.1\system32\nvrssl.dll
2011-05-25 07:26 . 2008-02-19 08:35	258048	----a-w-	c:\windows.1\system32\nvrssk.dll
2011-05-25 07:26 . 2008-02-19 08:35	258048	----a-w-	c:\windows.1\system32\nvrspl.dll
2011-05-25 07:26 . 2008-02-19 08:35	253952	----a-w-	c:\windows.1\system32\nvrsth.dll
2011-05-25 07:26 . 2008-02-19 08:35	253952	----a-w-	c:\windows.1\system32\nvrssv.dll
2011-05-25 07:26 . 2008-02-19 08:35	253952	----a-w-	c:\windows.1\system32\nvrsno.dll
2011-05-25 07:26 . 2008-02-19 08:35	229376	----a-w-	c:\windows.1\system32\nvrszhc.dll
2011-05-25 07:26 . 2008-02-19 08:35	154728	----a-w-	c:\windows.1\system32\nvsvc32.exe
2011-05-25 07:26 . 2008-02-19 08:35	126976	----a-w-	c:\windows.1\system32\nvrszht.dll
2011-05-25 07:26 . 2008-02-19 08:35	282624	----a-w-	c:\windows.1\system32\nvrsit.dll
2011-05-25 07:26 . 2008-02-19 08:35	274432	----a-w-	c:\windows.1\system32\nvrsnl.dll
2011-05-25 07:26 . 2008-02-19 08:35	270336	----a-w-	c:\windows.1\system32\nvrsja.dll
2011-05-25 07:26 . 2008-02-19 08:35	266240	----a-w-	c:\windows.1\system32\nvrsko.dll
2011-05-25 07:26 . 2008-02-19 08:35	262144	----a-w-	c:\windows.1\system32\nvrshu.dll
2011-05-25 07:26 . 2008-02-19 08:35	331776	----a-w-	c:\windows.1\system32\nvrshe.dll
2011-05-25 07:26 . 2008-02-19 08:35	286720	----a-w-	c:\windows.1\system32\nvrsfr.dll
2011-05-25 07:26 . 2008-02-19 08:35	249856	----a-w-	c:\windows.1\system32\nvrsfi.dll
2011-05-25 07:26 . 2008-02-19 08:35	282624	----a-w-	c:\windows.1\system32\nvrses.dll
2011-05-25 07:26 . 2008-02-19 08:35	282624	----a-w-	c:\windows.1\system32\nvrsel.dll
2011-05-25 07:26 . 2008-02-19 08:35	278528	----a-w-	c:\windows.1\system32\nvrsde.dll
2011-05-25 07:26 . 2008-02-19 08:35	274432	----a-w-	c:\windows.1\system32\nvrsesm.dll
2011-05-25 07:26 . 2008-02-19 08:35	249856	----a-w-	c:\windows.1\system32\nvrseng.dll
2011-05-25 07:26 . 2008-02-19 08:35	335872	----a-w-	c:\windows.1\system32\nvrsar.dll
2011-05-25 07:26 . 2008-02-19 08:35	253952	----a-w-	c:\windows.1\system32\nvrsda.dll
2011-05-25 07:26 . 2008-02-19 08:35	249856	----a-w-	c:\windows.1\system32\nvrscs.dll
2011-05-25 07:26 . 2008-02-19 08:35	111208	----a-w-	c:\windows.1\system32\nvmctray.dll
2011-05-25 07:26 . 2008-02-19 08:35	13895272	----a-w-	c:\windows.1\system32\nvcpl.dll
2011-05-25 07:26 . 2008-02-19 08:35	145000	----a-w-	c:\windows.1\system32\nvcolor.exe
2011-05-25 07:25 . 2008-02-19 08:35	16068608	----a-w-	c:\windows.1\system32\nvoglnt.dll
2011-05-25 07:25 . 2008-02-19 08:35	5332992	----a-w-	c:\windows.1\system32\nvcuda.dll
2011-05-25 07:25 . 2008-02-19 08:35	4198272	----a-w-	c:\windows.1\system32\nv4_disp.dll
2011-05-25 07:25 . 2008-02-19 08:35	2328576	----a-w-	c:\windows.1\system32\nvapi.dll
2011-05-25 07:25 . 2008-02-19 08:35	12753664	----a-w-	c:\windows.1\system32\drivers\nv4_mini.sys
2011-05-24 23:40 . 2011-05-24 23:40	37376	----a-w-	c:\windows.1\system32\drivers\HssDrv.sys
2011-05-24 23:40 . 2011-05-24 23:40	32768	----a-w-	c:\windows.1\system32\drivers\taphss.sys
2011-05-22 21:04 . 2011-01-19 20:37	8059	----a-w-	c:\windows.1\gdrv.sys
2011-05-21 14:24 . 2011-05-21 14:24	226560	----a-w-	c:\windows.1\system32\drivers\bcim.sys
2011-05-21 14:24 . 2011-05-21 13:56	1536	----a-w-	c:\windows.1\system32\bcevent.dll
2011-06-30 13:13 . 2011-03-22 21:31	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-16 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:\windows.1\system32\drivers\tcpip.sys
.
[-] 2008-06-16 13:28 . 4678172D19476FA7D539682FCA42C942 . 1420800 . . [2001.12.4414.700] . . c:\windows.1\system32\comres.dll
.
[-] 2008-06-16 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows.1\system32\winlogon.exe
.
[-] 2008-06-16 . 37ED43F3DEC4400586554D61C3129478 . 112128 . . [5.4.3790.5512] . . c:\windows.1\system32\wuauclt.exe
.
[-] 2008-06-16 . 7F059A93D251284A8BC758327ECD3D69 . 724992 . . [5.82] . . c:\windows.1\system32\comctl32.dll
[7] 2008-06-16 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows.1\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-06-16 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows.1\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2007-07-11 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows.1\system32\user32.dll
.
[-] 2008-06-27 . 4EC7ED41D95D18B3CD1A2BD9DFEFB591 . 1424896 . . [6.00.2900.5512] . . c:\windows.1\explorer.exe
.
[-] 2008-06-16 . 6D80898D552439B00B2AB651C4B60C3A . 270336 . . [5.1.2600.5512] . . c:\windows.1\regedit.exe
.
.
[-] 2008-06-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows.1\system32\sfcfiles.dll
.
.
.
[-] 2008-06-16 . 572B0A653990AFE6B71D38D7DD2F202D . 370688 . . [5.1.2600.5512] . . c:\windows.1\system32\hnetcfg.dll
.
[-] 2008-07-19 . 2BC05E243B86AA8E569EE3C5D8B3C424 . 2032128 . . [5.1.2600.5512] . . c:\windows.1\system32\ntkrnlpa.exe
.
[-] 2008-07-07 . 04404B7F25984558AD3390BF84C4EB95 . 2153472 . . [5.1.2600.5512] . . c:\windows.1\system32\ntoskrnl.exe
.
[-] 2008-06-16 . 193B2DEA1AB15B511DDBB8E01E034477 . 42496 . . [5.1.2600.5512] . . c:\windows.1\system32\midimap.dll
.
c:\windows.1\System32\wscntfy.exe ...  - brak elementu !!
c:\windows.1\System32\ctfmon.exe ...  - brak elementu !!
c:\windows.1\System32\regsvc.dll ...  - brak elementu !!
.
(((((((((((((((((((((((((((((   SnapShot@2011-01-27_15.12.06   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02	51008              c:\windows.1\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	51008              c:\windows.1\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	59728              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	59728              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	42832              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	42832              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	43344              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	43344              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	61264              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	61264              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	62800              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	62800              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	61760              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	61760              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	61776              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	61776              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	53568              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	53568              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	63296              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	63296              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	36688              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	36688              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	35648              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	35648              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:05 . 2009-07-11 23:05	59904              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05	59904              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-11 23:05 . 2009-07-11 23:05	59904              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05	59904              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-08-13 11:10 . 2011-08-13 11:10	16384              c:\windows.1\temp\Perflib_Perfdata_678.dat
+ 2011-05-16 17:18 . 2010-06-02 02:55	74072              c:\windows.1\system32\XAPOFX1_5.dll
+ 2011-05-16 17:18 . 2010-02-04 08:01	74072              c:\windows.1\system32\XAPOFX1_4.dll
+ 2011-05-16 17:18 . 2009-09-04 15:44	69464              c:\windows.1\system32\XAPOFX1_3.dll
+ 2011-05-16 17:18 . 2008-10-27 08:04	70992              c:\windows.1\system32\XAPOFX1_2.dll
+ 2011-05-16 17:18 . 2008-07-31 08:41	68616              c:\windows.1\system32\XAPOFX1_1.dll
+ 2011-05-16 17:18 . 2010-02-04 08:01	22360              c:\windows.1\system32\X3DAudio1_7.dll
+ 2011-05-16 17:18 . 2009-03-16 12:18	22360              c:\windows.1\system32\X3DAudio1_6.dll
+ 2011-05-16 17:18 . 2008-10-27 08:04	23376              c:\windows.1\system32\X3DAudio1_5.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	51024              c:\windows.1\system32\vcomp100.dll
+ 2011-03-19 17:19 . 2004-11-18 08:42	22752              c:\windows.1\system32\spupdsvc.exe
+ 2010-12-18 11:03 . 2010-12-18 11:03	21696              c:\windows.1\system32\speedfan.sys
+ 2011-01-21 20:29 . 2010-01-19 10:46	51232              c:\windows.1\system32\RtkCoInstXP.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	81920              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvwddi.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	86016              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvmctray.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	35840              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvcod.dll
+ 2011-07-31 22:35 . 2010-01-19 10:46	84512              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\SOUNDMAN.EXE
+ 2011-07-31 22:35 . 2010-01-19 10:46	51232              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\RtkCoInstXP.dll
- 2011-01-24 18:15 . 2008-04-14 17:51	23552              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\wdmaud.drv
+ 2011-07-31 22:35 . 2008-04-14 17:51	23552              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\wdmaud.drv
- 2011-01-24 18:15 . 2008-04-13 19:15	49408              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\stream.sys
+ 2011-07-31 22:35 . 2008-04-13 19:15	49408              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\stream.sys
- 2011-01-24 18:15 . 2008-04-13 19:15	60160              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\drmk.sys
+ 2011-07-31 22:35 . 2008-04-13 19:15	60160              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\drmk.sys
+ 2011-07-31 22:35 . 2010-01-19 10:46	64032              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\ALCMTR.EXE
+ 2011-04-01 19:57 . 2011-04-01 19:57	75136              c:\windows.1\system32\PnkBstrA.exe
+ 2008-06-16 13:28 . 2011-07-18 23:59	48118              c:\windows.1\system32\perfc015.dat
- 2008-06-16 13:28 . 2011-01-27 15:06	48118              c:\windows.1\system32\perfc015.dat
- 2008-06-16 13:28 . 2011-01-27 15:06	38858              c:\windows.1\system32\perfc009.dat
+ 2008-06-16 13:28 . 2011-07-18 23:59	38858              c:\windows.1\system32\perfc009.dat
+ 2005-10-31 20:28 . 2005-10-31 19:28	69632              c:\windows.1\system32\MobOlExt.dll
- 2005-10-31 20:28 . 2005-10-31 20:28	69632              c:\windows.1\system32\MobOlExt.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	80720              c:\windows.1\system32\mfcm100u.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	80208              c:\windows.1\system32\mfcm100.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	60752              c:\windows.1\system32\mfc100rus.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	43344              c:\windows.1\system32\mfc100kor.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	43856              c:\windows.1\system32\mfc100jpn.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	62288              c:\windows.1\system32\mfc100ita.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	64336              c:\windows.1\system32\mfc100fra.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	63824              c:\windows.1\system32\mfc100esn.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	55120              c:\windows.1\system32\mfc100enu.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	64336              c:\windows.1\system32\mfc100deu.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	36176              c:\windows.1\system32\mfc100cht.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	36176              c:\windows.1\system32\mfc100chs.dll
+ 1997-06-13 16:56 . 1997-06-13 16:56	56832              c:\windows.1\system32\iyvu9_32.dll
+ 2005-01-07 16:07 . 2005-01-07 16:07	61952              c:\windows.1\system32\HdAShCut.exe
+ 2005-01-07 16:07 . 2005-01-07 16:07	25088              c:\windows.1\system32\HdAProp.dll
+ 2011-03-29 16:10 . 2009-03-18 15:35	26176              c:\windows.1\system32\hamachi.sys
+ 2005-09-27 10:15 . 2005-09-27 10:15	99976              c:\windows.1\system32\FwsVpn.dll
+ 2008-04-13 20:15 . 2008-04-13 18:15	49408              c:\windows.1\system32\drivers\stream.sys
- 2008-04-13 20:15 . 2008-04-13 19:15	49408              c:\windows.1\system32\drivers\stream.sys
+ 2011-02-26 00:59 . 2001-10-26 11:57	12160              c:\windows.1\system32\drivers\mouhid.sys
+ 2011-02-26 00:59 . 2008-04-13 21:15	10368              c:\windows.1\system32\drivers\hidusb.sys
+ 2009-03-18 14:35 . 2009-03-18 15:35	26176              c:\windows.1\system32\drivers\hamachi.sys
- 2011-01-20 00:41 . 2008-04-13 19:15	60160              c:\windows.1\system32\drivers\drmk.sys
+ 2011-01-20 00:41 . 2008-04-13 18:15	60160              c:\windows.1\system32\drivers\drmk.sys
+ 2008-04-13 20:15 . 2008-04-13 18:15	49408              c:\windows.1\system32\dllcache\stream.sys
+ 2011-02-26 00:59 . 2001-10-26 11:57	12160              c:\windows.1\system32\dllcache\mouhid.sys
+ 2011-02-26 00:59 . 2008-04-13 21:15	10368              c:\windows.1\system32\dllcache\hidusb.sys
+ 2011-01-20 00:41 . 2008-04-13 18:15	60160              c:\windows.1\system32\dllcache\drmk.sys
- 2011-01-19 20:38 . 2006-08-01 07:02	49152              c:\windows.1\system32\ChCfg.exe
+ 2011-01-19 20:38 . 2006-08-01 13:02	49152              c:\windows.1\system32\ChCfg.exe
+ 2011-01-19 20:38 . 2008-06-18 16:01	77824              c:\windows.1\SoundMan.exe
+ 2011-08-13 11:17 . 2011-05-24 23:40	32768              c:\windows.1\LastGood\system32\DRIVERS\taphss.sys
+ 2011-08-13 11:17 . 2011-05-24 23:40	37376              c:\windows.1\LastGood\system32\DRIVERS\HssDrv.sys
+ 2011-05-27 17:05 . 2011-05-27 17:05	38400              c:\windows.1\Installer\33756a.msi
+ 2011-04-02 21:14 . 2011-04-02 21:14	21630              c:\windows.1\Installer\{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}\ARPPRODUCTICON.exe
+ 2011-05-27 17:05 . 2011-05-27 17:05	49152              c:\windows.1\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-01-19 20:38 . 2008-06-19 14:20	57344              c:\windows.1\Alcmtr.exe
+ 2011-07-31 22:35 . 2008-04-14 17:50	4096              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
- 2011-01-24 18:15 . 2008-04-14 17:50	4096              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
- 2011-01-20 00:41 . 2008-04-14 17:50	4096              c:\windows.1\system32\ksuser.dll
+ 2011-01-20 00:41 . 2008-04-14 16:50	4096              c:\windows.1\system32\ksuser.dll
+ 2005-01-07 16:07 . 2005-01-07 16:07	5120              c:\windows.1\system32\HdAudRes.dll
+ 1996-04-03 19:33 . 1996-04-03 19:33	5248              c:\windows.1\system32\giveio.sys
+ 2011-01-20 00:41 . 2008-04-14 16:50	4096              c:\windows.1\system32\dllcache\ksuser.dll
+ 2011-07-18 23:33 . 2011-07-18 23:33	4608              c:\windows.1\Installer\{10B446B3-4DF4-4489-A168-8A98F7CD807E}\IconC989D247.exe
- 2009-07-11 23:02 . 2009-07-11 23:02	653120              c:\windows.1\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	653120              c:\windows.1\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	569664              c:\windows.1\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	569664              c:\windows.1\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-11 23:05 . 2009-07-11 23:05	225280              c:\windows.1\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05	225280              c:\windows.1\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	159032              c:\windows.1\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	159032              c:\windows.1\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-01-21 20:29 . 2010-01-19 10:46	358944              c:\windows.1\vncutil.exe
+ 2011-05-16 17:18 . 2010-06-02 02:55	527192              c:\windows.1\system32\XAudio2_7.dll
+ 2011-05-16 17:18 . 2010-02-04 08:01	528216              c:\windows.1\system32\XAudio2_6.dll
+ 2011-05-16 17:18 . 2009-09-04 15:44	515416              c:\windows.1\system32\XAudio2_5.dll
+ 2011-05-16 17:18 . 2009-03-16 12:18	517448              c:\windows.1\system32\XAudio2_4.dll
+ 2011-05-16 17:18 . 2008-10-27 08:04	514384              c:\windows.1\system32\XAudio2_3.dll
+ 2011-05-16 17:18 . 2008-07-31 08:40	509448              c:\windows.1\system32\XAudio2_2.dll
+ 2011-05-16 17:18 . 2010-06-02 02:55	239960              c:\windows.1\system32\xactengine3_7.dll
+ 2011-05-16 17:18 . 2010-02-04 08:01	238936              c:\windows.1\system32\xactengine3_6.dll
+ 2011-05-16 17:18 . 2009-09-04 15:44	238936              c:\windows.1\system32\xactengine3_5.dll
+ 2011-05-16 17:18 . 2009-03-16 12:18	235352              c:\windows.1\system32\xactengine3_4.dll
+ 2011-05-16 17:18 . 2008-10-27 08:04	235856              c:\windows.1\system32\xactengine3_3.dll
+ 2011-05-16 17:18 . 2008-07-31 08:41	238088              c:\windows.1\system32\xactengine3_2.dll
+ 2005-09-27 10:15 . 2005-09-27 10:15	235144              c:\windows.1\system32\SetAid.dll
+ 2011-01-19 20:38 . 2008-03-26 16:50	131072              c:\windows.1\system32\RTCOM\RtlCPAPI.dll
+ 2011-01-19 20:38 . 2008-06-10 12:39	266240              c:\windows.1\system32\RTCOM\RTCOMDLL.dll
+ 2011-07-31 22:33 . 2005-01-07 16:07	138752              c:\windows.1\system32\ReinstallBackups\0016\DriverFiles\hdaudbus.sys
+ 2011-07-31 19:15 . 2008-02-19 08:35	155716              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvsvc32.exe
+ 2011-07-31 19:15 . 2008-02-19 08:35	286720              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvnt4cpl.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	458752              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvmccssr.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	188416              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvmccss.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	229376              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvmccs.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	409600              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvapi.dll
+ 2011-07-31 22:35 . 2010-01-19 10:46	358944              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\vncutil.exe
+ 2011-07-31 22:35 . 2010-01-19 10:46	137760              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\RTLCPAPI.dll
+ 2011-07-31 22:35 . 2010-01-19 10:46	129568              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\RtkAudioService.exe
+ 2011-07-31 22:35 . 2010-01-19 10:46	281120              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\RTCOMDLL.dll
+ 2011-07-31 22:35 . 2004-03-16 10:58	136960              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\portcls.sys
- 2011-01-24 18:15 . 2004-03-16 10:58	136960              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\portcls.sys
+ 2011-07-31 22:35 . 2008-04-13 19:46	141056              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\ks.sys
- 2011-01-24 18:15 . 2008-04-13 19:46	141056              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\i386\ks.sys
+ 2011-04-01 19:57 . 2011-04-06 14:15	268952              c:\windows.1\system32\PnkBstrB.exe
+ 2008-06-16 13:28 . 2011-07-18 23:59	353114              c:\windows.1\system32\perfh015.dat
- 2008-06-16 13:28 . 2011-01-27 15:06	353114              c:\windows.1\system32\perfh015.dat
- 2008-06-16 13:28 . 2011-01-27 15:06	309230              c:\windows.1\system32\perfh009.dat
+ 2008-06-16 13:28 . 2011-07-18 23:59	309230              c:\windows.1\system32\perfh009.dat
+ 2010-03-18 07:15 . 2010-03-18 07:15	770384              c:\windows.1\system32\msvcr100.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	421200              c:\windows.1\system32\msvcp100.dll
+ 2011-03-07 23:48 . 2003-04-09 09:28	233472              c:\windows.1\system32\MafiaSetup.exe
+ 2011-05-27 16:59 . 2011-05-27 16:59	239776              c:\windows.1\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-07-18 23:59 . 2011-05-04 02:52	157472              c:\windows.1\system32\javaws.exe
+ 2011-07-18 23:59 . 2011-05-04 02:52	145184              c:\windows.1\system32\javaw.exe
+ 2011-07-18 23:59 . 2011-05-04 02:52	145184              c:\windows.1\system32\java.exe
+ 1998-05-07 18:57 . 1998-05-07 18:57	143872              c:\windows.1\system32\iacenc.dll
+ 2011-01-19 21:16 . 2011-08-13 11:09	222432              c:\windows.1\system32\FNTCACHE.DAT
+ 2011-03-07 23:52 . 2002-06-06 13:38	139264              c:\windows.1\system32\eax.dll
+ 2011-04-01 19:57 . 2011-04-02 20:01	137176              c:\windows.1\system32\drivers\PnkBstrK.sys
+ 2008-04-13 20:46 . 2008-04-13 18:46	141056              c:\windows.1\system32\drivers\ks.sys
- 2008-04-13 20:46 . 2008-04-13 19:46	141056              c:\windows.1\system32\drivers\ks.sys
+ 2004-08-12 16:45 . 2005-01-07 16:07	145920              c:\windows.1\system32\drivers\Hdaudio.sys
+ 2004-08-12 16:45 . 2005-01-07 16:07	138752              c:\windows.1\system32\drivers\Hdaudbus.sys
+ 2004-03-16 10:58 . 2004-03-16 10:58	136960              c:\windows.1\system32\dllcache\portcls.sys
+ 2008-04-13 20:46 . 2008-04-13 18:46	141056              c:\windows.1\system32\dllcache\ks.sys
+ 2011-03-19 00:38 . 2011-05-04 02:52	472808              c:\windows.1\system32\deployJava1.dll
+ 2011-05-16 17:18 . 2010-05-26 09:41	248672              c:\windows.1\system32\d3dx11_43.dll
+ 2011-05-16 17:18 . 2009-09-04 15:29	235344              c:\windows.1\system32\d3dx11_42.dll
+ 2011-05-16 17:18 . 2010-05-26 09:41	470880              c:\windows.1\system32\d3dx10_43.dll
+ 2011-05-16 17:18 . 2009-09-04 15:29	453456              c:\windows.1\system32\d3dx10_42.dll
+ 2011-05-16 17:18 . 2009-03-09 13:27	453456              c:\windows.1\system32\d3dx10_41.dll
+ 2011-05-16 17:18 . 2008-10-15 04:22	452440              c:\windows.1\system32\d3dx10_40.dll
+ 2011-05-16 17:18 . 2008-07-12 06:18	467984              c:\windows.1\system32\d3dx10_39.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	138056              c:\windows.1\system32\atl100.dll
+ 2011-01-21 20:29 . 2010-01-19 10:46	129568              c:\windows.1\RtkAudioService.exe
+ 2011-03-07 23:52 . 1998-10-29 15:45	306688              c:\windows.1\IsUninst.exe
+ 2011-07-18 23:59 . 2011-07-18 23:59	203776              c:\windows.1\Installer\f1c21.msi
+ 2011-05-07 00:13 . 2011-05-07 00:13	677376              c:\windows.1\Installer\2c08b8a.msi
+ 2011-05-22 00:29 . 2011-05-22 00:29	151552              c:\windows.1\Installer\20b38e6.msi
+ 2011-03-19 00:38 . 2011-03-19 00:38	676352              c:\windows.1\Installer\1be4a28.msi
+ 2011-08-09 09:27 . 2011-08-09 09:27	890880              c:\windows.1\Installer\18d86.msi
+ 2011-03-19 17:19 . 2004-11-18 09:45	371936              c:\windows.1\$NtUninstallKB888111WXPSP2$\spuninst\updspapi.dll
+ 2011-03-19 17:19 . 2004-11-18 09:44	209632              c:\windows.1\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
+ 2011-03-19 17:19 . 2004-08-12 16:45	113664              c:\windows.1\$NtUninstallKB888111WXPSP2$\hdaudio.sys
+ 2011-03-19 17:19 . 2004-08-12 16:45	137728              c:\windows.1\$NtUninstallKB888111WXPSP2$\hdaudbus.sys
+ 2009-07-11 22:02 . 2009-07-11 22:02	3780424              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	3780424              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-11 23:02 . 2009-07-11 23:02	3765048              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	3765048              c:\windows.1\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	2674688              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvwssr.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	2621440              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvwss.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	4136960              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvvitvsr.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	3768320              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvvitvs.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	8605696              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvoglnt.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	2854912              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvmoblsr.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	1245184              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvmobls.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	3379200              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvgamesr.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	3448832              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvgames.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	5763072              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvdispsr.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	6561792              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvdisps.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	1126400              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvcuda.dll
+ 2011-07-31 19:15 . 2008-02-19 08:35	6788448              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nv4_mini.sys
+ 2011-07-31 19:15 . 2008-02-19 08:35	5963776              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nv4_disp.dll
+ 2011-07-31 22:35 . 2010-01-19 10:46	1833504              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\SkyTel.exe
+ 2011-07-31 22:35 . 2010-01-19 10:46	1489440              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\RtlUpd.exe
+ 2011-07-31 22:35 . 2010-01-19 10:46	9721888              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\RTLCPL.EXE
+ 2011-07-31 22:35 . 2010-01-19 10:36	5818400              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\RtkHDAud.sys
- 2011-01-24 18:15 . 2009-11-18 06:17	1395800              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\Monfilt.sys
+ 2011-07-31 22:35 . 2009-11-17 23:17	1395800              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\Monfilt.sys
+ 2011-07-31 22:35 . 2010-01-19 10:46	2177568              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\MicCal.exe
+ 2011-07-31 22:35 . 2009-11-17 23:16	1691480              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\Ambfilt.sys
- 2011-01-24 18:15 . 2009-11-18 06:16	1691480              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\Ambfilt.sys
+ 2011-07-31 22:35 . 2010-01-19 10:46	2815520              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\ALCWZRD.EXE
+ 2010-03-18 07:15 . 2010-03-18 07:15	4368720              c:\windows.1\system32\mfc100u.dll
+ 2010-03-18 07:15 . 2010-03-18 07:15	4342088              c:\windows.1\system32\mfc100.dll
+ 2011-01-20 00:06 . 2011-05-27 16:59	6271136              c:\windows.1\system32\Macromed\Flash\NPSWF32.dll
+ 2011-01-19 20:38 . 2008-07-03 15:03	4745216              c:\windows.1\system32\drivers\RtkHDAud.sys
- 2011-01-21 20:29 . 2009-11-18 06:17	1395800              c:\windows.1\system32\drivers\Monfilt.sys
+ 2011-01-21 20:29 . 2009-11-17 23:17	1395800              c:\windows.1\system32\drivers\Monfilt.sys
- 2011-01-21 20:29 . 2009-11-18 06:16	1691480              c:\windows.1\system32\drivers\Ambfilt.sys
+ 2011-01-21 20:29 . 2009-11-17 23:16	1691480              c:\windows.1\system32\drivers\Ambfilt.sys
+ 2008-02-19 08:35 . 2008-02-19 08:35	6788448              c:\windows.1\system32\dllcache\nv4_mini.sys
+ 2008-02-19 08:35 . 2008-02-19 08:35	5963776              c:\windows.1\system32\dllcache\nv4_disp.dll
+ 2011-05-16 17:18 . 2010-05-26 09:41	1998168              c:\windows.1\system32\D3DX9_43.dll
+ 2011-05-16 17:18 . 2009-03-09 13:27	4178264              c:\windows.1\system32\D3DX9_41.dll
+ 2011-05-16 17:18 . 2008-07-12 06:18	3851784              c:\windows.1\system32\D3DX9_39.dll
+ 2011-05-16 17:18 . 2010-05-26 09:41	1868128              c:\windows.1\system32\d3dcsx_43.dll
+ 2011-05-16 17:18 . 2009-09-04 15:29	5501792              c:\windows.1\system32\d3dcsx_42.dll
+ 2011-05-16 17:18 . 2010-05-26 09:41	2106216              c:\windows.1\system32\D3DCompiler_43.dll
+ 2011-05-16 17:18 . 2009-03-09 13:27	1846632              c:\windows.1\system32\D3DCompiler_41.dll
+ 2011-05-16 17:18 . 2008-10-15 04:22	2036576              c:\windows.1\system32\D3DCompiler_40.dll
+ 2011-05-16 17:18 . 2008-07-12 06:18	1493528              c:\windows.1\system32\D3DCompiler_39.dll
+ 2011-01-19 20:38 . 2007-11-20 16:15	1826816              c:\windows.1\SkyTel.exe
+ 2011-01-19 20:38 . 2008-04-02 07:27	1196032              c:\windows.1\RtlUpd.exe
+ 2011-01-19 20:38 . 2008-06-19 14:27	9715200              c:\windows.1\RTLCPL.exe
+ 2011-01-19 20:38 . 2007-06-28 14:44	2165760              c:\windows.1\MicCal.exe
+ 2011-07-08 16:47 . 2011-07-08 16:47	1065984              c:\windows.1\Installer\dae5f9.msi
+ 2011-05-07 00:15 . 2011-05-07 00:15	2991104              c:\windows.1\Installer\2c098d5.msi
+ 2011-07-18 23:33 . 2011-07-18 23:33	1016320              c:\windows.1\Installer\29827e.msi
+ 2011-07-31 19:16 . 2011-07-31 19:16	1604096              c:\windows.1\Installer\150896.msi
+ 2011-01-19 20:38 . 2008-06-19 14:42	2808832              c:\windows.1\alcwzrd.exe
+ 2011-07-31 19:15 . 2008-02-19 08:35	13500416              c:\windows.1\system32\ReinstallBackups\0015\DriverFiles\nvcpl.dll
+ 2011-07-31 22:35 . 2010-01-19 10:46	18790432              c:\windows.1\system32\ReinstallBackups\0014\DriverFiles\RTHDCPL.EXE
+ 2011-01-19 20:38 . 2008-07-03 14:51	16876032              c:\windows.1\RTHDCPL.exe
+ 2011-05-27 17:05 . 2011-05-27 17:05	20314624              c:\windows.1\Installer\337570.msp
+ 2011-04-02 21:13 . 2011-04-02 21:13	31876096              c:\windows.1\Installer\1a84975.msi
+ 2011-04-02 21:07 . 2011-04-02 21:07	32140288              c:\windows.1\Installer\1a8496c.msi
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows.1\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-16 124928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\User\Menu Start\Programy\Autostart\OpenOffice.org 3.2.lnk
backup=c:\windows.1\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-05 09:09	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 06:15	221184	----a-w-	c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-17 06:15	81920	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34	1955208	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\screenshooter]
2010-09-03 12:52	606208	----a-w-	c:\program files\ScreenShooter\screenshooter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
2005-09-27 10:16	2635472	----a-w-	c:\progra~1\Sygate\SPF\Smc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe"=
"c:\\Program Files\\Jabbim\\jabbim.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2260:TCP"= 2260:TCP:qsokwu
.
R1 aswSnx;aswSnx;c:\windows.1\system32\drivers\aswSnx.sys [2011-08-13 441176]
R1 aswSP;aswSP;c:\windows.1\system32\drivers\aswSP.sys [2011-08-13 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows.1\system32\drivers\dtsoftbus01.sys [2011-01-20 218176]
R2 aswFsBlk;aswFsBlk;c:\windows.1\system32\drivers\aswFsBlk.sys [2011-08-13 19544]
R2 cpuz135;cpuz135;c:\windows.1\system32\drivers\cpuz135_x32.sys [2011-07-31 21992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-07-31 2214504]
S2 fqyvu;Monitor System;c:\windows.1\system32\svchost.exe -k netsvcs [2008-06-16 14336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S3 Ambfilt;Ambfilt;c:\windows.1\system32\drivers\Ambfilt.sys [2011-01-21 1691480]
S3 cpuz131;cpuz131;\??\c:\docume~1\User\USTAWI~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\User\USTAWI~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-05-20 130976]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows.1\system32\drivers\hmumdm.sys [2011-01-20 88960]
S3 NLNdisMP;NLNdisMP;c:\windows.1\system32\DRIVERS\nlndis.sys --> c:\windows.1\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows.1\system32\DRIVERS\nlndis.sys --> c:\windows.1\system32\DRIVERS\nlndis.sys [?]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - ASWSNX
*NewlyCreated* - HSHLD
*NewlyCreated* - HSSSRV
*NewlyCreated* - HSSTRAYSERVICE
*NewlyCreated* - HSSWD
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
fqyvu
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = hxxp://www.wp.pl/
uInternet Settings,ProxyServer = localhost:80
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.113.224.35 217.113.224.36
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\481fhlxy.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-MSConfig - c:\documents and settings\User\Moje dokumenty\Pobieranie\msconfig_www.przeklej.pl.exe
MSConfigStartUp-PVR - c:\program files\XemiComputers\Pocket Voice Recorder\PVR.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 14:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fqyvu]
"ServiceDll"="c:\windows.1\system32\tatki.dll"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows.1\system32\sfc_os.dll
c:\windows.1\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(884)
c:\windows.1\system32\scecli.dll
.
Czas ukończenia: 2011-08-13  14:39:47
ComboFix-quarantined-files.txt  2011-08-13 12:39
ComboFix2.txt  2011-02-07 10:07
ComboFix3.txt  2011-01-27 15:12
.
Przed: 27 847 835 648 bajtów wolnych
Po: 28 137 664 512 bajtów wolnych
.
- - End Of File - - 219A2F0672D65FB839543713DFBB7BA6

Użytkownik kicken edytował ten post 13 08 2011 - 15:18

0

Do góry

#2 ordynat

Zaawansowany użytkownik

804 postów

Napisano 13 08 2011 - 15:35

Nie dostrzegam nic z BING, jest za to CONFICKER.
Wklej do Notatnika:

File::
c:\windows.1\system32\tatki.dll

Driver::
fqyvu

NetSvc::
fqyvu

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fqyvu]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2260:TCP"=-

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
--------> Dołączona grafika

Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.

Oprócz tego daj logi z OTL >/OTL-t35212/
Log wklej na http://wklejto.pl/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)
.

Użytkownik ordynat edytował ten post 13 08 2011 - 15:36

0

Do góry

#3 kicken

Nowy

3 postów

Napisano 13 08 2011 - 18:19

Redirect na bing ukrył się w about:config , także to nic takiego. Twój skrypt zadziałał - strony, które wcześniej przekierowywało na error 404 teraz działają.
ComboFix
http://www.wklejto.pl/102887

OTL
http://www.wklejto.pl/102888
http://www.wklejto.pl/102889

Użytkownik kicken edytował ten post 13 08 2011 - 18:26

0

Do góry

#4 ordynat

Zaawansowany użytkownik

804 postów

Napisano 13 08 2011 - 18:44

W logach OTL - nic podejrzanego.
Kosmetyka:
Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
[2011-03-19 02:38:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-05-07 02:13:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-03-20 15:53:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)

:Commands
[emptyflash]
[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Pokaż raport, który pokaże się po restarcie.

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22

Odinstaluj Javę "22" (zostaw "26).
.

0

Do góry

#5 kicken

Nowy

3 postów

Napisano 13 08 2011 - 19:18

Java 22 odinstalowana,

log
http://wklejto.pl/102895

jeszcze coś?

PS. z combofix:

c:\windows.1\system32\midimap.dll . . . jest zainfekowany!!

to fałszywy alarm?

Użytkownik kicken edytował ten post 13 08 2011 - 19:20

0

Do góry

#6 ordynat

Zaawansowany użytkownik

804 postów

Napisano 13 08 2011 - 19:35

to fałszywy alarm?

Trudno powiedzieć, bo ComboFix często się myli na tym pliku.
Ale, na wszelki wypadek, możemy go podmienić:
1) ściągnij plik i umieść go bezpośrednio na dysku C:\
>http://www.speedyshare.com/files/29850684/midimap.dll

2) Wklej do Notatnika:


FCopy::
c:\midimap.dll | c:\windows\system32\dllcache\midimap.dll
c:\midimap.dll | c:\windows\system32\midimap.dll

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
--------> Dołączona grafika

Ma się rozpocząć podmiana. (i powstanie log).
.

0

Do góry

Wróć do Bezpieczeństwo (wirusy i trojany)

Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

Logi - Przekierowywanie na bing'a

#1 kicken

#2 ordynat

#3 kicken

#4 ordynat

#5 kicken

#6 ordynat

Użytkownicy przeglądający ten temat: 0

Zaloguj się