Mam taki problem, bo wgrał mi się plik o nazwie panmap.exe.
Znajduje się on w C:\Users\Frixon\AppData\Local\Temp
Oczywiście go tam nie widać, jest superhiper ukryty i nie mogę nic z nim zrobić.
Ogólnie to antywirus (comodo) mi go nie wykrywa i nie mam jak tego cholerstwa się pozbyć.
Tworzy on 3 procesy (panmap,exe, AppLaunch.exe, CertPolEng.exe)
Chamski wirus, wykradł mi hasło do popularnego konta na YouTube, a nie zamierzam całą noc patrzeć czy kolejnych haseł mi gdzieś nie rozsyła.
W cmd.exe -> netstat pokazuje jakieś ip od tego procesu i jest WYSŁANO_SYN przy nim.
Ma ktoś może sposób? Polecenie do OTL czy coś?
Z góry dzięki.
LOGI Z OTL:
OTL logfile created on: 2013-01-06 03:33:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frixon\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
4,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 51,46% Memory free
8,00 Gb Paging File | 5,62 Gb Available in Paging File | 70,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,78 Gb Total Space | 200,17 Gb Free Space | 85,99% Space Free | Partition Type: NTFS
Computer Name: FRIXON-KOMPUTER | User Name: Frixon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013-01-06 03:33:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frixon\Downloads\OTL.exe
PRC - [2013-01-05 20:14:26 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Templates\CertPolEng.exe
PRC - [2013-01-05 17:13:04 | 001,084,416 | RHS- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Frixon\AppData\Local\Temp\panmap.exe
PRC - [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009-06-10 22:22:41 | 000,055,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
========== Modules (No Company Name) ==========
MOD - [2012-12-05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012-12-05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012-12-05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012-12-05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012-12-05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012-12-05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012-12-05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012-12-05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2009-07-14 18:55:04 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009-07-14 06:00:48 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\965b1fa2decab0efc0c837ab7252bba1\Microsoft.VisualBasic.ni.dll
MOD - [2009-07-14 05:55:55 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll
MOD - [2009-07-14 05:55:34 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll
MOD - [2009-07-14 05:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009-07-14 05:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009-07-14 05:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009-07-14 05:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009-06-10 22:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012-12-14 20:45:34 | 003,572,160 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012-12-14 20:45:10 | 000,158,928 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012-12-14 20:45:42 | 000,023,328 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-09-29 10:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-09-16 08:12:58 | 000,032,360 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT)
DRV:64bit: - [2011-06-15 14:11:20 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2011-06-15 14:11:20 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2011-06-15 14:11:20 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010-03-09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Dysk Google = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Szukaj w Google = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Speed Dial = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0\
CHR - Extension: Test My Speed! = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcjjdphdponfcmmeebndmnfhmbpongj\1.0_0\
CHR - Extension: YoWindow Weather = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.41_0\
CHR - Extension: Adres IP = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.0_0\
CHR - Extension: Auto HD For YouTube = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\3.3.1_0\
CHR - Extension: Gmail = C:\Users\Frixon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe (GIGABYTE Technology Co.,Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (AQQ Sp. z o.o.)
O4 - HKCU..\Run: [Certificate Policy Engine] C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Templates\CertPolEng.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23291486-4FE9-4507-B99B-6EF4BB28E303}: DhcpNameServer = 217.172.224.160 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013-01-06 03:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013-01-06 03:05:28 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013-01-06 03:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013-01-06 03:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013-01-06 03:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013-01-05 21:50:05 | 000,324,419 | ---- | C] (http://magiclauncher.com) -- C:\Users\Frixon\Desktop\MagicLauncher.exe
[2013-01-05 21:40:22 | 000,000,000 | ---D | C] -- C:\Users\Frixon\.thumbnails
[2013-01-05 21:28:27 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\fontconfig
[2013-01-05 21:28:26 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\gegl-0.2
[2013-01-05 21:28:26 | 000,000,000 | ---D | C] -- C:\Users\Frixon\.gimp-2.8
[2013-01-05 21:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013-01-05 21:05:12 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Desktop\YouTube
[2013-01-05 21:02:35 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Publish Providers
[2013-01-05 20:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013-01-05 20:53:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013-01-05 20:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013-01-05 20:50:46 | 000,000,000 | ---D | C] -- C:\Users\Frixon\Desktop\vegaspro
[2013-01-05 20:31:53 | 000,000,000 | ---D | C] -- C:\Users\Frixon\WapSter
[2013-01-05 20:30:55 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WapSter
[2013-01-05 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter
[2013-01-05 20:18:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013-01-05 20:15:35 | 000,108,032 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Frixon\AppData\Roaming\zz24PANEL.exe
[2013-01-05 20:15:29 | 000,108,032 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Frixon\AppData\Roaming\zz24FTP.exe
[2013-01-05 20:14:26 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\dclogs
[2013-01-05 20:09:28 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\Sony
[2013-01-05 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013-01-05 20:08:55 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Sony
[2013-01-05 19:56:49 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\Dxtory Software
[2013-01-05 19:56:48 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll
[2013-01-05 19:56:48 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll
[2013-01-05 19:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
[2013-01-05 19:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dxtory Software
[2013-01-05 19:55:59 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Cool Record Edit Pro
[2013-01-05 19:55:52 | 000,000,000 | ---D | C] -- C:\Users\Frixon\Documents\Free Sound Recorder
[2013-01-05 19:55:52 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Free Sound Recorder
[2013-01-05 19:55:45 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2013-01-05 19:55:45 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2013-01-05 19:55:45 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2013-01-05 19:55:45 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
[2013-01-05 19:55:45 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2013-01-05 19:55:45 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll
[2013-01-05 19:55:45 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2013-01-05 19:55:45 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2013-01-05 19:55:45 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll
[2013-01-05 19:55:45 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTWMAFile2.dll
[2013-01-05 19:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
[2013-01-05 19:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Sound Recorder
[2013-01-05 19:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013-01-05 19:30:56 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013-01-05 19:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013-01-05 19:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013-01-05 19:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013-01-05 19:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013-01-05 19:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013-01-05 19:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013-01-05 19:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013-01-05 19:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013-01-05 19:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013-01-05 19:09:52 | 000,000,000 | ---D | C] -- C:\AMD
[2013-01-05 18:59:09 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\.minecraft
[2013-01-05 18:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013-01-05 18:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-01-05 18:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013-01-05 18:56:24 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\WinRAR
[2013-01-05 18:56:24 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013-01-05 18:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013-01-05 18:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013-01-05 18:28:04 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Audacity
[2013-01-05 18:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013-01-05 18:24:25 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\ATI
[2013-01-05 18:24:25 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\ATI
[2013-01-05 18:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013-01-05 18:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013-01-05 18:13:10 | 000,000,000 | ---D | C] -- C:\Users\Frixon\Documents\temp
[2013-01-05 18:10:45 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013-01-05 18:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013-01-05 18:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013-01-05 18:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013-01-05 18:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2013-01-05 18:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013-01-05 18:09:04 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\Google
[2013-01-05 18:08:56 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\Deployment
[2013-01-05 18:08:56 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\Apps
[2013-01-05 18:00:04 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\Diagnostics
[2013-01-05 17:54:12 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013-01-05 17:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013-01-05 17:54:03 | 000,000,000 | ---D | C] -- C:\Intel
[2013-01-05 17:52:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013-01-05 17:51:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013-01-05 17:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013-01-05 17:50:28 | 000,646,248 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013-01-05 17:49:21 | 000,058,472 | ---- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys
[2013-01-05 17:49:21 | 000,032,360 | ---- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtVlan620.sys
[2013-01-05 17:49:21 | 000,027,136 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys
[2013-01-05 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
[2013-01-05 17:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013-01-05 17:49:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013-01-05 17:46:14 | 000,000,000 | ---D | C] -- C:\Users\Frixon\Desktop\STERY
[2013-01-05 16:41:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013-01-05 16:38:07 | 000,000,000 | R--D | C] -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013-01-05 16:38:07 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Searches
[2013-01-05 16:38:07 | 000,000,000 | R--D | C] -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013-01-05 16:37:59 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Identities
[2013-01-05 16:37:57 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Contacts
[2013-01-05 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\VirtualStore
[2013-01-05 16:37:47 | 000,000,000 | --SD | C] -- C:\Users\Frixon\AppData\Roaming\Microsoft
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Videos
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Saved Games
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Pictures
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Music
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Links
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Favorites
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Downloads
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Documents
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\Desktop
[2013-01-05 16:37:47 | 000,000,000 | R--D | C] -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Ustawienia lokalne
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\AppData\Local\Temporary Internet Files
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Szablony
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\SendTo
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Recent
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\PrintHood
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\NetHood
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Documents\Moje wideo
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Documents\Moje obrazy
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Moje dokumenty
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Documents\Moja muzyka
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Menu Start
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\AppData\Local\Historia
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Dane aplikacji
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\AppData\Local\Dane aplikacji
[2013-01-05 16:37:47 | 000,000,000 | -HSD | C] -- C:\Users\Frixon\Cookies
[2013-01-05 16:37:47 | 000,000,000 | -H-D | C] -- C:\Users\Frixon\AppData
[2013-01-05 16:37:47 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\Temp
[2013-01-05 16:37:47 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Local\Microsoft
[2013-01-05 16:37:47 | 000,000,000 | ---D | C] -- C:\Users\Frixon\AppData\Roaming\Media Center Programs
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2013-01-05 16:36:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji
[2013-01-05 16:31:16 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013-01-05 16:30:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013-01-05 16:30:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013-01-05 16:30:00 | 000,000,000 | -HSD | C] -- C:\Boot
[2013-01-05 16:29:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
[2012-12-14 20:45:42 | 000,023,328 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012-12-14 20:45:32 | 000,042,856 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012-12-14 20:45:30 | 000,453,808 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012-12-14 20:45:30 | 000,350,272 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012-12-14 20:45:20 | 000,321,744 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2012-12-14 20:45:14 | 000,260,304 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
========== Files - Modified Within 30 Days ==========
[2013-01-06 03:33:38 | 000,123,920 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013-01-06 03:18:24 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-01-06 03:18:24 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-01-06 03:18:24 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-01-06 03:18:24 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-01-06 03:18:24 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-01-06 03:14:04 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-01-06 03:14:04 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-01-06 03:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-01-06 03:13:41 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-06 03:12:55 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-01-06 03:12:55 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-01-06 03:06:06 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013-01-05 21:50:12 | 000,324,419 | ---- | M] (http://magiclauncher.com) -- C:\Users\Frixon\Desktop\MagicLauncher.exe
[2013-01-05 21:40:38 | 000,002,987 | ---- | M] () -- C:\Users\Frixon\AppData\Local\recently-used.xbel
[2013-01-05 21:40:22 | 000,954,085 | ---- | M] () -- C:\Users\Frixon\Documents\zasady.xcf
[2013-01-05 21:02:23 | 000,002,564 | ---- | M] () -- C:\Users\Frixon\Documents\Register Vegas Pro.htm
[2013-01-05 20:54:00 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2013-01-05 20:30:55 | 000,000,703 | ---- | M] () -- C:\Users\Frixon\Desktop\AQQ.lnk
[2013-01-05 20:18:55 | 000,001,998 | ---- | M] () -- C:\Windows\unins000.dat
[2013-01-05 20:18:54 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013-01-05 19:56:48 | 000,001,182 | ---- | M] () -- C:\Users\Frixon\Desktop\Dxtory.lnk
[2013-01-05 19:55:45 | 000,001,129 | ---- | M] () -- C:\Users\Frixon\Desktop\Free Sound Recorder.lnk
[2013-01-05 19:30:56 | 000,001,007 | ---- | M] () -- C:\Users\Frixon\Desktop\SpeedFan.lnk
[2013-01-05 19:30:55 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013-01-05 19:14:20 | 360,898,846 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013-01-05 18:27:28 | 000,001,007 | ---- | M] () -- C:\Users\Frixon\Desktop\Audacity.lnk
[2013-01-05 18:21:46 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013-01-05 18:09:58 | 000,002,295 | ---- | M] () -- C:\Users\Frixon\Desktop\Google Chrome.lnk
[2013-01-05 16:37:33 | 000,171,136 | RHS- | M] () -- C:\W7LDR
[2013-01-05 16:34:30 | 000,067,908 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013-01-05 16:34:30 | 000,067,908 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013-01-05 16:32:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013-01-05 16:31:21 | 000,274,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-01-05 16:30:02 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012-12-14 20:45:42 | 000,023,328 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012-12-14 20:45:32 | 000,042,856 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012-12-14 20:45:30 | 000,453,808 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012-12-14 20:45:30 | 000,350,272 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012-12-14 20:45:20 | 000,321,744 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2012-12-14 20:45:14 | 000,260,304 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
========== Files Created - No Company Name ==========
[2013-01-06 03:06:06 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013-01-06 03:06:00 | 000,123,920 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013-01-05 21:40:38 | 000,002,987 | ---- | C] () -- C:\Users\Frixon\AppData\Local\recently-used.xbel
[2013-01-05 21:40:21 | 000,954,085 | ---- | C] () -- C:\Users\Frixon\Documents\zasady.xcf
[2013-01-05 21:27:30 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013-01-05 20:54:00 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2013-01-05 20:30:55 | 000,000,703 | ---- | C] () -- C:\Users\Frixon\Desktop\AQQ.lnk
[2013-01-05 20:18:55 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013-01-05 20:18:55 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013-01-05 20:18:55 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013-01-05 20:18:55 | 000,001,998 | ---- | C] () -- C:\Windows\unins000.dat
[2013-01-05 20:10:28 | 000,002,564 | ---- | C] () -- C:\Users\Frixon\Documents\Register Vegas Pro.htm
[2013-01-05 19:56:54 | 000,000,184 | ---- | C] () -- C:\Users\Frixon\DxtoryLicenceFile.dxtorylic
[2013-01-05 19:56:48 | 000,001,182 | ---- | C] () -- C:\Users\Frixon\Desktop\Dxtory.lnk
[2013-01-05 19:55:45 | 000,113,486 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2013-01-05 19:55:45 | 000,001,129 | ---- | C] () -- C:\Users\Frixon\Desktop\Free Sound Recorder.lnk
[2013-01-05 19:30:56 | 000,001,007 | ---- | C] () -- C:\Users\Frixon\Desktop\SpeedFan.lnk
[2013-01-05 19:30:55 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013-01-05 18:27:28 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013-01-05 18:27:28 | 000,001,007 | ---- | C] () -- C:\Users\Frixon\Desktop\Audacity.lnk
[2013-01-05 18:21:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013-01-05 18:09:58 | 000,002,295 | ---- | C] () -- C:\Users\Frixon\Desktop\Google Chrome.lnk
[2013-01-05 18:09:08 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-01-05 18:09:07 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-01-05 17:52:41 | 360,898,846 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013-01-05 17:50:28 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013-01-05 16:39:26 | 000,001,451 | ---- | C] () -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013-01-05 16:39:26 | 000,001,417 | ---- | C] () -- C:\Users\Frixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013-01-05 16:37:33 | 000,171,136 | RHS- | C] () -- C:\W7LDR
[2013-01-05 16:34:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013-01-05 16:34:10 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013-01-05 16:32:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013-01-05 16:30:56 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys
[2013-01-05 16:30:02 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2013-01-05 16:30:00 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2012-09-28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-09-28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013-01-05 21:52:30 | 000,000,000 | ---D | M] -- C:\Users\Frixon\AppData\Roaming\.minecraft
[2013-01-05 22:28:37 | 000,000,000 | ---D | M] -- C:\Users\Frixon\AppData\Roaming\Audacity
[2013-01-05 19:55:59 | 000,000,000 | ---D | M] -- C:\Users\Frixon\AppData\Roaming\Cool Record Edit Pro
[2013-01-06 00:06:04 | 000,000,000 | ---D | M] -- C:\Users\Frixon\AppData\Roaming\dclogs
[2013-01-05 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\Frixon\AppData\Roaming\Free Sound Recorder
[2013-01-05 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Frixon\AppData\Roaming\Publish Providers
[2013-01-05 21:02:32 | 000,000,000 | ---D | M] -- C:\Users\Frixon\AppData\Roaming\Sony
========== Purity Check ==========
< End of report >
[uwaga=pawel315]
Temat przeniosłem do prawidłowego działu
[/uwaga]
Użytkownik pawel315 edytował ten post 06 01 2013 - 12:18