Uruchomiłam program ESET Necurs Remover, na jakąś sekundę włączyło się okienko konsolowe, czyli pewnie nie wykryło infekcji. Zresztą sprawdziłam i błąd podczas uruchamiania TDSSKiller już się nie pojawił. Ponadto gdy uruchomiłam dziś laptopa avast zaczął działać :) wstrętny wirus, teraz będę ostrożniejsza. Co mam zrobić z zagrożeniami, które wykrył TDSSKiller, usunąć? Log z OTL:
OTL logfile created on: 2013-03-10 12:34:04 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karola\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,93 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 48,59% Memory free
5,86 Gb Paging File | 3,93 Gb Available in Paging File | 67,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 38,96 Gb Total Space | 6,31 Gb Free Space | 16,19% Space Free | Partition Type: NTFS
Drive D: | 259,03 Gb Total Space | 250,61 Gb Free Space | 96,75% Space Free | Partition Type: NTFS
Computer Name: KAROLA-KOMPUTER | User Name: Karola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013-03-09 02:35:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karola\Downloads\OTL.exe
PRC - [2013-03-08 11:00:33 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-03-07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-02-27 15:09:58 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
PRC - [2012-12-31 15:40:00 | 008,866,816 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe
PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013-03-08 11:00:33 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-02-27 15:09:57 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2012-12-31 15:44:24 | 001,060,864 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll
MOD - [2012-12-30 23:42:20 | 001,375,232 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll
MOD - [2012-12-30 08:09:22 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2010-03-05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:[b]64bit:[/b] - [2010-03-05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:[b]64bit:[/b] - [2010-03-05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-02-27 15:09:58 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2013-03-07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2013-03-07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2012-12-14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2010-11-21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-05-06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2010-03-30 11:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:[b]64bit:[/b] - [2010-03-17 22:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:[b]64bit:[/b] - [2009-09-17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & src=IE-SearchBox & FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-09 01:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-03-08 11:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-03-08 11:00:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012-11-25 19:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karola\AppData\Roaming\mozilla\Extensions
[2013-03-08 11:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-03-08 11:00:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013-02-19 16:23:28 | 000,002,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2013-02-19 16:23:28 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2013-02-19 16:23:28 | 000,001,130 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2013-02-19 16:23:28 | 000,001,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2013-02-19 16:23:28 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-02-19 16:23:28 | 000,001,896 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2013-03-08 23:21:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe (AQQ Sp. z o.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:[/b] - Extra context menu item: E & ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E & ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij & do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BC1BDDB-EADC-4EA4-BA62-9ACFB0B5222B}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- " %1 " %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- " %1 " %*
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- " %1 " %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- " %1 " %*
O37 - HKLM\...com [@ = ComFile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013-03-10 12:26:57 | 000,074,752 | ---- | C] (ESET) -- C:\Users\Karola\Desktop\ESETNecursRemover.exe
[2013-03-09 12:56:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013-03-09 12:44:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-03-09 12:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013-03-09 12:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013-03-09 12:36:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-03-09 01:59:08 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-03-09 01:59:08 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-03-09 01:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013-03-09 01:59:06 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-03-09 01:59:03 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-03-09 01:59:03 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-03-09 01:59:00 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-03-09 01:59:00 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-03-09 01:58:04 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-03-09 01:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013-03-09 01:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013-03-08 23:31:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-03-08 23:27:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-03-08 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Karola\Doctor Web
[2013-03-08 17:28:41 | 000,326,144 | ---- | C] (AVAST Software) -- C:\Users\Karola\Desktop\aswclear.exe
[2013-03-08 11:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-03-07 22:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-03-07 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Ashampoo
[2013-03-07 20:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013-02-28 23:47:14 | 000,000,000 | ---D | C] -- C:\Users\Karola\Desktop\od edyty
[2013-02-28 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\Karola\Desktop\berglund_o_etal_110411_pliki
[2013-02-26 11:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013-02-26 11:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013-02-26 11:48:02 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Roaming\BESTplayer
[2013-02-24 21:12:38 | 000,000,000 | ---D | C] -- C:\Users\Karola\Desktop\projekt kanalizacja
[2013-02-19 15:53:27 | 000,000,000 | R--D | C] -- C:\Users\Karola\Documents\Scanned Documents
[2013-02-19 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\Karola\Documents\Fax
[2013-02-14 00:11:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-02-14 00:11:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-02-14 00:11:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-02-14 00:11:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-02-14 00:11:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-02-14 00:11:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-02-14 00:11:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-02-14 00:11:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-02-14 00:11:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-02-14 00:11:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-02-14 00:11:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-02-14 00:11:13 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-02-14 00:11:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-02-14 00:11:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-02-14 00:11:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-02-13 23:03:41 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-02-13 23:03:39 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-02-13 23:03:39 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-02-13 23:03:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-02-13 23:03:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-02-13 23:03:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-02-13 23:03:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-02-13 23:03:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-02-13 23:03:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-02-13 23:03:27 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Users\Karola\Desktop\*.tmp files - & gt; C:\Users\Karola\Desktop\*.tmp - & gt; ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013-03-10 12:21:47 | 000,025,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-10 12:21:47 | 000,025,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-10 12:12:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-10 12:12:16 | 2358,259,712 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-10 01:09:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-09 12:39:37 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013-03-09 02:03:27 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-03-09 01:59:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-03-08 23:21:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013-03-08 17:28:43 | 000,326,144 | ---- | M] (AVAST Software) -- C:\Users\Karola\Desktop\aswclear.exe
[2013-03-07 22:09:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-03-07 21:38:31 | 000,933,770 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-03-07 21:38:31 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-03-07 21:38:31 | 000,154,848 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-03-07 21:38:31 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-03-07 21:38:31 | 000,012,650 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-03-07 19:03:11 | 000,000,004 | ---- | M] () -- C:\Users\Karola\AppData\Roaming\skype.ini
[2013-03-07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-03-07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-03-07 00:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-03-07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-03-07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-03-07 00:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-03-07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-03-07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-03-07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-03-07 00:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-03-06 14:13:39 | 000,502,624 | ---- | M] () -- C:\Users\Karola\Desktop\FERMENTACJA METANOWA.pdf
[2013-03-06 14:11:16 | 002,978,223 | ---- | M] () -- C:\Users\Karola\Desktop\Tendencje oraz perspektywy rozwoju technologii biogazowych w Polsce_Szczypko.pdf
[2013-03-06 14:07:33 | 005,275,522 | ---- | M] () -- C:\Users\Karola\Desktop\Biogas from Waste and Renewable Resources - Wiley - 3527318410.pdf
[2013-03-06 13:27:55 | 002,047,580 | ---- | M] () -- C:\Users\Karola\Desktop\Możliwości zastosowania metody fermentacji metanowej do unieszkodliwiania odpadów w warunkach polskich - Łyczko.pdf
[2013-03-05 23:11:35 | 000,048,417 | R--- | M] () -- C:\Users\Karola\Desktop\STĘŻENIE METANU W ATMOSFERZE (w ppm).jpg
[2013-03-05 23:05:44 | 000,706,278 | ---- | M] () -- C:\Users\Karola\Desktop\artykuł biogaz Czurejno.pdf
[2013-03-05 23:02:01 | 000,093,280 | ---- | M] () -- C:\Users\Karola\Desktop\ZawiejaWolski_PECO10_2.pdf
[2013-03-05 22:47:35 | 009,008,680 | ---- | M] () -- C:\Users\Karola\Desktop\Biogaz - Produkcja Wykorzystywanie.pdf
[2013-03-05 22:17:14 | 000,405,732 | ---- | M] () -- C:\Users\Karola\Desktop\Ledakowicz-Krzystek.pdf
[2013-02-28 20:47:48 | 004,404,953 | ---- | M] () -- C:\Users\Karola\Desktop\Ochrona atmosfery - Mirosław Szklarczyk-1.pdf
[2013-02-28 18:25:44 | 007,479,547 | ---- | M] () -- C:\Users\Karola\Desktop\Universit.t Hohenheim - mat_coe11.pdf
[2013-02-28 17:21:55 | 000,549,073 | ---- | M] () -- C:\Users\Karola\Desktop\berglund_o_etal_110411.pdf
[2013-02-27 15:09:58 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-02-27 15:09:58 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-02-24 18:42:44 | 000,093,149 | ---- | M] () -- C:\Users\Karola\Desktop\IntAgr_2004_18_4_375.pdf
[2013-02-14 10:17:42 | 000,418,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Karola\Desktop\*.tmp files - & gt; C:\Users\Karola\Desktop\*.tmp - & gt; ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013-03-10 12:26:57 | 000,009,216 | ---- | C] () -- C:\Users\Karola\Desktop\ENecursRemovalDrvHlp_x64.sys
[2013-03-10 12:26:57 | 000,007,680 | ---- | C] () -- C:\Users\Karola\Desktop\ENecursRemovalDrvHlp_x86.sys
[2013-03-10 12:26:57 | 000,007,552 | ---- | C] () -- C:\Users\Karola\Desktop\ESETNecursRemover.cat
[2013-03-09 12:39:37 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013-03-09 01:59:09 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-03-09 01:59:02 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-03-09 01:59:01 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-03-07 22:09:46 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-03-07 18:41:10 | 000,000,004 | ---- | C] () -- C:\Users\Karola\AppData\Roaming\skype.ini
[2013-03-06 14:13:39 | 000,502,624 | ---- | C] () -- C:\Users\Karola\Desktop\FERMENTACJA METANOWA.pdf
[2013-03-06 14:11:16 | 002,978,223 | ---- | C] () -- C:\Users\Karola\Desktop\Tendencje oraz perspektywy rozwoju technologii biogazowych w Polsce_Szczypko.pdf
[2013-03-06 14:07:33 | 005,275,522 | ---- | C] () -- C:\Users\Karola\Desktop\Biogas from Waste and Renewable Resources - Wiley - 3527318410.pdf
[2013-03-06 13:27:55 | 002,047,580 | ---- | C] () -- C:\Users\Karola\Desktop\Możliwości zastosowania metody fermentacji metanowej do unieszkodliwiania odpadów w warunkach polskich - Łyczko.pdf
[2013-03-05 23:12:06 | 000,048,417 | R--- | C] () -- C:\Users\Karola\Desktop\STĘŻENIE METANU W ATMOSFERZE (w ppm).jpg
[2013-03-05 23:05:44 | 000,706,278 | ---- | C] () -- C:\Users\Karola\Desktop\artykuł biogaz Czurejno.pdf
[2013-03-05 23:02:01 | 000,093,280 | ---- | C] () -- C:\Users\Karola\Desktop\ZawiejaWolski_PECO10_2.pdf
[2013-03-05 22:47:35 | 009,008,680 | ---- | C] () -- C:\Users\Karola\Desktop\Biogaz - Produkcja Wykorzystywanie.pdf
[2013-03-05 22:17:14 | 000,405,732 | ---- | C] () -- C:\Users\Karola\Desktop\Ledakowicz-Krzystek.pdf
[2013-02-28 20:47:48 | 004,404,953 | ---- | C] () -- C:\Users\Karola\Desktop\Ochrona atmosfery - Mirosław Szklarczyk-1.pdf
[2013-02-28 18:25:41 | 007,479,547 | ---- | C] () -- C:\Users\Karola\Desktop\Universit.t Hohenheim - mat_coe11.pdf
[2013-02-28 17:21:54 | 000,549,073 | ---- | C] () -- C:\Users\Karola\Desktop\berglund_o_etal_110411.pdf
[2013-02-26 11:58:24 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013-02-24 18:42:44 | 000,093,149 | ---- | C] () -- C:\Users\Karola\Desktop\IntAgr_2004_18_4_375.pdf
[2013-01-19 16:55:22 | 000,001,200 | ---- | C] () -- C:\Users\Karola\gpsx60.properties
[2012-12-03 23:52:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-12-03 23:52:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-12-03 23:52:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-12-03 23:52:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-12-03 23:52:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-11-26 21:13:41 | 001,639,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-11-25 21:26:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-09-28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-09-28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
& lt; End of report & gt;