Virus Na Atapi.sys

Rastir · 23 Lutego 2010

Witajcie mam pytanie, chodzi o to że niecały miesiąc temu przesiadłem się na win7 32 i dziś a raczej wczoraj napotkałem problem, otóż nagle chrome i explorer przestał mi wczytywac strony no to zainstalowałem safari wszystło ładnie wczoraj skan kompa 3 wirusy wszystko odpadło a dziś robie znów i co 9 wirusów połowa z nich na plikach windowsowych które dało się usunąć, jeden trafił się na atapi.sys którego nie da się wyleczyć ani usunąć. Na innych forach wyczytałem jak dają logi z różnych programów ale to w zasadzie wszystko skierowane jest tak docelowo a nie ogólnie. Więc czy znacie jakiś program którym moge jakoś się tego pozbyć wyczytałem że plik ten trzeba będzie podmienić i wtedy stary będzie dało się usunąć. Aktualnie skanowałem system nodem32. Ale co wylecze kilka plików to za następym skanem mam znów problem. TUTAJ OTL Może ktoś jakoś da rade naprowadzić jak posługiwać się comboFIXem i ew. czy bede potrzebował płyty instalacyjnej (a jeśli tak to czy da rade zrobić to z pendrive gdyż napęd mam uszkodzony)

OTL logfile created on: 2010-02-23 13:13:34 - Run 1OTL by OldTimer - Version 3.1.30.1	 Folder = C:\Users\rast1r\Downloads Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 58,50 Gb Total Space | 36,23 Gb Free Space | 61,93% Space Free | Partition Type: NTFSDrive D: | 211,85 Gb Total Space | 64,87 Gb Free Space | 30,62% Space Free | Partition Type: NTFSDrive E: | 194,23 Gb Total Space | 179,92 Gb Free Space | 92,64% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: THERASTIREDCurrent User Name: rast1rLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-02-23 13:08:04 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\rast1r\Downloads\OTL.exePRC - [2010-02-13 19:36:48 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exePRC - [2010-02-11 04:19:50 | 003,207,056 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exePRC - [2010-01-11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exePRC - [2009-11-20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exePRC - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exePRC - [2009-11-05 21:14:44 | 001,794,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exePRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exePRC - [2009-09-21 18:40:50 | 001,681,408 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exePRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exePRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2009-07-14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exePRC - [2009-07-04 02:15:08 | 014,557,184 | ---- | M] (Stripf Software) -- C:\Program Files\HLSW\hlsw.exePRC - [2008-11-07 14:31:40 | 000,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exePRC - [2008-11-07 14:31:38 | 021,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exePRC - [2008-03-20 11:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe  [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-02-23 13:08:04 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\rast1r\Downloads\OTL.exeMOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dllMOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dllMOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dllMOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dllMOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dllMOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dllMOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dllMOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dllMOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dllMOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dllMOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll  [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] --  -- (gusvc)SRV - [2010-02-13 19:36:48 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)SRV - [2010-01-28 05:01:36 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\aspnet_state.exe -- (aspnet_state)SRV - [2010-01-28 01:51:52 | 000,738,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)SRV - [2010-01-28 01:51:52 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe -- (clr_optimization_v4.0.30128_32)SRV - [2010-01-28 01:51:52 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe -- (NetTcpPortSharing)SRV - [2010-01-28 01:51:52 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe -- (NetTcpActivator)SRV - [2010-01-28 01:51:52 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe -- (NetPipeActivator)SRV - [2010-01-28 01:51:52 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe -- (NetMsmqActivator)SRV - [2009-11-20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)SRV - [2009-11-16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)SRV - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)  [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-02-23 12:50:30 | 000,021,584 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\atapi.sys -- (atapi)DRV - [2010-02-13 18:49:31 | 000,187,392 | ---- | M] (Realtek											) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)DRV - [2010-01-20 16:53:06 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)DRV - [2010-01-20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)DRV - [2010-01-08 08:13:12 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)DRV - [2009-12-18 15:02:26 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)DRV - [2009-12-18 15:02:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)DRV - [2009-11-20 20:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2009-11-16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)DRV - [2009-11-16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)DRV - [2009-09-17 19:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)DRV - [2009-07-14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)DRV - [2009-07-13 21:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)  [color=#E56717]========== Standard Registry (SafeList) ==========[/color]  [color=#E56717]========== Internet Explorer ==========[/color]  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.triple.pl:8080 [color=#E56717]========== FireFox ==========[/color]  FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-22 22:22:03 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-22 22:22:02 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-02-17 00:53:59 | 000,000,000 | ---D | M] [2010-02-22 22:22:10 | 000,000,000 | ---D | M] -- C:\Users\rast1r\AppData\Roaming\mozilla\Extensions[2010-02-22 22:22:10 | 000,000,000 | ---D | M] -- C:\Users\rast1r\AppData\Roaming\mozilla\Firefox\Profiles\ebeb00tw.default\extensions[2010-02-22 22:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)O4 - HKLM..\Run: [FGJIAVSCDC.exe] C:\Users\rast1r\AppData\Roaming\FGJIAVSCDC.exe ()O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Windows Management Service] C:\Users\rast1r\AppData\Roaming\Management\services.exe File not foundO4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)O4 - HKCU..\Run: [Google Update] C:\Users\rast1r\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.142.120.242 192.168.1.1O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not foundO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-23 13:11:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2010-02-23 13:11:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2010-02-23 13:11:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2010-02-23 13:11:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2010-02-23 13:11:05 | 000,000,000 | --SD | C] -- C:\ComboFix[2010-02-23 13:10:06 | 000,000,000 | ---D | C] -- C:\Qoobox[2010-02-23 13:09:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe[2010-02-23 11:43:38 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Apple Computer[2010-02-23 11:43:37 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Apple Computer[2010-02-23 11:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Safari[2010-02-23 11:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer[2010-02-23 11:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple[2010-02-23 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Apple[2010-02-23 11:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update[2010-02-23 11:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple[2010-02-23 00:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy[2010-02-23 00:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2010-02-22 22:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2010-02-22 22:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner[2010-02-22 22:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET[2010-02-22 22:24:18 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe[2010-02-22 22:24:18 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll[2010-02-22 22:24:18 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll[2010-02-22 22:22:06 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Mozilla[2010-02-22 22:22:06 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Mozilla[2010-02-22 22:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2010-02-22 22:18:21 | 036,994,440 | ---- | C] (Microsoft Corporation) -- C:\Users\rast1r\Documents\dotNetFx40_Full_x86.exe[2010-02-22 20:49:03 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Management[2010-02-22 20:43:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt[2010-02-22 14:29:05 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Microsoft Games[2010-02-21 18:38:49 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\TS3Client[2010-02-21 18:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client[2010-02-21 18:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess[2010-02-20 13:06:23 | 000,000,000 | --SD | C] -- C:\Program Files\HLSW[2010-02-20 13:06:23 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\HLSW[2010-02-20 01:40:15 | 000,000,000 | ---D | C] -- C:\games[2010-02-18 01:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks[2010-02-17 03:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google[2010-02-17 03:26:22 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Adobe[2010-02-17 03:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2010-02-17 01:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun[2010-02-17 01:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2010-02-17 00:59:47 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll[2010-02-17 00:59:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe[2010-02-17 00:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe[2010-02-17 00:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe[2010-02-17 00:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2010-02-17 00:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET[2010-02-17 00:43:21 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\ESET[2010-02-17 00:42:41 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\ESET[2010-02-17 00:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET[2010-02-16 16:51:39 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\pLan[2010-02-16 16:38:40 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Diagnostics[2010-02-16 15:46:32 | 000,000,000 | ---D | C] -- C:\Users\rast1r\Documents\NFS Most Wanted[2010-02-16 01:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS[2010-02-15 23:08:42 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\LogMeIn Hamachi[2010-02-15 23:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi[2010-02-15 22:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Garena[2010-02-15 22:15:13 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll[2010-02-15 22:15:13 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll[2010-02-15 22:15:12 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll[2010-02-15 21:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2[2010-02-14 19:09:47 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\mIRC[2010-02-14 19:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC[2010-02-14 11:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\megui[2010-02-14 11:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5[2010-02-14 02:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ALLPlayer[2010-02-14 02:07:04 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll[2010-02-14 02:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\ALLPlayer[2010-02-14 02:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\SubEdit-Player[2010-02-14 01:52:54 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Media Player Classic[2010-02-14 01:52:50 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\skypePM[2010-02-14 01:52:19 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll[2010-02-14 01:52:19 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll[2010-02-14 01:52:19 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll[2010-02-14 01:52:19 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll[2010-02-14 01:52:17 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm[2010-02-14 01:52:17 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll[2010-02-14 01:52:17 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm[2010-02-14 01:52:17 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll[2010-02-14 01:52:16 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll[2010-02-14 01:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack[2010-02-14 01:48:35 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Skype[2010-02-14 01:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Skype[2010-02-14 01:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype[2010-02-14 01:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype[2010-02-14 01:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\NAPI-PROJEKT[2010-02-14 01:45:24 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\WinRAR[2010-02-14 01:45:20 | 022,285,608 | ---- | C] (Skype Technologies S.A.) -- C:\Users\rast1r\Documents\skype380188.exe[2010-02-14 00:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR[2010-02-14 00:28:54 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Ventrilo[2010-02-14 00:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo[2010-02-14 00:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard[2010-02-13 20:45:38 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll[2010-02-13 20:43:53 | 000,033,280 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\HUFFYUV.DLL[2010-02-13 19:53:38 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Gadu-Gadu[2010-02-13 19:18:16 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Mumble[2010-02-13 19:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble[2010-02-13 19:14:15 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\PunkBuster[2010-02-13 19:07:51 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Publish Providers[2010-02-13 19:07:47 | 000,000,000 | ---D | C] -- C:\Users\rast1r\Documents\Vegas Movie Studio PE 9.0 Projects[2010-02-13 19:07:47 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Sony[2010-02-13 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Sony[2010-02-13 19:05:54 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll[2010-02-13 19:05:54 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll[2010-02-13 19:05:54 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll[2010-02-13 19:05:54 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll[2010-02-13 19:05:54 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll[2010-02-13 19:05:54 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll[2010-02-13 19:05:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll[2010-02-13 19:05:53 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll[2010-02-13 19:05:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll[2010-02-13 19:05:53 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll[2010-02-13 19:05:53 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll[2010-02-13 19:05:53 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll[2010-02-13 19:05:53 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll[2010-02-13 19:05:53 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll[2010-02-13 19:05:53 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll[2010-02-13 19:05:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll[2010-02-13 19:05:53 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll[2010-02-13 19:05:53 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll[2010-02-13 19:05:52 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll[2010-02-13 19:05:52 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll[2010-02-13 19:05:52 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll[2010-02-13 19:05:52 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll[2010-02-13 19:05:52 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll[2010-02-13 19:05:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll[2010-02-13 19:05:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll[2010-02-13 19:05:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll[2010-02-13 19:05:52 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll[2010-02-13 19:05:52 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll[2010-02-13 19:05:52 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll[2010-02-13 19:05:52 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll[2010-02-13 19:05:52 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll[2010-02-13 19:05:52 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll[2010-02-13 19:05:51 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll[2010-02-13 19:05:51 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll[2010-02-13 19:05:51 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll[2010-02-13 19:05:51 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll[2010-02-13 19:05:51 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll[2010-02-13 19:05:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll[2010-02-13 19:05:51 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll[2010-02-13 19:05:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll[2010-02-13 19:05:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll[2010-02-13 19:05:50 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll[2010-02-13 19:05:50 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll[2010-02-13 19:05:50 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll[2010-02-13 19:05:50 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll[2010-02-13 19:05:50 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll[2010-02-13 19:05:50 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll[2010-02-13 19:05:50 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll[2010-02-13 19:05:50 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll[2010-02-13 19:05:50 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll[2010-02-13 19:05:50 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll[2010-02-13 19:05:50 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll[2010-02-13 19:05:50 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll[2010-02-13 19:05:50 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll[2010-02-13 19:05:50 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll[2010-02-13 19:05:49 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll[2010-02-13 19:05:49 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll[2010-02-13 19:05:49 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll[2010-02-13 19:05:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll[2010-02-13 19:05:49 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll[2010-02-13 19:05:49 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll[2010-02-13 19:05:49 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll[2010-02-13 19:05:49 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll[2010-02-13 19:05:48 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll[2010-02-13 19:05:48 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll[2010-02-13 19:05:48 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll[2010-02-13 19:05:48 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll[2010-02-13 19:05:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll[2010-02-13 19:05:48 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll[2010-02-13 19:05:48 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll[2010-02-13 19:05:48 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll[2010-02-13 19:05:46 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll[2010-02-13 19:05:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll[2010-02-13 19:05:45 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll[2010-02-13 19:05:45 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll[2010-02-13 19:05:45 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll[2010-02-13 19:05:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll[2010-02-13 19:05:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll[2010-02-13 19:05:44 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll[2010-02-13 19:05:44 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll[2010-02-13 19:05:17 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe[2010-02-13 19:03:32 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Xfire[2010-02-13 19:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire[2010-02-13 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire[2010-02-13 19:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins[2010-02-13 19:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony[2010-02-13 19:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sony[2010-02-13 19:01:56 | 000,000,000 | ---D | C] -- C:\Users\rast1r\Gadu-Gadu[2010-02-13 19:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu[2010-02-13 19:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup[2010-02-13 19:00:22 | 000,000,000 | ---D | C] -- C:\Users\rast1r\Documents\Downloads[2010-02-13 18:59:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx[2010-02-13 18:59:19 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Macromedia[2010-02-13 18:59:19 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Adobe[2010-02-13 18:59:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed[2010-02-13 18:58:22 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Google[2010-02-13 18:58:14 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Deployment[2010-02-13 18:58:14 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Apps[2010-02-13 18:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA[2010-02-13 18:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation[2010-02-13 18:53:23 | 014,064,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll[2010-02-13 18:53:23 | 000,076,392 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll[2010-02-13 18:53:22 | 011,515,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys[2010-02-13 18:53:21 | 009,333,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll[2010-02-13 18:53:21 | 004,147,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll[2010-02-13 18:53:21 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll[2010-02-13 18:53:21 | 001,989,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll[2010-02-13 18:53:21 | 000,289,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll[2010-02-13 18:53:20 | 004,001,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll[2010-02-13 18:53:18 | 011,381,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll[2010-02-13 18:53:18 | 001,249,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll[2010-02-13 18:53:18 | 000,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe[2010-02-13 18:53:18 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod178.dll[2010-02-13 18:53:18 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll[2010-02-13 18:53:18 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd[2010-02-13 18:53:18 | 000,000,000 | ---D | C] -- C:\nVidia Forceware[2010-02-13 18:51:29 | 000,187,392 | ---- | C] (Realtek											) -- C:\Windows\System32\drivers\Rt86win7.sys[2010-02-13 18:51:29 | 000,094,208 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll[2010-02-13 18:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek[2010-02-13 18:51:11 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information[2010-02-13 18:50:53 | 001,086,976 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viahduaa.sys[2010-02-13 18:50:53 | 000,868,352 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\VIAPropPageExt.dll[2010-02-13 18:50:53 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VMAPO32.DLL[2010-02-13 18:50:53 | 000,502,272 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\VIASysFx.dll[2010-02-13 18:50:53 | 000,211,456 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\Dts2APO.dll[2010-02-13 18:50:53 | 000,181,248 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\ViaMicArrayAPO.dll[2010-02-13 18:50:53 | 000,076,288 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQPropPageExt.dll[2010-02-13 18:50:53 | 000,075,776 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\Dts2PropPageExt.dll[2010-02-13 18:50:53 | 000,071,680 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQAPO.dll[2010-02-13 18:50:53 | 000,068,608 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\System32\ViaMicArrayPropPageExt.dll[2010-02-13 18:50:53 | 000,062,464 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VMWRP32.DLL[2010-02-13 18:50:53 | 000,047,104 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VMPPLD32.DLL[2010-02-13 18:50:53 | 000,044,032 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VMPPCN32.DLL[2010-02-13 18:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\VIA[2010-02-13 18:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield[2010-02-13 18:50:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer[2010-02-13 18:46:21 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Searches[2010-02-13 18:46:14 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Identities[2010-02-13 18:46:13 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Contacts[2010-02-13 18:46:07 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\VirtualStore[2010-02-13 18:46:06 | 000,000,000 | --SD | C] -- C:\Users\rast1r\AppData\Roaming\Microsoft[2010-02-13 18:46:06 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Videos[2010-02-13 18:46:06 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Saved Games[2010-02-13 18:46:06 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Pictures[2010-02-13 18:46:06 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Music[2010-02-13 18:46:06 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Links[2010-02-13 18:46:06 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Favorites[2010-02-13 18:46:06 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Downloads[2010-02-13 18:46:06 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Documents[2010-02-13 18:46:06 | 000,000,000 | R--D | C] -- C:\Users\rast1r\Desktop[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Ustawienia lokalne[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\AppData\Local\Temporary Internet Files[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Szablony[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\SendTo[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Recent[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\PrintHood[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\NetHood[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Documents\Moje wideo[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Documents\Moje obrazy[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Moje dokumenty[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Documents\Moja muzyka[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Menu Start[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\AppData\Local\Historia[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Dane aplikacji[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\AppData\Local\Dane aplikacji[2010-02-13 18:46:06 | 000,000,000 | -HSD | C] -- C:\Users\rast1r\Cookies[2010-02-13 18:46:06 | 000,000,000 | -H-D | C] -- C:\Users\rast1r\AppData[2010-02-13 18:46:06 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Temp[2010-02-13 18:46:06 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Local\Microsoft[2010-02-13 18:46:06 | 000,000,000 | ---D | C] -- C:\Users\rast1r\AppData\Roaming\Media Center Programs[2010-02-13 18:45:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony[2010-02-13 18:45:52 | 000,000,000 | -HSD | C] -- C:\Recovery[2010-02-13 18:45:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo[2010-02-13 18:45:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy[2010-02-13 18:45:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka[2010-02-13 18:45:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start[2010-02-13 18:45:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione[2010-02-13 18:45:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit[2010-02-13 18:45:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty[2010-02-13 18:45:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji[2010-02-13 18:43:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution[2010-02-13 18:40:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch[2010-02-13 18:40:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information[2010-02-13 18:39:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther[2010-01-28 05:01:36 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll[2010-01-28 01:51:52 | 000,771,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-23 13:14:51 | 001,835,008 | -HS- | M] () -- C:\Users\rast1r\ntuser.dat[2010-02-23 13:03:04 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2469922266-3411000484-3933848530-1001UA.job[2010-02-23 12:50:30 | 000,021,584 | ---- | M] () -- C:\Windows\System32\drivers\atapi.sys[2010-02-23 12:41:47 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2010-02-23 12:41:47 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2010-02-23 11:54:00 | 000,003,684 | ---- | M] () -- C:\Users\rast1r\Documents\cc_20100223_115356.reg[2010-02-23 11:44:43 | 001,661,232 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI[2010-02-23 11:44:43 | 000,737,242 | ---- | M] () -- C:\Windows\System32\perfh015.dat[2010-02-23 11:44:43 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2010-02-23 11:44:43 | 000,153,930 | ---- | M] () -- C:\Windows\System32\perfc015.dat[2010-02-23 11:44:43 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2010-02-23 11:39:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[2010-02-23 11:39:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2010-02-23 11:39:20 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys[2010-02-23 02:19:58 | 002,100,480 | -H-- | M] () -- C:\Users\rast1r\AppData\Local\IconCache.db[2010-02-22 23:49:49 | 000,215,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr[2010-02-22 23:20:46 | 000,138,576 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys[2010-02-22 23:19:38 | 000,215,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe[2010-02-22 22:41:24 | 000,003,134 | ---- | M] () -- C:\Users\rast1r\Documents\cc_20100222_224120.reg[2010-02-22 22:29:25 | 000,524,288 | -HS- | M] () -- C:\Users\rast1r\ntuser.dat{2870f914-1ff6-11df-bc0c-001966c296ab}.TMContainer00000000000000000002.regtrans-ms[2010-02-22 22:29:25 | 000,524,288 | -HS- | M] () -- C:\Users\rast1r\ntuser.dat{2870f914-1ff6-11df-bc0c-001966c296ab}.TMContainer00000000000000000001.regtrans-ms[2010-02-22 22:29:25 | 000,065,536 | -HS- | M] () -- C:\Users\rast1r\ntuser.dat{2870f914-1ff6-11df-bc0c-001966c296ab}.TM.blf[2010-02-22 22:28:36 | 000,082,654 | ---- | M] () -- C:\Users\rast1r\Documents\cc_20100222_222832.reg[2010-02-22 22:23:16 | 036,994,440 | ---- | M] (Microsoft Corporation) -- C:\Users\rast1r\Documents\dotNetFx40_Full_x86.exe[2010-02-22 20:49:51 | 000,045,056 | ---- | M] () -- C:\Users\rast1r\AppData\Roaming\FGJIAVSCDC.exe[2010-02-22 20:49:50 | 000,024,576 | ---- | M] () -- C:\Users\rast1r\AppData\Roaming\FileDownloader.exe[2010-02-22 20:49:50 | 000,020,480 | ---- | M] () -- C:\Users\rast1r\AppData\Roaming\scheduler.exe[2010-02-22 20:49:29 | 000,191,488 | ---- | M] () -- C:\Windows\System32\sshnas21.dll[2010-02-22 20:41:24 | 000,002,656 | ---- | M] () -- C:\Users\rast1r\Documents\Register Sound Forge Pro.htm[2010-02-21 19:03:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2469922266-3411000484-3933848530-1001Core.job[2010-02-17 18:17:31 | 000,110,594 | ---- | M] () -- C:\Users\rast1r\Desktop\joker-poster copy.jpg[2010-02-17 18:00:52 | 000,050,144 | ---- | M] () -- C:\Users\rast1r\Desktop\joker-poster.jpg[2010-02-17 17:47:07 | 000,660,965 | ---- | M] () -- C:\Users\rast1r\Documents\jokerAAbylego.png[2010-02-17 03:49:21 | 000,161,576 | ---- | M] () -- C:\Users\rast1r\Desktop\nasza.jpg[2010-02-17 00:59:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe[2010-02-17 00:59:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe[2010-02-17 00:59:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe[2010-02-17 00:59:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll[2010-02-16 16:51:17 | 000,117,798 | ---- | M] () -- C:\Users\rast1r\Documents\pLan.rar[2010-02-15 20:11:22 | 000,010,286 | ---- | M] () -- C:\Users\rast1r\Documents\pwr_paradox_cod4.rar[2010-02-14 18:54:05 | 000,007,605 | ---- | M] () -- C:\Users\rast1r\AppData\Local\Resmon.ResmonCfg[2010-02-14 11:55:21 | 000,003,079 | ---- | M] () -- C:\Windows\unins000.dat[2010-02-14 11:55:20 | 000,695,642 | ---- | M] () -- C:\Windows\unins000.exe[2010-02-14 01:52:50 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat[2010-02-14 01:48:02 | 022,285,608 | ---- | M] (Skype Technologies S.A.) -- C:\Users\rast1r\Documents\skype380188.exe[2010-02-13 23:35:30 | 000,344,064 | ---- | M] (CyboPat) -- C:\Users\rast1r\Desktop\cod4player.exe[2010-02-13 19:36:48 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe[2010-02-13 19:34:50 | 000,022,328 | ---- | M] () -- C:\Users\rast1r\AppData\Roaming\PnkBstrK.sys[2010-02-13 19:34:10 | 000,674,600 | ---- | M] () -- C:\Windows\System32\pbsvc.exe[2010-02-13 19:23:16 | 000,000,606 | ---- | M] () -- C:\Users\rast1r\Desktop\iw3mp — skrót.lnk[2010-02-13 19:18:50 | 000,002,392 | ---- | M] () -- C:\Users\rast1r\Documents\MumbleAutomaticCertificateBackup.p12[2010-02-13 19:08:51 | 000,524,288 | -HS- | M] () -- C:\Users\rast1r\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms[2010-02-13 19:08:51 | 000,524,288 | -HS- | M] () -- C:\Users\rast1r\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms[2010-02-13 19:08:51 | 000,065,536 | -HS- | M] () -- C:\Users\rast1r\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf[2010-02-13 18:49:31 | 000,187,392 | ---- | M] (Realtek											) -- C:\Windows\System32\drivers\Rt86win7.sys[2010-02-13 18:49:31 | 000,094,208 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll[2010-02-13 18:49:31 | 000,073,728 | ---- | M] () -- C:\Windows\System32\RtNicProp32.dll[2010-02-13 18:47:48 | 000,057,560 | ---- | M] () -- C:\Users\rast1r\AppData\Local\GDIPFONTCACHEV1.DAT[2010-02-13 18:47:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf[2010-02-13 18:46:06 | 000,000,020 | -HS- | M] () -- C:\Users\rast1r\ntuser.ini[2010-02-13 18:43:44 | 000,067,908 | ---- | M] () -- C:\Windows\System32\license.rtf[2010-02-13 18:40:56 | 000,265,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2010-02-11 04:19:56 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll[2010-02-04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll[2010-02-04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll[2010-02-04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll[2010-02-04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll[2010-02-02 19:00:00 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll[2010-02-02 19:00:00 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll[2010-02-02 19:00:00 | 000,085,504 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll[2010-02-02 19:00:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll[2010-02-02 19:00:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll[2010-02-02 19:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini[2010-01-28 20:35:44 | 001,692,288 | ---- | M] () -- C:\Windows\System32\BootMan.exe[2010-01-28 05:01:36 | 000,017,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll[2010-01-28 01:51:52 | 000,771,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-23 13:11:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe[2010-02-23 13:11:36 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe[2010-02-23 13:11:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2010-02-23 13:11:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2010-02-23 13:11:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2010-02-23 11:53:58 | 000,003,684 | ---- | C] () -- C:\Users\rast1r\Documents\cc_20100223_115356.reg[2010-02-22 22:41:22 | 000,003,134 | ---- | C] () -- C:\Users\rast1r\Documents\cc_20100222_224120.reg[2010-02-22 22:28:34 | 000,082,654 | ---- | C] () -- C:\Users\rast1r\Documents\cc_20100222_222832.reg[2010-02-22 22:06:58 | 000,524,288 | -HS- | C] () -- C:\Users\rast1r\ntuser.dat{2870f914-1ff6-11df-bc0c-001966c296ab}.TMContainer00000000000000000002.regtrans-ms[2010-02-22 22:06:58 | 000,524,288 | -HS- | C] () -- C:\Users\rast1r\ntuser.dat{2870f914-1ff6-11df-bc0c-001966c296ab}.TMContainer00000000000000000001.regtrans-ms[2010-02-22 22:06:58 | 000,065,536 | -HS- | C] () -- C:\Users\rast1r\ntuser.dat{2870f914-1ff6-11df-bc0c-001966c296ab}.TM.blf[2010-02-22 20:49:51 | 000,045,056 | ---- | C] () -- C:\Users\rast1r\AppData\Roaming\FGJIAVSCDC.exe[2010-02-22 20:49:50 | 000,020,480 | ---- | C] () -- C:\Users\rast1r\AppData\Roaming\scheduler.exe[2010-02-22 20:49:49 | 000,024,576 | ---- | C] () -- C:\Users\rast1r\AppData\Roaming\FileDownloader.exe[2010-02-22 20:49:29 | 000,191,488 | ---- | C] () -- C:\Windows\System32\sshnas21.dll[2010-02-22 20:41:24 | 000,002,656 | ---- | C] () -- C:\Users\rast1r\Documents\Register Sound Forge Pro.htm[2010-02-18 22:10:47 | 000,028,896 | ---- | C] () -- C:\Users\rast1r\Desktop\config_mp.cfg[2010-02-17 18:13:46 | 000,110,594 | ---- | C] () -- C:\Users\rast1r\Desktop\joker-poster copy.jpg[2010-02-17 18:08:11 | 050,841,162 | ---- | C] () -- C:\Users\rast1r\Desktop\Photoshop.exe[2010-02-17 17:59:45 | 000,050,144 | ---- | C] () -- C:\Users\rast1r\Desktop\joker-poster.jpg[2010-02-17 17:46:51 | 000,660,965 | ---- | C] () -- C:\Users\rast1r\Documents\jokerAAbylego.png[2010-02-17 03:49:20 | 000,161,576 | ---- | C] () -- C:\Users\rast1r\Desktop\nasza.jpg[2010-02-16 16:51:08 | 000,117,798 | ---- | C] () -- C:\Users\rast1r\Documents\pLan.rar[2010-02-16 01:42:33 | 001,692,288 | ---- | C] () -- C:\Windows\System32\BootMan.exe[2010-02-16 01:42:33 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe[2010-02-16 01:42:33 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll[2010-02-16 01:42:33 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys[2010-02-16 01:42:33 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys[2010-02-15 20:08:30 | 000,028,903 | ---- | C] () -- C:\Users\rast1r\Documents\config_mp.cfg[2010-02-15 20:07:50 | 000,010,286 | ---- | C] () -- C:\Users\rast1r\Documents\pwr_paradox_cod4.rar[2010-02-14 18:54:05 | 000,007,605 | ---- | C] () -- C:\Users\rast1r\AppData\Local\Resmon.ResmonCfg[2010-02-14 02:07:04 | 000,797,184 | ---- | C] () -- C:\Windows\System32\ac3filter.ax[2010-02-14 01:52:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2010-02-14 01:52:18 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll[2010-02-14 01:52:18 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml[2010-02-14 01:52:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini[2010-02-14 01:52:17 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll[2010-02-14 01:52:17 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll[2010-02-14 01:52:17 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll[2010-02-14 01:52:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll[2010-02-14 01:52:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest[2010-02-13 20:45:38 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe[2010-02-13 20:45:38 | 000,003,079 | ---- | C] () -- C:\Windows\unins000.dat[2010-02-13 19:42:32 | 000,215,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr[2010-02-13 19:34:50 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys[2010-02-13 19:34:50 | 000,022,328 | ---- | C] () -- C:\Users\rast1r\AppData\Roaming\PnkBstrK.sys[2010-02-13 19:34:12 | 000,215,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe[2010-02-13 19:34:10 | 000,674,600 | ---- | C] () -- C:\Windows\System32\pbsvc.exe[2010-02-13 19:34:10 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe[2010-02-13 19:23:16 | 000,000,606 | ---- | C] () -- C:\Users\rast1r\Desktop\iw3mp — skrót.lnk[2010-02-13 19:18:50 | 000,002,392 | ---- | C] () -- C:\Users\rast1r\Documents\MumbleAutomaticCertificateBackup.p12[2010-02-13 18:58:24 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2469922266-3411000484-3933848530-1001UA.job[2010-02-13 18:58:23 | 000,001,010 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2469922266-3411000484-3933848530-1001Core.job[2010-02-13 18:53:22 | 000,007,133 | ---- | C] () -- C:\Windows\System32\nvinfo.pb[2010-02-13 18:51:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll[2010-02-13 18:47:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf[2010-02-13 18:46:06 | 001,835,008 | -HS- | C] () -- C:\Users\rast1r\ntuser.dat[2010-02-13 18:46:06 | 000,524,288 | -HS- | C] () -- C:\Users\rast1r\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms[2010-02-13 18:46:06 | 000,524,288 | -HS- | C] () -- C:\Users\rast1r\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms[2010-02-13 18:46:06 | 000,065,536 | -HS- | C] () -- C:\Users\rast1r\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf[2010-02-13 18:46:06 | 000,000,020 | -HS- | C] () -- C:\Users\rast1r\ntuser.ini[2010-02-13 18:40:28 | 1610,063,872 | -HS- | C] () -- C:\hiberfil.sys[2010-02-11 04:19:56 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll[2009-07-14 00:11:15 | 000,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys< End of report >

Edytowane 23 Lutego 2010 przez Rastir

Kolobos · 23 Lutego 2010

Zrob pelny skan przy pomocy mbam oraz cureit. Daj log z gmera.

Rastir · 23 Lutego 2010

GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-02-23 18:37:37Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\rast1r\AppData\Local\Temp\uxtiiaob.sys---- System - GMER 1.0.15 ----INT 0x1F		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)					   82E35AF8INT 0x37		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)					   82E35104INT 0xC1		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)					   82E353F4INT 0xD1		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)					   82E1E2D8INT 0xDF		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)					   82E351DCINT 0xE1		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)					   82E35958INT 0xE3		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)					   82E356F8INT 0xFD		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)					   82E35F2CINT 0xFE		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)					   82E361A8---- Kernel code sections - GMER 1.0.15 ----.text		   ntkrnlpa.exe!ZwSaveKeyEx + 13AD																				82A4E579 1 Byte  [06].text		   ntkrnlpa.exe!KiDispatchInterrupt + 5A2																		 82A72F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET; MOV ECX, CR3}.text		   peauth.sys																									 95D5DC9D 28 Bytes  [0F, E5, DB, BF, 3E, 7E, 12, ...].text		   peauth.sys																									 95D5DCC1 28 Bytes  [0F, E5, DB, BF, 3E, 7E, 12, ...]PAGE			spsys.sys!?SPRevision@@3PADA + 4F90																			9C0C0000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]PAGE			spsys.sys!?SPRevision@@3PADA + 50B3																			9C0C0123 629 Bytes  [B5, 0B, 9C, FE, 05, 34, B5, ...]PAGE			spsys.sys!?SPRevision@@3PADA + 5329																			9C0C0399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]PAGE			spsys.sys!?SPRevision@@3PADA + 538F																			9C0C03FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]PAGE			spsys.sys!?SPRevision@@3PADA + 543B																			9C0C04AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]PAGE			...																											---- User code sections - GMER 1.0.15 ----.text		   C:\Windows\system32\svchost.exe[940] ntdll.dll!NtProtectVirtualMemory										  77925360 5 Bytes  JMP 0024000A .text		   C:\Windows\system32\svchost.exe[940] ntdll.dll!NtWriteVirtualMemory											77925EE0 5 Bytes  JMP 0025000A .text		   C:\Windows\system32\svchost.exe[940] ntdll.dll!KiUserExceptionDispatcher									   77926448 5 Bytes  JMP 0012000A .text		   C:\Windows\system32\svchost.exe[940] ole32.dll!CoCreateInstance												772857FC 5 Bytes  JMP 0142000A .text		   C:\Windows\Explorer.EXE[1524] ntdll.dll!NtProtectVirtualMemory												 77925360 5 Bytes  JMP 0081000A .text		   C:\Windows\Explorer.EXE[1524] ntdll.dll!NtWriteVirtualMemory												   77925EE0 5 Bytes  JMP 0082000A .text		   C:\Windows\Explorer.EXE[1524] ntdll.dll!KiUserExceptionDispatcher											  77926448 5 Bytes  JMP 0080000A .text		   C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1668] kernel32.dll!SetUnhandledExceptionFilter			  76253142 4 Bytes  [C2, 04, 00, 00].text		   C:\Windows\explorer.exe[2600] ntdll.dll!NtProtectVirtualMemory												 77925360 5 Bytes  JMP 0037000A .text		   C:\Windows\explorer.exe[2600] ntdll.dll!NtWriteVirtualMemory												   77925EE0 5 Bytes  JMP 0038000A .text		   C:\Windows\explorer.exe[2600] ntdll.dll!KiUserExceptionDispatcher											  77926448 5 Bytes  JMP 001C000A .text		   C:\Program Files\Safari\Safari.exe[2696] ntdll.dll!NtProtectVirtualMemory									  77925360 5 Bytes  JMP 006C000A .text		   C:\Program Files\Safari\Safari.exe[2696] ntdll.dll!NtWriteVirtualMemory										77925EE0 5 Bytes  JMP 006D000A .text		   C:\Program Files\Safari\Safari.exe[2696] ntdll.dll!KiUserExceptionDispatcher								   77926448 5 Bytes  JMP 002E000A .text		   C:\Program Files\Safari\Safari.exe[2696] USER32.dll!EndPaint												   77827B73 5 Bytes  JMP 6D154E00 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.).text		   C:\Program Files\Safari\Safari.exe[2696] USER32.dll!BeginPaint												 77827B87 5 Bytes  JMP 6D154D90 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] kernel32.dll!CreateProcessA											 76202062 5 Bytes  JMP 02F9E079 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] kernel32.dll!CreateThread											   762527FD 5 Bytes  JMP 02F9DA1D C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] GDI32.dll!BitBlt														76307180 5 Bytes  JMP 02F9D495 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!InvalidateRgn												77818099 5 Bytes  JMP 02F9D67B C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!CreateDialogParamW										   77819BFF 5 Bytes  JMP 02F9DB68 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!GetCursorPos												 7781C198 5 Bytes  JMP 02F9D7B1 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!SetFocus													 7781CBA9 5 Bytes  JMP 02F9D545 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!SetForegroundWindow										  7781D3AE 5 Bytes  JMP 02F9DCB6 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!RegisterClassA											   7781E225 5 Bytes  JMP 02F9D985 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!CreateWindowExW											  77820E51 5 Bytes  JMP 02F9DD4E C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!SetWindowPos												 77823581 5 Bytes  JMP 02F9DC0C C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!RedrawWindow												 778252A2 5 Bytes  JMP 02F9D8E4 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!IsWindowVisible											  77826939 7 Bytes  JMP 02F9DE07 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!GetDC														77827041 5 Bytes  JMP 02F9D366 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!ReleaseDC													77827055 5 Bytes  JMP 02F9D3FA C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!BeginPaint												   77827B87 5 Bytes  JMP 02F9D2D2 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!InvalidateRect											   77827BC9 5 Bytes  JMP 02F9D5DD C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!TrackPopupMenu											   77844B3B 5 Bytes  JMP 02F9DFCF C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!DialogBoxParamW											  7784564A 5 Bytes  JMP 02F9DAC4 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!SetCapture												   77846B2A 5 Bytes  JMP 02F9D719 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.).text		   C:\Program Files\Xfire\Xfire.exe[2904] USER32.dll!WindowFromPoint											  77846D0C 5 Bytes  JMP 02F9D849 C:\Program Files\Xfire\xfire_toucan_41445.dll (Xfire Toucan DLL/Xfire Inc.)---- User IAT/EAT - GMER 1.0.15 ----IAT			 C:\Program Files\Skype\Phone\Skype.exe[2296] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress]	[75985D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)IAT			 C:\Program Files\Skype\Phone\Skype.exe[2296] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]	 [75985D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)IAT			 C:\Program Files\Skype\Phone\Skype.exe[2296] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress]  [75985D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)IAT			 C:\Program Files\Skype\Phone\Skype.exe[2296] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [75985D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)IAT			 C:\Program Files\Skype\Phone\Skype.exe[2296] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [75985D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)IAT			 C:\Program Files\Skype\Phone\Skype.exe[2296] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress]   [75985D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)---- Devices - GMER 1.0.15 ----AttachedDevice  \FileSystem\Ntfs \Ntfs																						 eamon.sys (Amon monitor/ESET)AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1																		 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1																		 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2																		 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2																		 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3																		 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3																		 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4																		 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4																		 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)Device		  \Driver\ACPI_HAL \Device\0000004e																			  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)Device		   -> \Driver\atapi \Device\Harddisk0\DR0																		85988A9A---- Threads - GMER 1.0.15 ----Thread		  System [4:248]																								 85DAA930---- Files - GMER 1.0.15 ----File			C:\Windows\system32\drivers\atapi.sys																		  suspicious modification---- EOF - GMER 1.0.15 ----

A mbam nic nie wykrył, zrobiłem jeszcze z 2 razy skana nodem i już nic nie wykrywa, choć mimo tego chrome ani explorer nadal nie działają

Odrazy daje 2 linki do problemów które pojawiły się od momentu wirusa

Dołączona grafika

Kolobos · 23 Lutego 2010

Cureit cos wykryl?

Podmien ten plik na czysty wypakowany z plyty instalacyjnej (ewentualnie poszukaj kopii na dysku w katalogach z aktualizacjami).

Rastir · 23 Lutego 2010

cureit wykrył z 3 rzeczy coś tam leczył, niby dał że wyleczył mi tego atapi.sys ale od tego momentu za to eset ciagle mnie powiadamia o tym ze znaleziono tam wira. A i czy to podmienieni tego pliku bedzie mozna wykonać normalnie czy mam odpalić naprawianie ? Bo nie wiem czy musze załatwić sobie napęd ; d

ogólnie rzecz biorąc to co chwile mam komunikat z eseta że zablokowano atak podane ip / em.exe

jest to jakaś odmiana wirusa a jak ip które tam było wklepałem to mam o

http://i50.tinypic.com/4zsoxg.png

Edytowane 23 Lutego 2010 przez Rastir

Kolobos · 24 Lutego 2010

Sprobuj uruchomic: SFC /SCANNOW

Rastir · 25 Lutego 2010

A gdzie to uruchomić ? Bo w uruchom coś nie tak, a jednak jestem z tym troche zielony

Kolobos · 25 Lutego 2010

Przeczytaj: http://www.searchengines.pl/Podmiana-zainf...ow-t135577.html

Zaloguj się

Virus Na Atapi.sys

Rekomendowane odpowiedzi

Rastir

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Rastir

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Rastir

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Rastir

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Dołącz do dyskusji

Przeglądaj

Cała aktywność