Proszę o sprawdzenie log'a, trojanDownloader.Wigon.bs
witam.zamuliło mi kompa prosze o sprawdzenie logów
głośniki blaupunkta JBL i GROUND ZERO..prosze o opinie
o wejscie prosze osoby chodzące do tamady!!
Bardzo proszę o analizę loga z Hijackthis - help
Prosze o sprawdzenie loga - wolny net
Prosze o sprawdzenie Loga!!! Napewno Keylogger!!!
Reklamiarz, trojan?? Proszę o sprawdzenie loga...
moze ktos sprawdzic mi log?prosze
Prosze o sprawdzenie loga i instrukcje co dalej...
chomiki
Witam!Problem polega na zrywaniu połączenia z netem i resecie komputera (samoistnym)przy ściąganiu z internetu(utorrent lub operą) oto log z combofix'a....
ComboFix 09-10-06.04 - Przemek 2009-10-07 15:50.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3071.2655 [GMT 2:00]
Uruchomiony z: e:\programy\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\AhnRpta.exe
c:\windows\Installer\204a9.msi
D:\Autorun.inf
E:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((( Pliki utworzone od 2009-09-07 do 2009-10-07 )))))))))))))))))))))))))))))))
.
2009-10-07 10:45 . 2009-10-07 10:45 -------- d-----w- C:\NVIDIA
2009-10-07 10:37 . 2009-10-07 11:42 -------- d-----w- c:\documents and settings\Przemek\Dane aplikacji\BitTorrent
2009-10-07 10:37 . 2009-10-07 10:44 -------- d-----w- c:\program files\BitTorrent
2009-10-07 10:30 . 2009-10-07 11:49 -------- d-----w- c:\documents and settings\Przemek\Dane aplikacji\uTorrent
2009-10-07 10:29 . 2009-10-07 10:29 -------- d-----w- c:\program files\uTorrent
2009-10-06 19:49 . 2009-10-06 19:53 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-06 19:49 . 2009-10-06 19:53 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-06 19:48 . 2009-10-07 13:55 173856 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 19:48 . 2009-10-07 13:55 20000 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-06 19:48 . 2009-10-07 10:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-10-06 07:55 . 2009-10-06 07:55 -------- d-----w- c:\program files\Lexmark 640 Series
2009-10-04 15:12 . 2009-10-06 07:41 -------- d-----w- c:\documents and settings\Przemek\Dane aplikacji\Thinstall
2009-10-01 08:35 . 2009-10-01 08:35 -------- d-----w- c:\documents and settings\Przemek\Dane aplikacji\VitySoft
2009-10-01 08:31 . 2009-10-01 08:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 08:11 . 2009-10-01 08:11 -------- d-----w- c:\program files\Bandwidth Controller Standard Server
2009-10-01 08:11 . 2009-10-01 08:11 -------- d-----w- c:\program files\Bandwidth Controller Standard Client
2009-10-01 08:10 . 2009-10-01 08:10 214016 ----a-w- c:\windows\system32\drivers\bcim.sys
2009-09-26 19:47 . 2009-09-26 19:47 -------- d--h--w- c:\windows\PIF
2009-09-19 16:08 . 2009-09-19 16:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-18 13:59 . 2009-09-18 13:59 -------- d-----w- c:\program files\GlobespanVirata
2009-09-18 13:59 . 2003-03-07 13:52 24576 ----a-w- c:\windows\system32\CoInst.dll
2009-09-18 13:59 . 2003-03-07 13:07 29603 ----a-w- c:\windows\system32\drivers\glauiad.sys
2009-09-17 19:51 . 2009-09-17 19:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-17 19:42 . 2009-09-27 18:57 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-14 09:47 . 2009-09-14 09:47 -------- d--h--r- c:\documents and settings\Przemek\Dane aplikacji\SecuROM
2009-09-14 09:47 . 2009-09-14 10:11 -------- d-----w- c:\documents and settings\Przemek\Ustawienia lokalne\Dane aplikacji\Rockstar Games
2009-09-14 09:45 . 2009-09-14 09:45 -------- d-----w- c:\windows\system32\drivers\umdf
2009-09-14 09:27 . 2009-09-14 09:27 -------- d-s---w- c:\documents and settings\Przemek\UserData
2009-09-14 09:15 . 2009-09-14 09:15 -------- d-----w- c:\program files\Reference Assemblies
2009-09-14 09:15 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-09-13 09:48 . 2009-09-13 09:51 -------- d-----w- c:\windows\ShellNew
2009-09-13 09:48 . 2009-09-13 09:51 -------- d-----w- c:\program files\AutoHotkey
2009-09-13 09:13 . 2009-09-13 09:13 -------- d-----w- c:\documents and settings\Przemek\Ustawienia lokalne\Dane aplikacji\Perfection_Coders_Studio_
2009-09-13 08:41 . 2009-09-13 08:59 -------- d-----w- c:\program files\AARONS CLIKER
2009-09-11 15:04 . 2009-09-11 15:04 -------- d-----w- c:\documents and settings\Przemek\Ustawienia lokalne\Dane aplikacji\id Software
2009-09-11 15:02 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-09-11 15:02 . 2007-10-02 07:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-09-11 15:02 . 2007-10-12 13:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-09-11 15:02 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-09-11 15:02 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-09-11 15:02 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-09-11 15:02 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-09-11 14:56 . 2009-09-11 14:56 -------- d-----w- c:\windows\Logs
2009-09-09 18:55 . 2009-09-09 18:55 -------- d-----w- C:\profiles
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 13:55 . 2009-10-06 19:48 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-07 13:54 . 2009-10-06 19:48 4940 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-06 20:09 . 2009-08-01 21:36 139640 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-06 20:09 . 2009-08-01 21:30 190216 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-06 19:53 . 2007-10-31 11:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-10-01 08:31 . 2009-08-01 18:13 -------- d-----w- c:\program files\Java
2009-10-01 08:31 . 2009-08-01 17:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 12:32 . 2009-08-03 10:46 12712 ----a-w- c:\documents and settings\Przemek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-09-27 13:49 . 2001-10-26 17:15 74450 ----a-w- c:\windows\system32\perfc015.dat
2009-09-27 13:49 . 2001-10-26 17:15 448348 ----a-w- c:\windows\system32\perfh015.dat
2009-09-27 13:47 . 2009-08-01 18:42 -------- d-----w- c:\program files\BearShare
2009-09-18 07:47 . 2009-08-01 18:12 -------- d-----w- c:\program files\Neostrada TP
2009-09-17 14:01 . 2009-08-01 17:18 14656 ----a-w- c:\windows\gdrv.sys
2009-09-01 13:02 . 2009-08-01 17:39 -------- d-----w- c:\program files\Opera
2009-08-29 14:36 . 2009-08-29 14:32 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-08-29 09:24 . 2009-08-09 13:52 -------- d-----w- c:\documents and settings\Przemek\Dane aplikacji\VSO
2009-08-16 15:49 . 2009-08-16 15:46 -------- d-----w- c:\documents and settings\Przemek\Dane aplikacji\Winamp
2009-08-16 15:49 . 2009-08-16 15:46 -------- d-----w- c:\program files\Winamp
2009-08-15 11:30 . 2009-08-15 11:30 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-11 18:25 . 2009-08-11 18:25 -------- d-----w- c:\documents and settings\Przemek\Dane aplikacji\Ahead
2009-08-05 13:49 . 2009-08-05 13:49 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-05 13:49 . 2009-08-05 13:49 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-01 21:30 . 2009-08-01 21:30 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-01 18:13 . 2009-08-01 18:13 1783 ----a-w- c:\windows\nsreg.dat
2009-08-01 17:46 . 2009-08-01 17:40 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-01 17:38 . 2009-08-01 17:39 737280 ----a-w- c:\windows\iun6002.exe
2009-08-01 17:22 . 2009-08-01 17:22 315392 ----a-w- c:\windows\HideWin.exe
2009-08-01 17:11 . 2009-08-01 17:11 21856 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-09-21_10.59.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 13:54 . 2009-10-07 13:54 16384 c:\windows\temp\Perflib_Perfdata_474.dat
+ 2006-05-11 04:46 . 2006-05-11 04:46 80896 c:\windows\system32\spool\prtprocs\w32x86\LXDAPP5C.DLL
- 2009-08-01 17:33 . 2006-05-11 04:46 80896 c:\windows\system32\spool\prtprocs\w32x86\LXDAPP5C.DLL
+ 2006-05-11 04:48 . 2006-05-11 04:48 53248 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdaweb.exe
- 2009-08-01 17:33 . 2006-05-11 04:48 53248 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdaweb.exe
- 2009-08-01 17:33 . 2006-05-11 04:30 73728 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUPD.DLL
+ 2006-05-11 04:30 . 2006-05-11 04:30 73728 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUPD.DLL
- 2009-08-01 17:33 . 2006-05-11 04:57 49152 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUNRS.DLL
+ 2006-05-11 04:57 . 2006-05-11 04:57 49152 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUNRS.DLL
+ 2006-05-11 04:47 . 2006-05-11 04:47 48128 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUI5C.DLL
- 2009-08-01 17:33 . 2006-05-11 04:47 48128 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUI5C.DLL
- 2009-08-01 17:33 . 2006-05-11 04:14 73728 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdapwr.dll
+ 2006-05-11 04:14 . 2006-05-11 04:14 73728 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdapwr.dll
+ 2006-01-21 09:31 . 2006-01-21 09:31 90112 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPSWX.EXE
- 2009-08-01 17:33 . 2006-01-21 09:31 90112 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPSWX.EXE
- 2009-08-01 17:33 . 2006-05-11 04:46 80896 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPP5C.DLL
+ 2006-05-11 04:46 . 2006-05-11 04:46 80896 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPP5C.DLL
+ 2006-05-11 04:47 . 2006-05-11 04:47 53248 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAJSWX.EXE
- 2009-08-01 17:33 . 2006-05-11 04:47 53248 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAJSWX.EXE
- 2009-08-01 17:33 . 2006-05-11 04:46 79360 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDADR5C.DLL
+ 2006-05-11 04:46 . 2006-05-11 04:46 79360 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDADR5C.DLL
- 2009-08-01 17:33 . 2002-05-09 06:25 24576 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lexgo.EXE
+ 2002-05-09 06:25 . 2002-05-09 06:25 24576 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lexgo.EXE
- 2009-08-01 17:33 . 1996-09-01 02:19 73856 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\HLP256.DLL
+ 1996-09-01 02:19 . 1996-09-01 02:19 73856 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\HLP256.DLL
- 2009-08-01 17:33 . 2006-05-11 04:48 53248 c:\windows\system32\spool\drivers\w32x86\3\lxdaweb.exe
+ 2006-05-11 04:48 . 2006-05-11 04:48 53248 c:\windows\system32\spool\drivers\w32x86\3\lxdaweb.exe
- 2009-08-01 17:33 . 2006-05-11 04:30 73728 c:\windows\system32\spool\drivers\w32x86\3\LXDAUPD.DLL
+ 2006-05-11 04:30 . 2006-05-11 04:30 73728 c:\windows\system32\spool\drivers\w32x86\3\LXDAUPD.DLL
+ 2006-05-11 04:57 . 2006-05-11 04:57 49152 c:\windows\system32\spool\drivers\w32x86\3\LXDAUNRS.DLL
- 2009-08-01 17:33 . 2006-05-11 04:57 49152 c:\windows\system32\spool\drivers\w32x86\3\LXDAUNRS.DLL
- 2009-08-01 17:33 . 2006-05-11 04:47 48128 c:\windows\system32\spool\drivers\w32x86\3\LXDAUI5C.DLL
+ 2006-05-11 04:47 . 2006-05-11 04:47 48128 c:\windows\system32\spool\drivers\w32x86\3\LXDAUI5C.DLL
- 2009-08-01 17:33 . 2006-05-11 04:14 73728 c:\windows\system32\spool\drivers\w32x86\3\lxdapwr.dll
+ 2006-05-11 04:14 . 2006-05-11 04:14 73728 c:\windows\system32\spool\drivers\w32x86\3\lxdapwr.dll
- 2009-08-01 17:33 . 2006-01-21 09:31 90112 c:\windows\system32\spool\drivers\w32x86\3\LXDAPSWX.EXE
+ 2006-01-21 09:31 . 2006-01-21 09:31 90112 c:\windows\system32\spool\drivers\w32x86\3\LXDAPSWX.EXE
- 2009-08-01 17:33 . 2006-05-11 04:46 80896 c:\windows\system32\spool\drivers\w32x86\3\LXDAPP5C.DLL
+ 2006-05-11 04:46 . 2006-05-11 04:46 80896 c:\windows\system32\spool\drivers\w32x86\3\LXDAPP5C.DLL
- 2009-08-01 17:33 . 2006-05-11 04:47 53248 c:\windows\system32\spool\drivers\w32x86\3\LXDAJSWX.EXE
+ 2006-05-11 04:47 . 2006-05-11 04:47 53248 c:\windows\system32\spool\drivers\w32x86\3\LXDAJSWX.EXE
+ 2006-05-11 04:46 . 2006-05-11 04:46 79360 c:\windows\system32\spool\drivers\w32x86\3\LXDADR5C.DLL
- 2009-08-01 17:33 . 2006-05-11 04:46 79360 c:\windows\system32\spool\drivers\w32x86\3\LXDADR5C.DLL
+ 2002-05-09 06:25 . 2002-05-09 06:25 24576 c:\windows\system32\spool\drivers\w32x86\3\lexgo.EXE
- 2009-08-01 17:33 . 2002-05-09 06:25 24576 c:\windows\system32\spool\drivers\w32x86\3\lexgo.EXE
+ 1996-09-01 02:19 . 1996-09-01 02:19 73856 c:\windows\system32\spool\drivers\w32x86\3\HLP256.DLL
- 2009-08-01 17:33 . 1996-09-01 02:19 73856 c:\windows\system32\spool\drivers\w32x86\3\HLP256.DLL
+ 2001-08-17 22:30 . 2009-09-27 13:49 58732 c:\windows\system32\perfc009.dat
+ 2006-05-11 04:14 . 2006-05-11 04:14 73728 c:\windows\system32\lxdapwr.dll
- 2009-08-01 17:33 . 2006-05-11 04:14 73728 c:\windows\system32\lxdapwr.dll
+ 2009-08-01 19:04 . 2009-09-27 18:57 94272 c:\windows\system32\FNTCACHE.DAT
- 2001-08-17 21:52 . 2001-10-26 19:03 18688 c:\windows\system32\drivers\cdaudio.sys
+ 2001-08-17 21:52 . 2001-08-17 19:52 18688 c:\windows\system32\drivers\cdaudio.sys
+ 2001-08-17 21:52 . 2001-08-17 19:52 18688 c:\windows\system32\dllcache\cdaudio.sys
+ 2009-08-01 17:17 . 2009-09-23 21:57 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-01 17:17 . 2009-09-20 14:29 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-01 17:17 . 2009-09-23 21:57 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2009-08-01 17:17 . 2009-09-20 14:29 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2009-08-01 17:17 . 2009-09-20 14:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-23 21:57 . 2009-09-23 21:57 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-30 15:34 . 2009-09-30 15:34 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2001-12-11 01:48 . 2001-12-11 01:48 189916 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\WAVS.EXE
- 2009-08-01 17:33 . 2001-12-11 01:48 189916 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\WAVS.EXE
+ 1998-10-06 14:12 . 1998-10-06 14:12 152576 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\ptzipw32.dll
- 2009-08-01 17:33 . 1998-10-06 14:12 152576 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\ptzipw32.dll
- 2009-08-01 17:33 . 2006-05-11 04:16 278528 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUTIL.DLL
+ 2006-05-11 04:16 . 2006-05-11 04:16 278528 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUTIL.DLL
+ 2006-05-11 04:35 . 2006-05-11 04:35 192512 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUPDR.DLL
- 2009-08-01 17:33 . 2006-05-11 04:35 192512 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUPDR.DLL
- 2009-08-01 17:33 . 2006-05-11 04:48 101376 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUN5C.EXE
+ 2006-05-11 04:48 . 2006-05-11 04:48 101376 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAUN5C.EXE
+ 2006-05-11 04:48 . 2006-05-11 04:48 860160 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDASTRN.DLL
- 2009-08-01 17:33 . 2006-05-11 04:48 860160 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDASTRN.DLL
+ 2001-03-28 06:57 . 2001-03-28 06:57 245760 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdask2.dll
- 2009-08-01 17:33 . 2001-03-28 06:57 245760 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdask2.dll
+ 2002-03-13 07:41 . 2002-03-13 07:41 204800 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdask1.dll
- 2009-08-01 17:33 . 2002-03-13 07:41 204800 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdask1.dll
+ 2006-04-07 05:27 . 2006-04-07 05:27 159744 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdask0.dll
- 2009-08-01 17:33 . 2006-04-07 05:27 159744 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lxdask0.dll
+ 2006-05-11 04:35 . 2006-05-11 04:35 536576 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPSWR.DLL
- 2009-08-01 17:33 . 2006-05-11 04:35 536576 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPSWR.DLL
+ 2006-05-11 04:26 . 2006-05-11 04:26 225280 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPSW.DLL
- 2009-08-01 17:33 . 2006-05-11 04:26 225280 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPSW.DLL
+ 2006-05-11 04:29 . 2006-05-11 04:29 446464 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPRP.DLL
- 2009-08-01 17:33 . 2006-05-11 04:29 446464 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPRP.DLL
- 2009-08-01 17:33 . 2006-05-11 04:24 651264 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDALPA.DLL
+ 2006-05-11 04:24 . 2006-05-11 04:24 651264 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDALPA.DLL
- 2009-08-01 17:33 . 2006-05-11 04:34 385024 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAJSWR.DLL
+ 2006-05-11 04:34 . 2006-05-11 04:34 385024 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAJSWR.DLL
+ 2006-05-11 04:17 . 2006-05-11 04:17 102400 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAJSW.DLL
- 2009-08-01 17:33 . 2006-05-11 04:17 102400 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAJSW.DLL
+ 2006-05-09 20:27 . 2006-05-09 20:27 466944 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAICUR.DLL
- 2009-08-01 17:33 . 2006-05-09 20:27 466944 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAICUR.DLL
- 2009-08-01 17:33 . 2006-01-16 14:10 983121 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAGF.DLL
+ 2006-01-16 14:10 . 2006-01-16 14:10 983121 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAGF.DLL
+ 2006-05-09 20:26 . 2006-05-09 20:26 208896 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAFC5C.DLL
- 2009-08-01 17:33 . 2006-05-09 20:26 208896 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAFC5C.DLL
+ 2006-04-17 17:41 . 2006-04-17 17:41 174592 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEXPPS.EXE
- 2009-08-01 17:33 . 2006-04-17 17:41 174592 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEXPPS.EXE
- 2009-08-01 17:33 . 2006-04-17 17:41 201216 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEXP2P32.DLL
+ 2006-04-17 17:41 . 2006-04-17 17:41 201216 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEXP2P32.DLL
- 2009-08-01 17:33 . 2006-04-17 17:48 200704 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lexlmpm.dll
+ 2006-04-17 17:48 . 2006-04-17 17:48 200704 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lexlmpm.dll
+ 2006-05-11 04:45 . 2006-05-11 04:45 430080 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lexedf.dll
- 2009-08-01 17:33 . 2006-05-11 04:45 430080 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lexedf.dll
- 2009-08-01 17:33 . 2001-06-07 03:39 173315 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lexdrvin.exe
+ 2001-06-07 03:39 . 2001-06-07 03:39 173315 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\lexdrvin.exe
+ 2006-04-17 17:42 . 2006-04-17 17:42 311296 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEXBCES.EXE
- 2009-08-01 17:33 . 2006-04-17 17:42 311296 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEXBCES.EXE
- 2009-08-01 17:33 . 2006-04-17 17:41 147456 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEXBCE.DLL
+ 2006-04-17 17:41 . 2006-04-17 17:41 147456 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEXBCE.DLL
+ 2006-04-17 17:42 . 2006-04-17 17:42 198144 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEX2KUSB.DLL
- 2009-08-01 17:33 . 2006-04-17 17:42 198144 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LEX2KUSB.DLL
- 2009-08-01 17:33 . 2001-12-11 01:48 189916 c:\windows\system32\spool\drivers\w32x86\3\WAVS.EXE
+ 2001-12-11 01:48 . 2001-12-11 01:48 189916 c:\windows\system32\spool\drivers\w32x86\3\WAVS.EXE
- 2009-08-01 17:33 . 1998-10-06 14:12 152576 c:\windows\system32\spool\drivers\w32x86\3\ptzipw32.dll
+ 1998-10-06 14:12 . 1998-10-06 14:12 152576 c:\windows\system32\spool\drivers\w32x86\3\ptzipw32.dll
+ 2006-05-11 04:16 . 2006-05-11 04:16 278528 c:\windows\system32\spool\drivers\w32x86\3\LXDAUTIL.DLL
- 2009-08-01 17:33 . 2006-05-11 04:16 278528 c:\windows\system32\spool\drivers\w32x86\3\LXDAUTIL.DLL
- 2009-08-01 17:33 . 2006-05-11 04:35 192512 c:\windows\system32\spool\drivers\w32x86\3\LXDAUPDR.DLL
+ 2006-05-11 04:35 . 2006-05-11 04:35 192512 c:\windows\system32\spool\drivers\w32x86\3\LXDAUPDR.DLL
+ 2006-05-11 04:48 . 2006-05-11 04:48 101376 c:\windows\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE
- 2009-08-01 17:33 . 2006-05-11 04:48 101376 c:\windows\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE
- 2009-08-01 17:33 . 2006-05-11 04:48 860160 c:\windows\system32\spool\drivers\w32x86\3\LXDASTRN.DLL
+ 2006-05-11 04:48 . 2006-05-11 04:48 860160 c:\windows\system32\spool\drivers\w32x86\3\LXDASTRN.DLL
+ 2001-03-28 06:57 . 2001-03-28 06:57 245760 c:\windows\system32\spool\drivers\w32x86\3\lxdask2.dll
- 2009-08-01 17:33 . 2001-03-28 06:57 245760 c:\windows\system32\spool\drivers\w32x86\3\lxdask2.dll
+ 2002-03-13 07:41 . 2002-03-13 07:41 204800 c:\windows\system32\spool\drivers\w32x86\3\lxdask1.dll
- 2009-08-01 17:33 . 2002-03-13 07:41 204800 c:\windows\system32\spool\drivers\w32x86\3\lxdask1.dll
- 2009-08-01 17:33 . 2006-04-07 05:27 159744 c:\windows\system32\spool\drivers\w32x86\3\lxdask0.dll
+ 2006-04-07 05:27 . 2006-04-07 05:27 159744 c:\windows\system32\spool\drivers\w32x86\3\lxdask0.dll
- 2009-08-01 17:33 . 2006-05-11 04:35 536576 c:\windows\system32\spool\drivers\w32x86\3\LXDAPSWR.DLL
+ 2006-05-11 04:35 . 2006-05-11 04:35 536576 c:\windows\system32\spool\drivers\w32x86\3\LXDAPSWR.DLL
+ 2006-05-11 04:26 . 2006-05-11 04:26 225280 c:\windows\system32\spool\drivers\w32x86\3\LXDAPSW.DLL
- 2009-08-01 17:33 . 2006-05-11 04:26 225280 c:\windows\system32\spool\drivers\w32x86\3\LXDAPSW.DLL
+ 2006-05-11 04:29 . 2006-05-11 04:29 446464 c:\windows\system32\spool\drivers\w32x86\3\LXDAPRP.DLL
- 2009-08-01 17:33 . 2006-05-11 04:29 446464 c:\windows\system32\spool\drivers\w32x86\3\LXDAPRP.DLL
+ 2006-05-11 04:24 . 2006-05-11 04:24 651264 c:\windows\system32\spool\drivers\w32x86\3\LXDALPA.DLL
- 2009-08-01 17:33 . 2006-05-11 04:24 651264 c:\windows\system32\spool\drivers\w32x86\3\LXDALPA.DLL
+ 2006-05-11 04:34 . 2006-05-11 04:34 385024 c:\windows\system32\spool\drivers\w32x86\3\LXDAJSWR.DLL
- 2009-08-01 17:33 . 2006-05-11 04:34 385024 c:\windows\system32\spool\drivers\w32x86\3\LXDAJSWR.DLL
- 2009-08-01 17:33 . 2006-05-11 04:17 102400 c:\windows\system32\spool\drivers\w32x86\3\LXDAJSW.DLL
+ 2006-05-11 04:17 . 2006-05-11 04:17 102400 c:\windows\system32\spool\drivers\w32x86\3\LXDAJSW.DLL
- 2009-08-01 17:33 . 2006-05-09 20:27 466944 c:\windows\system32\spool\drivers\w32x86\3\LXDAICUR.DLL
+ 2006-05-09 20:27 . 2006-05-09 20:27 466944 c:\windows\system32\spool\drivers\w32x86\3\LXDAICUR.DLL
+ 2006-01-16 14:10 . 2006-01-16 14:10 983121 c:\windows\system32\spool\drivers\w32x86\3\LXDAGF.DLL
- 2009-08-01 17:33 . 2006-01-16 14:10 983121 c:\windows\system32\spool\drivers\w32x86\3\LXDAGF.DLL
+ 2006-05-09 20:26 . 2006-05-09 20:26 208896 c:\windows\system32\spool\drivers\w32x86\3\LXDAFC5C.DLL
- 2009-08-01 17:33 . 2006-05-09 20:26 208896 c:\windows\system32\spool\drivers\w32x86\3\LXDAFC5C.DLL
- 2009-08-01 17:33 . 2006-04-17 17:41 174592 c:\windows\system32\spool\drivers\w32x86\3\LEXPPS.EXE
+ 2006-04-17 17:41 . 2006-04-17 17:41 174592 c:\windows\system32\spool\drivers\w32x86\3\LEXPPS.EXE
+ 2006-04-17 17:41 . 2006-04-17 17:41 201216 c:\windows\system32\spool\drivers\w32x86\3\LEXP2P32.DLL
- 2009-08-01 17:33 . 2006-04-17 17:41 201216 c:\windows\system32\spool\drivers\w32x86\3\LEXP2P32.DLL
- 2009-08-01 17:33 . 2006-04-17 17:48 200704 c:\windows\system32\spool\drivers\w32x86\3\lexlmpm.dll
+ 2006-04-17 17:48 . 2006-04-17 17:48 200704 c:\windows\system32\spool\drivers\w32x86\3\lexlmpm.dll
- 2009-08-01 17:33 . 2006-05-11 04:45 430080 c:\windows\system32\spool\drivers\w32x86\3\LEXEDF.DLL
+ 2006-05-11 04:45 . 2006-05-11 04:45 430080 c:\windows\system32\spool\drivers\w32x86\3\LEXEDF.DLL
+ 2001-06-07 03:39 . 2001-06-07 03:39 173315 c:\windows\system32\spool\drivers\w32x86\3\lexdrvin.exe
- 2009-08-01 17:33 . 2001-06-07 03:39 173315 c:\windows\system32\spool\drivers\w32x86\3\lexdrvin.exe
- 2009-08-01 17:33 . 2006-04-17 17:42 311296 c:\windows\system32\spool\drivers\w32x86\3\LEXBCES.EXE
+ 2006-04-17 17:42 . 2006-04-17 17:42 311296 c:\windows\system32\spool\drivers\w32x86\3\LEXBCES.EXE
+ 2006-04-17 17:41 . 2006-04-17 17:41 147456 c:\windows\system32\spool\drivers\w32x86\3\LEXBCE.DLL
- 2009-08-01 17:33 . 2006-04-17 17:41 147456 c:\windows\system32\spool\drivers\w32x86\3\LEXBCE.DLL
- 2009-08-01 17:33 . 2006-04-17 17:42 198144 c:\windows\system32\spool\drivers\w32x86\3\LEX2KUSB.DLL
+ 2006-04-17 17:42 . 2006-04-17 17:42 198144 c:\windows\system32\spool\drivers\w32x86\3\LEX2KUSB.DLL
+ 2001-08-17 22:30 . 2009-09-27 13:49 392432 c:\windows\system32\perfh009.dat
+ 2006-04-17 17:41 . 2006-04-17 17:41 174592 c:\windows\system32\LEXPPS.EXE
- 2009-08-01 17:33 . 2006-04-17 17:41 174592 c:\windows\system32\LEXPPS.EXE
- 2009-08-01 17:33 . 2006-04-17 17:41 201216 c:\windows\system32\LEXP2P32.DLL
+ 2006-04-17 17:41 . 2006-04-17 17:41 201216 c:\windows\system32\LEXP2P32.DLL
+ 2006-04-17 17:48 . 2006-04-17 17:48 200704 c:\windows\system32\lexlmpm.dll
- 2009-08-01 17:33 . 2006-04-17 17:48 200704 c:\windows\system32\lexlmpm.dll
+ 2006-04-17 17:42 . 2006-04-17 17:42 311296 c:\windows\system32\LEXBCES.EXE
- 2009-08-01 17:33 . 2006-04-17 17:42 311296 c:\windows\system32\LEXBCES.EXE
+ 2006-04-17 17:41 . 2006-04-17 17:41 147456 c:\windows\system32\LEXBCE.DLL
- 2009-08-01 17:33 . 2006-04-17 17:41 147456 c:\windows\system32\LEXBCE.DLL
+ 2006-04-17 17:42 . 2006-04-17 17:42 198144 c:\windows\system32\LEX2KUSB.DLL
- 2009-08-01 17:33 . 2006-04-17 17:42 198144 c:\windows\system32\LEX2KUSB.DLL
+ 2009-10-01 08:31 . 2009-10-01 08:31 149280 c:\windows\system32\javaws.exe
+ 2009-10-01 08:31 . 2009-10-01 08:31 145184 c:\windows\system32\javaw.exe
+ 2009-10-01 08:31 . 2009-10-01 08:31 145184 c:\windows\system32\java.exe
+ 2009-09-23 13:37 . 2009-09-23 13:37 161862 c:\windows\Installer\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\ARPPRODUCTICON.exe
- 2009-09-19 16:07 . 2009-09-19 16:07 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2006-05-11 04:35 . 2006-05-11 04:35 2011136 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPRPR.DLL
- 2009-08-01 17:33 . 2006-05-11 04:35 2011136 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDAPRPR.DLL
- 2009-08-01 17:33 . 2006-05-11 04:35 4243456 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDALPAR.DLL
+ 2006-05-11 04:35 . 2006-05-11 04:35 4243456 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDALPAR.DLL
+ 2006-05-09 20:43 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDACLR3.DLL
- 2009-08-01 17:33 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDACLR3.DLL
+ 2006-05-09 20:43 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDACLR2.DLL
- 2009-08-01 17:33 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDACLR2.DLL
- 2009-08-01 17:33 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDACLR1.DLL
+ 2006-05-09 20:43 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\lexmark_640_seriesc231\LXDACLR1.DLL
+ 2006-05-11 04:35 . 2006-05-11 04:35 2011136 c:\windows\system32\spool\drivers\w32x86\3\LXDAPRPR.DLL
- 2009-08-01 17:33 . 2006-05-11 04:35 2011136 c:\windows\system32\spool\drivers\w32x86\3\LXDAPRPR.DLL
- 2009-08-01 17:33 . 2006-05-11 04:35 4243456 c:\windows\system32\spool\drivers\w32x86\3\LXDALPAR.DLL
+ 2006-05-11 04:35 . 2006-05-11 04:35 4243456 c:\windows\system32\spool\drivers\w32x86\3\LXDALPAR.DLL
- 2009-08-01 17:33 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\3\LXDACLR3.DLL
+ 2006-05-09 20:43 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\3\LXDACLR3.DLL
+ 2006-05-09 20:43 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\3\LXDACLR2.DLL
- 2009-08-01 17:33 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\3\LXDACLR2.DLL
+ 2006-05-09 20:43 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\3\LXDACLR1.DLL
- 2009-08-01 17:33 . 2006-05-09 20:43 1449984 c:\windows\system32\spool\drivers\w32x86\3\LXDACLR1.DLL
+ 2009-10-01 08:31 . 2009-10-01 08:31 1757696 c:\windows\Installer\3b8fc1.msi
+ 2009-10-06 19:49 . 2009-10-06 19:49 2924544 c:\windows\Installer\124fb.msi
- 2009-09-19 16:07 . 2009-09-19 16:07 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-19 16:07 . 2009-09-19 16:07 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-30 15:34 . 2009-09-30 15:34 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-23 13:37 . 2009-09-23 13:37 80038400 c:\windows\Installer\8633b.msi
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13524992]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-11 86016]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-11 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-04-11 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Przemek\Menu Start\Programy\Autostart\
RivaTuner.lnk - c:\program files\RivaTuner v2.24\RivaTuner.exe [2009-2-25 2781184]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\bf2\\BF2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2009-08-05 6656]
R3 glauiad;SMC ADSL Barricade;c:\windows\system32\drivers\glauiad.sys [2009-09-18 29603]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2009-08-05 28672]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-09-01 45440]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.interia.pl/
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Pobierz wszystko przez FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Pobrane przez FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
TCP: {1565097D-FC98-42D9-B2A6-C7BEF57BA4BC} = 217.8.168.244,157.25.5.18
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 15:55
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bcserver]
"ImagePath"="c:\program files\Bandwidth Controller Standard Server\bcserver.service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1229272821-884357618-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:39,b3,d4,02,1f,da,e3,85,05,bf,07,05,45,35,e1,74,a9,c2,33,67,29,
d7,11,14,c3,1e,c0,d5,fa,e0,87,55,d4,ea,5b,51,73,ca,ab,3b,20,0a,3f,6f,5c,19,\
"rkeysecu"=hex:e5,66,88,9e,9b,db,a6,11,18,1a,02,f3,d0,1c,c2,a4
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1336)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1392)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
- - - - - - - > 'explorer.exe'(3920)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\program files\Netropa\Multimedia Keyboard\nhkdll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Netropa\Onscreen Display\osd.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
.
**************************************************************************
.
Czas ukończenia: 2009-10-07 15:57 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-10-07 13:57
ComboFix2.txt 2009-09-21 11:00
ComboFix3.txt 2009-09-17 14:56
ComboFix4.txt 2009-09-07 11:18
Przed: 4 555 038 720 bajtów wolnych
Po: 4 540 633 088 bajtów wolnych
468
A tutaj z HIJJACK:
Logfile of HijackThis v1.99.1
Scan saved at 09:05:53, on 2009-10-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RivaTuner v2.24\RivaTuner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Przemek\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="G:\Redistributables\PhysX_SystemSoftware.exe"
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.24\RivaTuner.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Pobierz wszystko przez FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Pobrane przez FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1565097D-FC98-42D9-B2A6-C7BEF57BA4BC}: NameServer = 217.8.168.244,157.25.5.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{1565097D-FC98-42D9-B2A6-C7BEF57BA4BC}: NameServer = 217.8.168.244,157.25.5.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{1565097D-FC98-42D9-B2A6-C7BEF57BA4BC}: NameServer = 217.8.168.244,157.25.5.18
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Wylecz pamięci przenośne Flash Disinfector lub sformatuj
Uruchom HijackThis Do a system scan only w okienku programu pokaże się log zaznacz kratki przy podanych wpisach klikasz Fix checked
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="G:\Redistributables\PhysX_SystemSoftware.exe"
W logach nic więcej nie widać.
Pobierz OTC uruchom i kliknij CleanUp
Przeczyść dysk oraz rejestr CCleaner
Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja
Wykonaj pełne skanowanie Dr.Web CureIt - jeśli coś znajdzie usuń i daj raport (Plik Zapisz Listę Raportu)
dziękuję zrobiłem jak napisałeś...na szybkim skanowaniu nic nie wykryto,pełnego nie zdążę zrobić bo muszę wyjechać i wrócę w weekend - wtedy dam znać...pozdrawiam i jeszcze raz dzięki...
oto najnowsze logi z hijack:
Logfile of HijackThis v1.99.1
Scan saved at 13:42:09, on 2009-10-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Przemek\Pulpit\HIJACK\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Przemek\USTAWI~1\Temp\herss.exe
O9 - Extra button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
ORAZ WYNIK SKANOWANIA DR.WEB
(znalazł trochę trojanów)
1di1w.exe;C:\;Trojan.PWS.Wsgame.12661;Usunięty.;
00000005.bak;C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\PdmHist\334.718090A401CA4B17.history;Trojan.PWS.Wsgame.12661;Usunięty.;
A0059362.exe;C:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
A0059386.exe;C:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
A0060380.exe;C:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
A0061389.exe;C:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
1di1w.exe;D:\;Trojan.PWS.Wsgame.12661;Usunięty.;
A0059363.exe;D:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
A0059387.exe;D:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
A0060381.exe;D:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
A0061530.exe;D:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP145;Trojan.PWS.Wsgame.12661;Usunięty.;
1di1w.exe;E:\;Trojan.PWS.Wsgame.12661;Usunięty.;
BSINSTALLPL_(www.programs.pl).exe\data018;E:\programy\BSINSTALLPL_(www.programs.pl).exe;Adware.SearchAid.40;;
BSINSTALLPL_(www.programs.pl).exe/data025\data004;E:\programy\BSINSTALLPL_(www.programs.pl).exe/data025;Adware.Websearch.54;;
BSINSTALLPL_(www.programs.pl).exe/data025\data005;E:\programy\BSINSTALLPL_(www.programs.pl).exe/data025;Adware.Msearch;;
data025;E:\programy;Kontener zawiera zainfekowane obiekty;;
BSINSTALLPL_(www.programs.pl).exe;E:\programy;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
Flash_Disinfector.exe\nircmd.exe;E:\programy\Flash_Disinfector.exe;Tool.NirCmd.1;;
Flash_Disinfector.exe;E:\programy;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
A0059364.exe;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
A0059388.exe;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
A0060382.exe;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP142;Trojan.PWS.Wsgame.12661;Usunięty.;
A0061539.exe;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP145;Trojan.PWS.Wsgame.12661;Usunięty.;
A0061540.exe\data018;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP145\A0061540.exe;Adware.SearchAid.40;;
A0061540.exe/data025\data004;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP145\A0061540.exe/data025;Adware.Websearch.54;;
A0061540.exe/data025\data005;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP145\A0061540.exe/data025;Adware.Msearch;;
data025;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP145;Kontener zawiera zainfekowane obiekty;;
A0061540.exe;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP145;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
A0061541.exe\nircmd.exe;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP145\A0061541.exe;Tool.NirCmd.1;;
A0061541.exe;E:\System Volume Information\_restore{B782E8BD-37FB-4B8A-9C6A-9715AF1B1B38}\RP145;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
NA RAZIE KOMPUTER ZACHOWUJE SIĘ STBILNIE ---DZIĘKUJĘ ZA POMOC )))))
Z loga HijackThis wynika, że ponownie się zainfekowałeś. W takim razie podaj log z OTL http://www.instalki.pl/pr...spyware/OTL.php
zrobię to dopiero jutro,w takim razie przeskanuję komputer programem,który podałeś(kurcze logi z HIJACK były robione tuz po skanowaniu DR.WEB),dodatkowo antywirusem(mam nod32+outpost firewall) i zdam ralacje..pozdr.
Witam.
Przeskanowałem komputer NOD'em32-nic nie wykrył/następnie ponownie DR.WEB(coś znalazł)/HIJACK i OTL..Poniżej logi:
1.OTL
2.HIJACK
3.DR.WEB
Jeśli dalej jest coś nie tak będe wdzięczny za wskazówki co można jeszcze zrobić..pozdr i dziękuję...
1.OTL
OTL logfile created on: 2009-10-13 17:20:16 - Run 2
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Przemek\Pulpit\HIJACK
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 4,95 Gb Free Space | 50,67% Space Free | Partition Type: NTFS
Drive D: | 68,36 Gb Total Space | 31,44 Gb Free Space | 45,99% Space Free | Partition Type: NTFS
Drive E: | 70,91 Gb Total Space | 43,41 Gb Free Space | 61,22% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 3,73 Gb Total Space | 1,45 Gb Free Space | 38,86% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: PEPE-F84DB619D9
Current User Name: Przemek
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009-10-13 14:33:24 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Przemek\Pulpit\HIJACK\OTL.exe
PRC - [2009-10-11 22:40:06 | 00,190,216 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
PRC - [2009-10-01 10:31:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-10-01 10:31:32 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-08-01 23:30:04 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2009-05-14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009-05-14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009-04-23 15:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009-04-18 16:54:18 | 00,587,776 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe
PRC - [2009-04-18 16:48:42 | 01,154,048 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe
PRC - [2008-04-11 11:33:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006-04-17 19:42:14 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2006-04-17 19:41:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2004-08-03 23:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004-08-03 23:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002-08-07 00:28:38 | 00,110,592 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
PRC - [2002-07-12 00:22:58 | 00,176,128 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
PRC - [2001-11-14 04:03:12 | 00,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Onscreen Display\OSD.exe
PRC - [2001-08-06 06:41:48 | 00,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
========== Win32 Services (SafeList) ==========
SRV - [2009-10-11 22:40:06 | 00,190,216 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2009-10-01 10:31:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009-08-01 23:30:04 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009-05-14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009-05-14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2009-04-18 16:54:18 | 00,587,776 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv [Auto | Running])
SRV - [2008-04-11 11:33:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2006-04-17 19:42:14 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004-08-03 23:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2001-08-06 06:41:48 | 00,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2009-10-11 22:40:16 | 00,139,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
DRV - [2009-09-17 16:01:44 | 00,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2009-08-01 19:46:10 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-05-14 15:49:32 | 00,094,360 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2009-05-14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV - [2009-05-14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2009-04-28 22:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009-04-06 11:37:46 | 00,033,888 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\Filt\ASWFilt.dll -- (ASWFilt [On_Demand | Stopped])
DRV - [2009-04-06 11:37:12 | 00,704,384 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys -- (SandBox [System | Running])
DRV - [2009-02-25 19:55:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Running])
DRV - [2009-02-18 17:30:56 | 00,031,128 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\DRIVERS\afw.sys -- (afw [On_Demand | Running])
DRV - [2009-02-10 16:15:42 | 00,257,432 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys -- (afwcore [On_Demand | Running])
DRV - [2008-04-11 11:33:00 | 06,546,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007-06-29 14:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
DRV - [2007-05-14 23:41:46 | 00,014,336 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amusbprt.sys -- (Amusbprt [On_Demand | Stopped])
DRV - [2007-05-14 23:38:22 | 00,009,216 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amfilter.sys -- (Amfilter [System | Running])
DRV - [2007-01-30 12:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006-10-18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006-06-14 13:44:30 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO_XP.sys -- (EIO_XP [System | Running])
DRV - [2005-06-15 10:01:40 | 00,045,440 | ---- | M] (OrangeWare Corporation) -- C:\WINDOWS\System32\Drivers\ousbehci.sys -- (ousbehci [Auto | Stopped])
DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004-10-25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2004-07-17 10:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003-12-08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003-12-08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2003-03-07 15:07:58 | 00,029,603 | ---- | M] (GlobespanVirata Inc.) -- C:\WINDOWS\System32\DRIVERS\glauiad.sys -- (glauiad [On_Demand | Stopped])
DRV - [2001-12-20 09:02:12 | 00,006,656 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys -- (msikbd2k [System | Running])
DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-10-01 10:31:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe File not found
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Przemek\Ustawienia lokalne\temp\herss.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra Button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macrome...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-01 19:14:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-10-08 14:57:16 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-08 14:57:16 | 00,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-08 14:57:16 | 00,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-13 17:20:10 | 00,000,063 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{09aeba34-aacd-11de-b38b-0085a0010104}\Shell\AutoRun\command - "" = F:\1di1w.exe -- File not found
O33 - MountPoints2\{09aeba34-aacd-11de-b38b-0085a0010104}\Shell\open\Command - "" = F:\1di1w.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009-10-12 12:10:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Agnitum
[2009-10-12 11:37:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2009-10-07 19:26:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Dane aplikacji\BitTorrent
[2009-10-08 11:35:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Dane aplikacji\Help
[2009-09-14 11:47:41 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Przemek\Dane aplikacji\SecuROM
[2009-10-01 10:05:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Dane aplikacji\Sun
[2009-10-04 17:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Dane aplikacji\Thinstall
[2009-10-01 10:35:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Dane aplikacji\VitySoft
[2009-10-12 13:11:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\ESET
[2009-10-08 11:35:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\Help
[2009-09-19 18:08:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009-10-12 12:11:02 | 00,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2009-10-07 19:26:40 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009-10-08 15:02:52 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009-10-12 11:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009-09-18 15:59:15 | 00,000,000 | ---D | C] -- C:\Program Files\GlobespanVirata
[2009-10-06 09:55:23 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 640 Series
[2009-09-14 11:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009-10-08 12:53:24 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2009-10-08 10:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-10-12 12:12:08 | 00,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2009-10-12 12:11:58 | 00,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2009-10-12 12:11:25 | 00,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2009-10-12 12:11:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Filt
[2009-10-08 15:02:23 | 17,894,072 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Przemek\Pulpit\launch.exe
[2009-10-08 14:57:16 | 00,000,000 | ---D | C] -- C:\autorun.inf
[2009-10-08 10:06:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Pulpit\HIJACK
[2009-10-07 17:32:43 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-10-07 15:53:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-10-07 12:45:58 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009-10-06 21:46:01 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009-10-06 10:49:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Pulpit\labor
[2009-10-05 15:21:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Pulpit\link 4
[2009-10-04 16:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Pulpit\profilaktyka
[2009-10-01 10:31:43 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009-10-01 10:31:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009-10-01 10:31:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009-10-01 10:31:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009-10-01 10:31:43 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009-09-26 21:47:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009-09-23 15:40:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Moje dokumenty\Call of Juarez - Bound in Blood
[2009-09-20 19:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Pulpit\torr
[2009-09-18 15:59:15 | 00,029,603 | ---- | C] (GlobespanVirata Inc.) -- C:\WINDOWS\System32\drivers\glauiad.sys
[2009-09-17 21:51:10 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009-09-17 21:42:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009-09-17 19:54:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009-09-14 12:14:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Przemek\Moje dokumenty\Rockstar Games
[2009-09-14 12:09:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\microsoft
[2009-09-14 11:45:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2009-09-14 11:15:11 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2004-11-24 20:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009-10-13 17:19:41 | 00,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2009-10-13 17:19:33 | 00,169,961 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-10-13 17:19:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-13 17:19:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-10-13 17:19:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-10-13 17:16:03 | 00,000,203 | ---- | M] () -- C:\Documents and Settings\Przemek\Pulpit\DrWeb.csv
[2009-10-13 15:27:19 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-12 13:30:53 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-12 10:36:18 | 17,894,072 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Przemek\Pulpit\launch.exe
[2009-10-12 07:22:44 | 00,114,888 | RHS- | M] () -- C:\mje12tni.exe
[2009-10-11 22:40:16 | 00,139,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-10-11 22:40:06 | 00,190,216 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009-10-11 22:40:06 | 00,190,216 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009-10-11 19:06:05 | 00,000,350 | ---- | M] () -- C:\Documents and Settings\Przemek\Pulpit\Skrót do gosia.lnk
[2009-10-08 15:02:53 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\Przemek\Pulpit\CCleaner.lnk
[2009-10-08 12:55:09 | 00,001,535 | ---- | M] () -- C:\WINDOWS\bestplayer.ini
[2009-10-08 12:55:09 | 00,001,017 | ---- | M] () -- C:\WINDOWS\bestplayer.bbt
[2009-10-08 12:55:09 | 00,000,072 | ---- | M] () -- C:\WINDOWS\bestplayer.bpp
[2009-10-08 12:53:24 | 00,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2009-10-08 12:06:29 | 00,000,214 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2009-10-07 19:26:45 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BitTorrent.lnk
[2009-10-07 15:55:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-10-07 15:55:00 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-10-01 10:31:32 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009-10-01 10:31:32 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009-10-01 10:31:32 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009-10-01 10:31:32 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009-10-01 10:31:32 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009-09-30 14:32:09 | 00,012,712 | ---- | M] () -- C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-09-27 20:57:37 | 00,094,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-09-27 15:49:40 | 00,448,348 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-09-27 15:49:40 | 00,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-09-27 15:49:40 | 00,074,450 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-09-27 15:49:40 | 00,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-09-21 13:01:23 | 06,910,630 | -H-- | M] () -- C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-09-17 17:41:34 | 00,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009-09-17 16:01:44 | 00,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys
[2009-09-14 11:45:29 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2009-09-14 11:45:06 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009-09-14 11:19:04 | 01,069,248 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-09-14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
========== Files - No Company Name ==========
[2009-10-13 17:16:03 | 00,000,203 | ---- | C] () -- C:\Documents and Settings\Przemek\Pulpit\DrWeb.csv
[2009-10-12 12:11:29 | 00,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2009-10-12 07:33:10 | 00,114,888 | RHS- | C] () -- C:\mje12tni.exe
[2009-10-11 19:06:05 | 00,000,350 | ---- | C] () -- C:\Documents and Settings\Przemek\Pulpit\Skrót do gosia.lnk
[2009-10-08 15:02:53 | 00,001,554 | ---- | C] () -- C:\Documents and Settings\Przemek\Pulpit\CCleaner.lnk
[2009-10-08 12:53:24 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2009-10-07 19:26:45 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\BitTorrent.lnk
[2009-09-18 15:59:15 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2009-09-18 15:59:15 | 00,014,911 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2009-09-17 16:03:03 | 00,001,570 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2009-09-14 11:45:29 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2009-08-05 15:49:07 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009-08-05 14:21:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2009-08-05 14:21:12 | 00,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2009-08-05 10:36:18 | 00,001,535 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2009-08-03 12:46:25 | 00,012,712 | ---- | C] () -- C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-08-02 20:55:20 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-02 20:55:17 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-01 23:36:28 | 00,139,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-08-01 21:06:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2009-08-01 20:46:59 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009-08-01 20:38:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009-08-01 19:49:51 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2009-08-01 19:40:21 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-08-01 19:33:53 | 00,000,214 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2009-08-01 19:20:14 | 06,910,630 | -H-- | C] () -- C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-08-01 19:17:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Przemek\Dane aplikacji\desktop.ini
[2007-07-23 04:34:17 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-07-23 04:34:17 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-07-23 04:34:17 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-07-23 04:34:17 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-07-23 04:34:17 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-10-14 11:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005-10-14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-10-14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-10-14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-10-14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-10-14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005-10-14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004-10-12 07:40:58 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004-10-12 07:39:48 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004-10-12 07:39:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004-10-09 07:40:16 | 00,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004-10-05 09:16:08 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004-10-03 18:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004-08-03 23:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-07-17 10:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001-07-22 01:16:20 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 01:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1996-04-03 21:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >
2.HIJACK
Logfile of HijackThis v1.99.1
Scan saved at 17:19:57, on 2009-10-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Przemek\Pulpit\HIJACK\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Przemek\USTAWI~1\Temp\herss.exe
O9 - Extra button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
3.DR.WEB
sp1jensi.exe;H:\;Trojan.PWS.Wsgame.12661;Usunięty.;
1di1w.exe;H:\;Trojan.PWS.Wsgame.12661;Usunięty.;
f9o8o.exe;H:\;Trojan.PWS.Wsgame.12661;Usunięty.;
ctu8r.exe;H:\;Trojan.PWS.Wsgame.12661;Usunięty.;
W OTL wklej:
:OTL
PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Przemek\Ustawienia lokalne\temp\herss.exe ()
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O32 - AutoRun File - [2009-10-13 17:20:10 | 00,000,063 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
:Files
C:\mje12tni.exe
D:\mje12tni.exe
E:\mje12tni.exe
H:\mje12tni.exe
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
:Commands
[emptytemp]
[start explorer]
[Reboot]
Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL.
