ADVERTISEMENT

OTL55.Txt

Analiza plików OTL/EXTRAS - podejrzenie wirusa na laptopie sąsiada

Wykonałem skrypt, otrzymałem log po restarcie (1512otl) zrobiłem skan mbam i otrzymałem log (wykryto 12trojanów i 1robaka) wszystko zostało usunięte. Po wszystkim zrobiłem skan otlem (otl55) Komputer został odwirusowany, brontoka już nie mam na 100%.


Download file - link to post

OTL logfile created on: 2012-12-15 11:44:37 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,92 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 74,90% Memory free
5,85 Gb Paging File | 5,03 Gb Available in Paging File | 86,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,33 Gb Total Space | 33,88 Gb Free Space | 32,48% Space Free | Partition Type: NTFS
Drive D: | 166,02 Gb Total Space | 57,52 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 193,86 Gb Free Space | 99,26% Space Free | Partition Type: NTFS
Drive G: | 29,64 Mb Total Space | 6,83 Mb Free Space | 23,04% Space Free | Partition Type: FAT
Drive I: | 100,00 Mb Total Space | 70,31 Mb Free Space | 70,31% Space Free | Partition Type: NTFS

Computer Name: FRANEK-KOMPUTER | User Name: franek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-11-12 13:28:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2012-09-29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-05-30 07:08:28 | 001,842,384 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-11-20 22:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2007-03-02 15:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-01-10 20:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012-12-10 01:04:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-07-26 17:47:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009-07-14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012-09-29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-05-26 07:21:18 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010-11-20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-06-18 23:30:12 | 000,014,848 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV - [2010-01-13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009-09-19 04:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009-09-17 18:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009-06-22 16:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2007-11-09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & src=IE-SearchBox & FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: " http://www.google.pl/ "
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7Bc151d79e-e61b-4a90-a887-5a46d38fba99%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-10 01:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-07-29 12:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\franek\AppData\Roaming\mozilla\Extensions
[2012-12-12 18:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\franek\AppData\Roaming\mozilla\Firefox\Profiles\dkia4gij.default\extensions
[2012-08-06 12:19:24 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\franek\AppData\Roaming\mozilla\firefox\profiles\dkia4gij.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012-09-23 18:55:03 | 000,112,944 | ---- | M] () (No name found) -- C:\Users\franek\AppData\Roaming\mozilla\firefox\profiles\dkia4gij.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2012-12-12 18:48:36 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\franek\AppData\Roaming\mozilla\firefox\profiles\dkia4gij.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012-12-10 01:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-12-10 01:04:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-09-23 18:54:58 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-09-23 18:54:58 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-09-23 18:54:58 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-09-23 18:54:58 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-09-23 18:54:58 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-09-23 18:54:58 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{704FDF94-7436-4B35-8008-B2342F251C6C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83BA142A-A684-496E-A54E-69F216D84D6D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012-11-13 16:45:13 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-11-13 16:45:15 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37 - HKLM\...com [@ = comfile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-12-14 18:00:12 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\Nigga
[2012-12-14 17:57:57 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\HPSAD
[2012-12-14 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\2010
[2012-12-14 17:54:34 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\BombsAwaY
[2012-12-14 17:52:21 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\techno
[2012-12-14 17:46:19 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\DiScOpOoLo
[2012-12-14 17:45:54 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\2012
[2012-12-14 17:45:30 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\2011
[2012-12-14 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\HIPhop
[2012-12-14 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\franek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Hide Folder
[2012-12-14 14:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Hide Folder
[2012-12-14 14:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Free Hide Folder
[2012-12-13 08:27:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-12-13 08:27:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012-12-13 08:27:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-12-13 08:27:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012-12-13 08:27:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-12-13 08:27:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-12-13 08:27:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-12-13 08:27:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-12-12 14:44:56 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012-12-12 14:44:55 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012-12-12 14:44:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012-12-12 14:44:53 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012-12-12 14:44:49 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012-12-12 14:44:49 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012-12-12 14:44:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012-12-12 14:44:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012-12-12 14:44:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012-12-12 14:44:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012-12-12 14:44:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-12-12 14:44:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012-12-12 14:44:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012-12-12 14:44:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012-12-12 14:44:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012-12-12 14:44:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012-12-12 14:44:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012-12-10 01:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-11-24 17:03:57 | 000,000,000 | ---D | C] -- C:\Users\franek\AppData\Roaming\Foxit Software
[2012-11-19 16:01:02 | 000,000,000 | ---D | C] -- C:\Users\franek\Desktop\lexus
[2012-11-16 07:41:21 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012-11-16 07:41:21 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012-11-16 07:41:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012-11-16 07:41:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012-11-16 07:41:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012-11-15 20:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODT Viewer
[2012-11-15 20:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\ODT Viewer
[2012-11-15 20:20:54 | 000,000,000 | R--D | C] -- C:\Users\franek\AppData\Roaming\Brother
[2012-11-15 15:59:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012-11-15 15:59:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012-11-15 15:59:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012-11-15 15:59:36 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012-11-15 15:59:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012-11-15 15:59:34 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-12-15 11:43:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-12-15 11:42:53 | 2355,105,792 | -HS- | M] () -- C:\hiberfil.sys
[2012-12-15 11:42:14 | 000,001,325 | ---- | M] () -- C:\Users\franek\Desktop\mbam-log-z wirusami.lnk
[2012-12-15 11:36:13 | 000,000,176 | ---- | M] () -- C:\Users\franek\AppData\Local\JunkAtx.bin
[2012-12-15 11:34:01 | 000,697,912 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-12-15 11:34:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-12-15 11:34:01 | 000,134,990 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-12-15 11:34:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-12-14 15:16:24 | 000,001,484 | ---- | M] () -- C:\Users\franek\Desktop\MP2.5.lnk
[2012-12-13 16:23:14 | 003,786,698 | ---- | M] () -- C:\Users\franek\Desktop\Son of kick - Playing the villain (original mix) [HQ].mp3
[2012-12-13 08:44:51 | 000,267,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-12-13 08:43:39 | 000,016,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-12-13 08:43:39 | 000,016,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-12-12 20:43:59 | 000,065,888 | ---- | M] () -- C:\Users\franek\Desktop\14591_445607938833816_49330747_n.jpg
[2012-12-11 21:37:40 | 000,069,334 | ---- | M] () -- C:\Users\franek\Desktop\65018_445202728874337_216662841_n.jpg
[2012-11-22 03:56:02 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012-11-15 20:27:57 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\ODT Viewer.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-12-15 11:42:14 | 000,001,325 | ---- | C] () -- C:\Users\franek\Desktop\mbam-log-z wirusami.lnk
[2012-12-15 11:36:13 | 000,000,176 | ---- | C] () -- C:\Users\franek\AppData\Local\JunkAtx.bin
[2012-12-14 18:02:42 | 011,247,935 | ---- | C] () -- C:\Users\franek\Desktop\Freestylers - Cracks ft Belle Humble -Flux Pavilion Remix-.mp3
[2012-12-14 15:14:12 | 000,001,484 | ---- | C] () -- C:\Users\franek\Desktop\MP2.5.lnk
[2012-12-13 16:23:00 | 003,786,698 | ---- | C] () -- C:\Users\franek\Desktop\Son of kick - Playing the villain (original mix) [HQ].mp3
[2012-12-12 20:43:59 | 000,065,888 | ---- | C] () -- C:\Users\franek\Desktop\14591_445607938833816_49330747_n.jpg
[2012-12-11 21:37:40 | 000,069,334 | ---- | C] () -- C:\Users\franek\Desktop\65018_445202728874337_216662841_n.jpg
[2012-11-16 07:41:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-16 07:41:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-11-15 20:27:57 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\ODT Viewer.lnk
[2012-10-02 19:11:15 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2012-09-19 16:55:37 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012-09-19 16:55:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012-08-09 09:43:30 | 000,045,417 | ---- | C] () -- C:\Users\franek\AppData\Local\svchost.exe
[2012-08-09 09:43:30 | 000,045,417 | ---- | C] () -- C:\Users\franek\AppData\Local\smss.exe
[2012-08-09 09:43:30 | 000,045,417 | ---- | C] () -- C:\Users\franek\AppData\Local\inetinfo.exe
[2012-08-09 09:43:30 | 000,045,417 | ---- | C] () -- C:\Users\franek\AppData\Local\csrss.exe
[2012-07-25 20:45:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012-01-10 21:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012-01-10 21:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012-01-10 21:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012-01-10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012-01-10 20:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012-01-10 20:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012-01-10 20:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011-02-04 15:24:12 | 000,697,912 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2011-02-04 15:24:12 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2011-02-04 15:24:12 | 000,134,990 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2011-02-04 15:24:12 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Both

& lt; End of report & gt;