ADVERTISEMENT

OTL.Txt

Czy Trojan.Obfuscated.Ahkr i Win32:Rootkit-gen [Rtk] to fałszywe alarmy?

Acorus 20, w załączniku zamieszczam dwa logi z OTL. Zgodnie z Twoimi sugestiami wykasowałem plik z MBAM oraz wyczyściłem kwarantannę Avasta. Po ponownym uruchomieniu MBAM nie wykrył nic, Avast z kolei (po uruchomieniu pełnego skanowania systemu) umieścił w kwarantannie plik, którego opis zamieściłem w załączniku. Ponieważ wcześniej wykasowałem całkowicie grę Nascar Racing 2003 Season, przed skanem OTL zainstalowałem ją ponownie. Oczywiście problem pojawił się przy instalacji patcha i znów, wspomniany we wcześniejszym moim poście, plik powędrował do kwarantanny. Wtedy uruchomiłem OTL a logi z tego skanowania umieściłem w załącznikach. http://obrazki.elektroda.pl/3665271600_1294848074.jpg


Download file - link to post

OTL logfile created on: 2011-01-12 18:25:28 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = D:\Oglądnąć i zmazać
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,01 Gb Total Space | 77,92 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Drive D: | 365,75 Gb Total Space | 238,66 Gb Free Space | 65,25% Space Free | Partition Type: NTFS

Computer Name: OEM-53F715F303D | User Name: Oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-01-12 18:19:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Oglądnąć i zmazać\OTL.exe
PRC - [2010-12-31 21:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-12-31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-04-10 18:29:08 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-05-13 17:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008-05-02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008-05-02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-04-18 10:16:02 | 000,073,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Profiler\LWEMon.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-01-12 18:19:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Oglądnąć i zmazać\OTL.exe
MOD - [2010-12-31 21:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009-07-12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008-05-02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-12-31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-12-12 23:38:41 | 000,316,888 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2008-05-13 17:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008-05-02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008-02-18 16:32:36 | 000,415,128 | ---- | M] (Cenega Poland Sp. z o.o.) [Auto | Stopped] -- C:\WINDOWS\System32\pr2aqtab.exe -- (pr2aqtab) XIII Wiek: Smiec lub chwaka Drivers Auto Removal (pr2aqtab)
SRV - [2007-07-09 18:21:41 | 000,406,888 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\WINDOWS\System32\pr2ah4nb.exe -- (pr2ah4nb) DiRT Drivers Auto Removal (pr2ah4nb)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-01-12 18:10:32 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-12-31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-12-31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-12-31 20:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-12-31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-12-31 20:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010-12-31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-12-12 23:38:41 | 003,332,784 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2010-01-27 03:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009-10-08 14:51:05 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-10-08 14:51:05 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-04-30 21:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-05-07 12:21:40 | 004,739,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-15 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-29 02:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008-02-29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008-02-29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008-02-29 02:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008-02-29 02:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008-02-18 16:32:03 | 000,065,176 | ---- | M] (Cenega Poland Sp. z o.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3aqtab.sys -- (pe3aqtab) XIII Wiek: Smiec lub chwaka Environment Driver (pe3aqtab)
DRV - [2008-02-18 16:31:17 | 000,068,768 | ---- | M] (Cenega Poland Sp. z o.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ps7aqtab.sys -- (ps7aqtab) XIII Wiek: Smiec lub chwaka Synchronization Driver (ps7aqtab)
DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-07-09 18:21:20 | 000,064,616 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3ah4nb.sys -- (pe3ah4nb) DiRT Environment Driver (pe3ah4nb)
DRV - [2007-07-09 18:20:56 | 000,054,896 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ps6ah4nb.sys -- (ps6ah4nb) DiRT Synchronization Driver (ps6ah4nb)
DRV - [2005-12-12 20:12:01 | 000,049,664 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2005-09-29 18:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005-08-10 15:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005-08-10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005-05-16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005-04-12 18:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005-04-12 18:21:32 | 000,017,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2005-04-12 18:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005-04-12 18:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005-04-12 18:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2003-01-17 03:59:56 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys -- (papycpu2)
DRV - [2003-01-17 03:59:56 | 000,001,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\papyjoy.sys -- (papyjoy)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0


IE - HKU\S-1-5-21-343818398-861567501-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/
IE - HKU\S-1-5-21-343818398-861567501-1606980848-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-343818398-861567501-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0



O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-343818398-861567501-1606980848-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-343818398-861567501-1606980848-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-343818398-861567501-1606980848-1004..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-861567501-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8 - Extra context menu item: & Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O15 - HKU\S-1-5-21-343818398-861567501-1606980848-1004\..Trusted Domains: mks.com.pl ([]http in Zaufane witryny)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab (MainControl Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.2.2 193.138.140.6
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Oem\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Oem\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-18 12:39:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37 - HKLM\...com [@ = comfile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-01-11 21:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Papyrus
[2011-01-09 11:35:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Oem\Recent
[2011-01-08 12:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oem\Pulpit\DDD
[2010-12-29 22:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra OnLine
[5 C:\WINDOWS\*.tmp files - & gt; C:\WINDOWS\*.tmp - & gt; ]
[3 C:\WINDOWS\System32\*.tmp files - & gt; C:\WINDOWS\System32\*.tmp - & gt; ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-01-12 18:10:32 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2011-01-12 18:10:23 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011-01-12 18:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-01-11 21:45:34 | 000,000,527 | ---- | M] () -- C:\WINDOWS\Sierra.ini
[2011-01-11 20:52:45 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Oem\Pulpit\Microsoft Word.lnk
[2011-01-09 16:41:18 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-01-09 11:31:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-01-08 21:14:52 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Oem\Pulpit\Microsoft Excel.lnk
[2010-12-31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010-12-31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-12-31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-12-31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-12-31 20:59:11 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-12-31 20:59:07 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-12-31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-12-31 20:56:29 | 000,029,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-12-31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-12-15 03:19:55 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-15 03:03:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files - & gt; C:\WINDOWS\*.tmp - & gt; ]
[3 C:\WINDOWS\System32\*.tmp files - & gt; C:\WINDOWS\System32\*.tmp - & gt; ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-10-01 23:41:41 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Oem\Dane aplikacji\setup.log
[2010-10-01 23:41:39 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Oem\Dane aplikacji\setup_ldm.iss
[2010-06-17 11:30:49 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Vtw.INI
[2010-06-16 18:54:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010-05-13 22:56:47 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010-01-27 03:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009-12-06 15:50:24 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2009-10-20 00:23:46 | 000,178,960 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-10-08 14:51:05 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-10-08 14:51:05 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-09-17 00:04:29 | 000,000,529 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009-09-14 10:10:36 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009-08-18 20:52:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-07-02 16:29:01 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-07-02 16:29:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-06-22 19:35:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009-06-20 13:28:23 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Oem\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-19 19:43:25 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2009-06-19 19:43:25 | 000,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2009-06-19 19:39:38 | 000,000,527 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2009-06-19 15:40:44 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-06-18 19:53:26 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-06-18 14:32:24 | 000,004,466 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-04-30 23:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-04-30 23:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-04-30 23:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-04-30 23:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[1999-01-22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2010-09-16 20:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-06-27 22:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
[2009-11-02 17:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Firefly Studios
[2010-04-02 15:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-04-28 09:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-05-13 00:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-10-06 20:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WOP
[2010-03-31 13:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oem\Dane aplikacji\ArcaBit
[2010-11-14 19:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oem\Dane aplikacji\FreeFLVConverter
[2010-04-02 15:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oem\Dane aplikacji\Gadu-Gadu 10
[2010-06-06 15:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oem\Dane aplikacji\ipla
[2010-12-21 07:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oem\Dane aplikacji\Mount & Blade
[2011-01-09 11:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oem\Dane aplikacji\Mount & Blade Ogniem i Mieczem
[2009-08-18 20:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oem\Dane aplikacji\OpenFM
[2010-03-01 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oem\Dane aplikacji\The Creative Assembly
[2010-04-05 13:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oem\Dane aplikacji\Thinstall

[color=#E56717]========== Purity Check ==========[/color]



& lt; End of report & gt;