Robal! rootkit.agent.

**Posty:** 4 · przez **groooch** 14 Kwi 2010, 11:02

Dzień Dober. Na początku zaznaczam że jestem kompletnym beztalenciem komputerowym ale mam problem straszny, który chciałabym spróbować najpierw rozwiązać sama i dlatego zwracam się do specjalsitów z błaganiem o pomoc! Mam jakiegoś zaraza o nazwie Rootkit.Agent. hmm? Podpatrzyłam trochę na innych postach i widzę, że niektórzy wklejają logi, następnie zaś, co dla mnie niepojęte hehe, jacyś mądrzy ludzie odczytują z nich, czy wirus już skasowany czy nie. Ja wklejam też mojego loga, przesaknowałam komputer programem Combo Fix i baardzo ale to bardzo ja Was proszę, pomóżcie ale i przy ewentualnym tłumaczeniu co mam zrobić, proszę zważać na moją marną orientację w komputerowych sprawach! Jakimś prostym językiem, proszę Dzięki z góry.

Kod: Zaznacz wszystko: ComboFix 10-04-13.02 - Toshiba 2010-04-14 9:50.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.1022.359 [GMT 2:00] Uruchomiony z: c:\users\Toshiba\Desktop\ComboFix.exe AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} SP: ESET Smart Security 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Pliki utworzone od 2010-03-14 do 2010-04-14 ))))))))))))))))))))))))))))))) . 2010-03-16 08:32 . 2010-03-16 10:44 -------- d-sh--w- c:\users\Toshiba\AppData\Roaming\lowsec . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-14 06:04 . 2009-07-23 09:46 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Skype 2010-04-14 06:02 . 2009-07-23 09:47 -------- d-----w- c:\users\Toshiba\AppData\Roaming\skypePM 2010-04-14 05:57 . 2006-12-05 05: 22 665404 22 665404 ----a-w- c:\windows\system32\perfh015.dat 2010-04-14 05:57 . 2006-12-05 05: 22 128164 22 128164 ----a-w- c:\windows\system32\perfc015.dat 2010-04-13 13:54 . 2008-12-10 06:08 7268 ----a-w- c:\users\Toshiba\AppData\Local\d3d9caps.dat 2010-04-13 07:23 . 2009-01-18 12:37 -------- d-----w- c:\program files\Google 2010-04-07 19:01 . 2009-04-16 11:46 -------- d-----w- c:\program files\ESET 2010-03-11 19:13 . 2010-03-11 19:13 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes 2010-03-11 19:13 . 2010-03-11 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-11 19:13 . 2010-03-11 19:13 -------- d-----w- c:\programdata\Malwarebytes 2010-03-11 09:53 . 2008-10-17 19:52 -------- d-----w- c:\programdata\eMule 2010-03-10 11:29 . 2009-09-08 12:39 -------- d-----w- c:\users\Toshiba\AppData\Roaming\ipla 2010-03-10 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-10 08:31 . 2008-10-04 10:04 -------- d-----w- c:\programdata\Microsoft Help 2010-03-07 21:56 . 2008-10-04 09:38 112976 ----a-w- c:\users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-06 17:58 . 2010-03-06 17:58 20 ----a-w- c:\users\Toshiba\AppData\Roaming\rbuwzv.dat 2010-02-26 17:16 . 2009-06-15 17: 17 112976 17 112976 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2010-02-24 09:16 . 2009-10-03 14:38 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-30 20: 34 916480 34 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-30 20: 34 109056 34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 06:33 . 2010-03-30 20:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 04:55 . 2010-03-30 20: 34 133632 34 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-10 08:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-10 08:22 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-10 08: 22 411648 22 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-12 10:32 . 2010-03-14 11: 58 293376 58 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-01-25 12:00 . 2010-02-24 08: 46 471552 46 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 08:45 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 08:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 08: 46 471552 46 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 08:45 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 08:45 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 08:45 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 08:45 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-24 08:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26 . 2010-02-24 08:47 2048 ----a-w- c:\windows\system32\tzres.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016] [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] 2009-09-23 10: 50 2261016 50 2261016 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016] [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016] [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-16 9302632] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HWSetup"="\HWSetup.exe hwSetUP" [X] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216] "NDSTray.exe"="NDSTray.exe" [BU] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):3b,17,7a,e0,e9,40,ca,01 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 133104] R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x] S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - gfzmhee [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Zawartość folderu 'Zaplanowane zadania' 2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 14:18] 2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 14:18] 2010-04-14 c:\windows\Tasks\User_Feed_Synchronization-{A7F13765-F9FE-4691-A24E-39BDC79EBEDE}.job - c:\windows\system32\msfeedssync.exe [2010-03-30 04:54] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://onet.pl/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-14 10:00 Windows 6.0.6002 Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????5| ????8?Y?`?Y???Y???Y?? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Binary file raw_enum.dat matches . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000008a . Czas ukończenia: 2010-04-14 10:05:54 ComboFix-quarantined-files.txt 2010-04-14 08:05 ComboFix2.txt 2010-03-07 17:23 Przed: 26 006 220 800 bajtów wolnych Po: 27 078 107 136 bajtów wolnych Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 - - End Of File - - 50F96BF0DA93D062E2674858A1D38291

**Posty:** 2849 · przez **BZIKU** 14 Kwi 2010, 11:11

Proszę wstawic logi zgodnie z wytycznymi -> obowiazkowe-zasady-wstawiania-logow-wazne-vt117887.html
Edytujpost dając logi w taki code /code
Oraz:

Kod: Zaznacz wszystko: Proszę nie używać Combofixa na własną rękę

wyjasnienie:

Combofix jest aplikacją, która ma opcję usuwania niebezpiecznych plików/folderów/usług z Naszego systemu. Nie jest jednak to program podobny do OTL, który tylko tworzy raport z komputera. Combofix bardzo mocno integruje w system, dlatego na forum.programosy.pl nie prosimy go jako obowiązkowy. Pokazujemy z niego log tylko wtedy gdy osoba, która sprawdza Twój log stwierdzi, że jest on potrzebny do usunięcia ciężkiej infekcji. Pamiętaj jednak, że robimy to na własną odpowiedzialność. Powtarzam: na własną rękę proszę nie używać Combofixa.

PZDR

**Posty:** 4 · przez **groooch** 14 Kwi 2010, 11:16

o Dżizzzas, nie wiedziałam, że trzeba przejść przez cała procedurę, ale ok ok juz czytam i robie. dzięki:)

Dodano Dzisiaj, 22:54:
Ok.zrobione. nie wiem jakim cudem i zajęło mi to całą wieczność ale wierzę głęboko, że ktoś mi pomoże. wysyłam logi czy jak im tam.

najpierw gmer

Kod: Zaznacz wszystko: GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-04-14 22:35:27 Windows 6.0.6002 Service Pack 2 Running: 33cmsb72.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\awldrfow.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 860D5598 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [BOOT] gfzmhee <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----

Dodano Dzisiaj, 23:32:
OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2010-04-14 21:56:18 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Toshiba\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 022,00 Mb Total Physical Memory | 345,00 Mb Available Physical Memory | 34,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,22 Gb Total Space | 24,81 Gb Free Space | 33,43% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 73,36 Gb Total Space | 72,59 Gb Free Space | 98,94% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOSHIBA-PC Current User Name: Toshiba Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-04-14 21:08:05 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe PRC - [2010-02-23 06:54:43 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe PRC - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-11-16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009-03-30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009-03-20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2009-02-16 16:06:52 | 009,302,632 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-02-16 15:25:28 | 000,014,336 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2008-11-10 13:23:40 | 000,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-09-26 16:23:26 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007-06-13 07:11:00 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-05-23 15:57:12 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe PRC - [2007-05-22 16:32:00 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2007-05-17 20:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007-05-17 16:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe PRC - [2007-04-10 16:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe PRC - [2007-04-02 12:48:06 | 000,577,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe PRC - [2007-03-29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007-03-29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2007-02-25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007-02-12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-02-12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006-11-14 22:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2006-11-14 21:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2006-11-14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006-11-13 15:49:58 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2006-11-06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe PRC - [2006-10-05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006-08-23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006-05-25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2005-07-15 23:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-04-14 21:08:05 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe MOD - [2009-04-11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex) SRV - [2009-11-16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009-09-25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008-11-10 13:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2008-11-10 13:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-09-26 16:23:26 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007-09-26 16:23:26 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Harmonogram automatycznej usługi LiveUpdate) SRV - [2007-05-17 20:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007-03-29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007-02-25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007-02-12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2006-11-14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006-10-05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006-08-23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006-05-25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-12-18 15:02:26 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2009-11-16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-11-16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009-03-20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008-11-17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2007-11-09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007-09-26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-06-21 11:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007-06-12 01:05:00 | 001,787,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-04-30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007-04-27 20:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2007-04-16 10:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007-03-06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR) DRV - [2007-02-12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007-01-24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007-01-18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N) DRV - [2007-01-18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I) DRV - [2006-11-28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-11-02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006-11-02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006-11-02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Sterownik karty Intel(R) DRV - [2006-11-02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-11-02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006-10-23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006-10-18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006-07-28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ IE - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-04-07 21:06:42 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://peecee.dk/uploads/082008/UKooPlayer.ocx (KooPlayer Control) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-14 21:08:06 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe [2010-04-14 20:38:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010-04-14 10:30:44 | 000,000,000 | --SD | C] -- C:\ComboFix [2010-04-14 10:05:56 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\temp(52) [2010-04-14 10:05:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010-03-30 22:34:16 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010-03-30 22:34:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010-03-30 22:34:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010-03-30 22:34:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010-03-30 22:34:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010-03-30 22:34:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010-03-30 22:34:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010-03-30 22:34:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010-03-30 22:34:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010-03-30 22:34:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010-03-30 22:34:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010-03-30 22:34:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010-03-30 22:34:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010-03-30 22:34:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010-03-30 22:34:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010-03-16 10:32:38 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba\AppData\Roaming\lowsec [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-14 21:59:49 | 002,621,440 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat [2010-04-14 21:59:15 | 000,802,304 | ---- | M] () -- C:\Windows\System32\drivers\gfzmhee.sys [2010-04-14 21:57:03 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A7F13765-F9FE-4691-A24E-39BDC79EBEDE}.job [2010-04-14 21:52:58 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-04-14 21:52:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-04-14 21:52:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-04-14 21:52:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-04-14 21:52:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-04-14 21:51:43 | 1072,095,232 | -HS- | M] () -- C:\hiberfil.sys [2010-04-14 21:43:46 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TMContainer00000000000000000002.regtrans-ms [2010-04-14 21:43:46 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TMContainer00000000000000000001.regtrans-ms [2010-04-14 21:43:46 | 000,065,536 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TM.blf [2010-04-14 21:43:03 | 003,685,108 | -H-- | M] () -- C:\Users\Toshiba\AppData\Local\IconCache.db [2010-04-14 21:32:22 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-04-14 21:08:05 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe [2010-04-14 20:59:01 | 000,293,376 | ---- | M] () -- C:\Users\Toshiba\Desktop\33cmsb72.exe [2010-04-14 20:46:40 | 000,665,404 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-04-14 20:46:40 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-04-14 20:46:40 | 000,128,164 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-04-14 20:46:40 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-04-14 20:46:39 | 001,477,664 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-04-14 20:38:35 | 197,499,436 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010-04-14 12:00:08 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010-04-14 12:00:08 | 000,065,536 | -HS- | M] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010-04-13 15:54:31 | 000,007,268 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\d3d9caps.dat [2010-04-07 20:57:05 | 034,316,288 | ---- | M] () -- C:\Users\Toshiba\Desktop\eav_nt32_plk.msi [2010-04-02 09:40:56 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010-03-17 13:00:11 | 000,083,968 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-14 20:58:59 | 000,293,376 | ---- | C] () -- C:\Users\Toshiba\Desktop\33cmsb72.exe [2010-04-14 20:39:04 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TMContainer00000000000000000002.regtrans-ms [2010-04-14 20:39:04 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TMContainer00000000000000000001.regtrans-ms [2010-04-14 20:39:04 | 000,065,536 | -HS- | C] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TM.blf [2010-04-14 20:38:35 | 197,499,436 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010-04-07 20:57:00 | 034,316,288 | ---- | C] () -- C:\Users\Toshiba\Desktop\eav_nt32_plk.msi [2010-03-07 23:53:19 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010-03-06 19:59:40 | 000,802,304 | ---- | C] () -- C:\Windows\System32\drivers\gfzmhee.sys [2010-03-06 19:58:14 | 000,000,020 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\rbuwzv.dat [2010-01-25 21:59:32 | 000,000,600 | ---- | C] () -- C:\Users\Toshiba\PUTTY.RND [2009-09-24 11:40:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-04-16 13:41:55 | 000,008,402 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009-03-30 17:31:33 | 000,000,032 | ---- | C] () -- C:\Windows\niepal.INI [2008-12-10 08:08:27 | 000,007,268 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\d3d9caps.dat [2008-11-02 23:30:19 | 000,000,885 | ---- | C] () -- C:\Windows\VPlayer.INI [2008-10-05 19:39:13 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2008-10-05 19:38:31 | 000,456,192 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2008-10-05 19:38:29 | 000,119,296 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2008-10-05 19:38:28 | 003,569,152 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2008-10-05 19:38:08 | 000,023,552 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2008-10-05 19:38:04 | 000,056,832 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2008-10-05 19:38:01 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2008-10-05 19:37:58 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2008-10-05 19:37:55 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll [2008-10-05 19:37:53 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2008-10-05 19:37:52 | 000,397,312 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2008-10-05 19:37:50 | 000,172,032 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2008-10-05 19:37:49 | 000,052,224 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2008-10-05 19:37:48 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2008-10-05 19:37:46 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2008-10-05 19:37:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2008-10-05 19:37:41 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2008-10-05 19:37:29 | 000,009,216 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2008-10-05 19:37:16 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008-10-05 19:37:12 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008-10-05 19:37:08 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll [2008-10-05 19:37:07 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll [2008-10-05 19:37:06 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll [2008-10-05 19:37:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2008-10-05 19:37:04 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll [2008-10-05 19:37:03 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll [2008-10-05 19:37:01 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2008-10-05 19:37:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2008-10-05 19:36:57 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2008-10-05 18:14:16 | 000,083,968 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-10-04 11:37:50 | 000,000,020 | -HS- | C] () -- C:\Users\Toshiba\ntuser.ini [2008-10-04 11:37:49 | 002,621,440 | -HS- | C] () -- C:\Users\Toshiba\ntuser.dat [2008-10-04 11:37:49 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008-10-04 11:37:49 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008-10-04 11:37:49 | 000,262,144 | -H-- | C] () -- C:\Users\Toshiba\ntuser.dat.LOG1 [2008-10-04 11:37:49 | 000,065,536 | -HS- | C] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2008-10-04 11:37:49 | 000,000,000 | -H-- | C] () -- C:\Users\Toshiba\ntuser.dat.LOG2 [2007-07-13 11:43:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007-07-13 11:31:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007-07-13 11:31:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007-07-13 11:31:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007-07-13 11:31:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007-07-13 11:31:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007-07-13 11:31:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007-07-13 11:13:21 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2007-04-24 10:36:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007-04-24 10:02:15 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007-04-24 10:02:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007-04-24 10:02:15 | 000,010,132 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007-04-24 10:02:15 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007-04-24 09:59:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006-12-05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005-11-23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005-07-22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [color=#E56717]========== LOP Check ==========[/color] [2009-05-25 02:37:03 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Azureus [2010-01-19 00:01:23 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\BESTplayer [2008-10-17 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DesktopSMS [2009-04-16 21:13:38 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ESET [2008-10-05 23:27:39 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Gadu-Gadu [2009-01-31 01:05:39 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Graboid Inc [2010-03-10 13:29:15 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ipla [2009-02-09 21:41:17 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\LimeWire [2010-03-16 12:44:06 | 000,000,000 | -HSD | M] -- C:\Users\Toshiba\AppData\Roaming\lowsec [2009-03-02 01:09:04 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Nowe Gadu-Gadu [2008-10-04 12:39:15 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Toshiba [2010-04-07 21:19:56 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010-04-14 21:57:03 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A7F13765-F9FE-4691-A24E-39BDC79EBEDE}.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

Dodano Dzisiaj, 23:35:
help help help

**Posty:** 18165 · przez **wojtas** 15 Kwi 2010, 12:43

[2010-04-14 21:59:49 | 002,621,440 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat
[2008-10-04 11:37:49 | 002,621,440 | -HS- | C] () -- C:\Users\Toshiba\ntuser.dat

to mnie ciekawi .. niby ten sam rozmiar, ale widać że modyfikacja nastąpiła wtedy gdy złapany został rookit.. Plik jest ukryty.
przeskanuj tu
http://virusscan.jotti.org/
http://www.virustotal.com/

i zapisz sobie raporty ze skanu pliku...

Pobierz i uruchom narzędzie
The Avenger
Wklej do okienka programu

Files to delete:
C:\Windows\System32\drivers\gfzmhee.sys
C:\Users\Toshiba\AppData\Roaming\rbuwzv.dat

Drivers to unload:
gfzmhee

Klikasz Execute, Po restarcie będzie raport z czyszczenia zapisz sobie go...

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
IE - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1357057682-3136076111-1061053453-1000\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found

:Files
C:\Windows\tasks\User_Feed_Synchronization-{A7F13765-F9FE-4691-A24E-39BDC79EBEDE}.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Program Files\Google\Google Toolbar

:Commands
[emptytemp]

Kliknij w Run Fix. I potwierdź reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera z OTL , Avengera, skan plików , i nowy log z Gmer

**Posty:** 4 · przez **groooch** 16 Kwi 2010, 22:58

Przede wszystkim dzięki za odp:) zrobilam wszystko według wskazówek oprócz punktu pierwszego. w momencie jak chciałam załadowac plik do skanowania wyskakiwało mi powiadomienie w stylu zmień nazwę programu albo sprawdź czy nie jest otwarty..hmm.jeśli to dalej bedzie niezbedne to postaram sie moze z pomocą czyjąś to zrobić, póki co, przesyłam to co udało mi się stworzyć heh

Kod: Zaznacz wszystko: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Windows\System32\drivers\gfzmhee.sys" deleted successfully. File "C:\Users\Toshiba\AppData\Roaming\rbuwzv.dat" deleted successfully. Driver "gfzmhee" deleted successfully. Completed script processing. [code] ******************* Finished! Terminate.[/code] All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1357057682-3136076111-1061053453-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully. C:\Program Files\Softonic-Eng7\tbSoft.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\ deleted successfully. C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found. File C:\Program Files\Softonic-Eng7\tbSoft.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully. C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully. File C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found. File Eng7\tbSoft.dll not found. Registry value HKEY_USERS\S-1-5-21-1357057682-3136076111-1061053453-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. File C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll not found. Registry value HKEY_USERS\S-1-5-21-1357057682-3136076111-1061053453-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found. File Eng7\tbSoft.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HWSetup deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully. ========== FILES ========== C:\Windows\tasks\User_Feed_Synchronization-{A7F13765-F9FE-4691-A24E-39BDC79EBEDE}.job moved successfully. C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully. Folder move failed. C:\Program Files\Google\Google Toolbar\Component scheduled to be moved on reboot. Folder move failed. C:\Program Files\Google\Google Toolbar scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Toshiba ->Temp folder emptied: 1555685 bytes ->Temporary Internet Files folder emptied: 1250750338 bytes ->Java cache emptied: 886986 bytes ->Google Chrome cache emptied: 5876372 bytes ->Flash cache emptied: 28337 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7264294 bytes RecycleBin emptied: 38607767 bytes Total Files Cleaned = 1 245,00 mb OTL by OldTimer - Version 3.2.1.1 log created on 04162010_213507 Files\Folders moved on Reboot... C:\Program Files\Google\Google Toolbar\Component folder moved successfully. C:\Program Files\Google\Google Toolbar folder moved successfully. File\Folder C:\Users\Toshiba\AppData\Local\Temp\~DFBB8F.tmp not found! File\Folder C:\Users\Toshiba\AppData\Local\Temp\~DFBB95.tmp not found! File\Folder C:\Users\Toshiba\AppData\Local\Temp\~DFBBE0.tmp not found! File\Folder C:\Users\Toshiba\AppData\Local\Temp\~DFBE2E.tmp not found! File\Folder C:\Users\Toshiba\AppData\Local\Temp\~DFBE79.tmp not found! File\Folder C:\Users\Toshiba\AppData\Local\Temp\~DFC501.tmp not found! C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FH7SG3B2\viewtopic[1].htm moved successfully. C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4IUXROB5\ads[1].htm moved successfully. Registry entries deleted on Reboot...

Dodano Dzisiaj, 22:59:

Kod: Zaznacz wszystko: OTL logfile created on: 2010-04-16 21:46:06 - Run 2 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Toshiba\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 022,00 Mb Total Physical Memory | 82,00 Mb Available Physical Memory | 8,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 41,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,22 Gb Total Space | 26,37 Gb Free Space | 35,54% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 73,36 Gb Total Space | 72,59 Gb Free Space | 98,94% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOSHIBA-PC Current User Name: Toshiba Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-04-14 21:08:05 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe PRC - [2010-02-23 06:54:43 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe PRC - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-11-16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009-03-30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009-03-20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2009-02-16 16:06:52 | 009,302,632 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-02-16 15:25:28 | 000,014,336 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2008-11-10 13:23:40 | 000,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-09-26 16:23:26 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007-06-13 07:11:00 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-05-23 15:57:12 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe PRC - [2007-05-22 16:32:00 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2007-05-17 20:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007-05-17 16:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe PRC - [2007-04-10 16:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe PRC - [2007-04-02 12:48:06 | 000,577,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe PRC - [2007-03-29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007-03-29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2007-02-25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007-02-12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-02-12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006-11-14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006-11-13 15:49:58 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2006-11-06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe PRC - [2006-10-05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006-08-23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006-05-25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2005-07-15 23:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-04-14 21:08:05 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe MOD - [2009-04-11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex) SRV - [2009-11-16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009-09-25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008-11-10 13:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2008-11-10 13:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-09-26 16:23:26 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007-09-26 16:23:26 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Harmonogram automatycznej usługi LiveUpdate) SRV - [2007-05-17 20:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007-03-29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007-02-25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007-02-12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2006-11-14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006-10-05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006-08-23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006-05-25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-12-18 15:02:26 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2009-11-16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-11-16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009-03-20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008-11-17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2007-11-09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007-09-26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-06-21 11:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007-06-12 01:05:00 | 001,787,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-04-30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007-04-27 20:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2007-04-16 10:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007-03-06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR) DRV - [2007-02-12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007-01-24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007-01-18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N) DRV - [2007-01-18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I) DRV - [2006-11-28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-11-02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006-11-02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006-11-02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Sterownik karty Intel(R) DRV - [2006-11-02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-11-02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006-10-23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006-10-18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006-07-28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-04-07 21:06:42 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://peecee.dk/uploads/082008/UKooPlayer.ocx (KooPlayer Control) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-16 21:35:07 | 000,000,000 | ---D | C] -- C:\_OTL [2010-04-16 21:26:21 | 000,000,000 | ---D | C] -- C:\Avenger [2010-04-14 21:08:06 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe [2010-04-14 21:02:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010-04-14 21:02:55 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010-04-14 21:02:31 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010-04-14 21:02:30 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010-04-14 21:02:24 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010-04-14 20:38:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010-04-14 10:30:44 | 000,000,000 | --SD | C] -- C:\ComboFix [2010-04-14 10:05:56 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\temp(52) [2010-04-14 10:05:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010-03-30 22:34:16 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010-03-30 22:34:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010-03-30 22:34:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010-03-30 22:34:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010-03-30 22:34:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010-03-30 22:34:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010-03-30 22:34:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010-03-30 22:34:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010-03-30 22:34:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010-03-30 22:34:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010-03-30 22:34:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010-03-30 22:34:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010-03-30 22:34:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010-03-30 22:34:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010-03-30 22:34:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-16 21:48:29 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A7F13765-F9FE-4691-A24E-39BDC79EBEDE}.job [2010-04-16 21:46:01 | 002,621,440 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat [2010-04-16 21:38:48 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-04-16 21:38:48 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-04-16 21:38:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-04-16 21:38:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-04-16 21:38:34 | 1072,095,232 | -HS- | M] () -- C:\hiberfil.sys [2010-04-16 21:37:39 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TMContainer00000000000000000001.regtrans-ms [2010-04-16 21:37:39 | 000,065,536 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TM.blf [2010-04-16 21:30:01 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-04-16 21:08:56 | 006,291,456 | -H-- | M] () -- C:\Users\Toshiba\AppData\Local\IconCache.db [2010-04-16 21:07:13 | 000,724,952 | ---- | M] () -- C:\Users\Toshiba\Desktop\avenger.zip [2010-04-16 21:05:26 | 000,002,647 | ---- | M] () -- C:\Users\Toshiba\Desktop\ntuser.dat — skrót.lnk [2010-04-16 17:41:33 | 000,007,268 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\d3d9caps.dat [2010-04-14 21:43:46 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TMContainer00000000000000000002.regtrans-ms [2010-04-14 21:08:05 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe [2010-04-14 20:59:01 | 000,293,376 | ---- | M] () -- C:\Users\Toshiba\Desktop\33cmsb72.exe [2010-04-14 20:46:40 | 000,665,404 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-04-14 20:46:40 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-04-14 20:46:40 | 000,128,164 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-04-14 20:46:40 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-04-14 20:46:39 | 001,477,664 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-04-14 20:38:35 | 197,499,436 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010-04-14 12:00:08 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010-04-14 12:00:08 | 000,065,536 | -HS- | M] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010-04-02 09:40:56 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-16 21:36:29 | 000,000,436 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{A7F13765-F9FE-4691-A24E-39BDC79EBEDE}.job [2010-04-16 21:07:05 | 000,724,952 | ---- | C] () -- C:\Users\Toshiba\Desktop\avenger.zip [2010-04-16 21:05:26 | 000,002,647 | ---- | C] () -- C:\Users\Toshiba\Desktop\ntuser.dat — skrót.lnk [2010-04-14 20:58:59 | 000,293,376 | ---- | C] () -- C:\Users\Toshiba\Desktop\33cmsb72.exe [2010-04-14 20:39:04 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TMContainer00000000000000000002.regtrans-ms [2010-04-14 20:39:04 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TMContainer00000000000000000001.regtrans-ms [2010-04-14 20:39:04 | 000,065,536 | -HS- | C] () -- C:\Users\Toshiba\ntuser.dat{e745a010-47f4-11df-904e-001b38b699c7}.TM.blf [2010-04-14 20:38:35 | 197,499,436 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010-03-07 23:53:19 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010-01-25 21:59:32 | 000,000,600 | ---- | C] () -- C:\Users\Toshiba\PUTTY.RND [2009-09-24 11:40:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-04-16 13:41:55 | 000,008,402 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009-03-30 17:31:33 | 000,000,032 | ---- | C] () -- C:\Windows\niepal.INI [2008-12-10 08:08:27 | 000,007,268 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\d3d9caps.dat [2008-11-02 23:30:19 | 000,000,885 | ---- | C] () -- C:\Windows\VPlayer.INI [2008-10-05 19:39:13 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2008-10-05 19:38:31 | 000,456,192 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2008-10-05 19:38:29 | 000,119,296 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2008-10-05 19:38:28 | 003,569,152 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2008-10-05 19:38:08 | 000,023,552 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2008-10-05 19:38:04 | 000,056,832 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2008-10-05 19:38:01 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2008-10-05 19:37:58 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2008-10-05 19:37:55 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll [2008-10-05 19:37:53 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2008-10-05 19:37:52 | 000,397,312 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2008-10-05 19:37:50 | 000,172,032 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2008-10-05 19:37:49 | 000,052,224 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2008-10-05 19:37:48 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2008-10-05 19:37:46 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2008-10-05 19:37:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2008-10-05 19:37:41 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2008-10-05 19:37:29 | 000,009,216 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2008-10-05 19:37:16 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008-10-05 19:37:12 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008-10-05 19:37:08 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll [2008-10-05 19:37:07 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll [2008-10-05 19:37:06 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll [2008-10-05 19:37:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2008-10-05 19:37:04 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll [2008-10-05 19:37:03 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll [2008-10-05 19:37:01 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2008-10-05 19:37:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2008-10-05 19:36:57 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2008-10-05 18:14:16 | 000,083,968 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-10-04 11:37:50 | 000,000,020 | -HS- | C] () -- C:\Users\Toshiba\ntuser.ini [2008-10-04 11:37:49 | 002,621,440 | -HS- | C] () -- C:\Users\Toshiba\ntuser.dat [2008-10-04 11:37:49 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008-10-04 11:37:49 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008-10-04 11:37:49 | 000,262,144 | -H-- | C] () -- C:\Users\Toshiba\ntuser.dat.LOG1 [2008-10-04 11:37:49 | 000,065,536 | -HS- | C] () -- C:\Users\Toshiba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2008-10-04 11:37:49 | 000,000,000 | -H-- | C] () -- C:\Users\Toshiba\ntuser.dat.LOG2 [2007-07-13 11:43:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007-07-13 11:31:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007-07-13 11:31:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007-07-13 11:31:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007-07-13 11:31:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007-07-13 11:31:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007-07-13 11:31:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007-07-13 11:13:21 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2007-04-24 10:36:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007-04-24 10:02:15 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007-04-24 10:02:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007-04-24 10:02:15 | 000,010,132 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007-04-24 10:02:15 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007-04-24 09:59:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006-12-05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005-11-23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005-07-22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report >

Dodano Dzisiaj, 23:01:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-16 22:58:51
Windows 6.0.6002 Service Pack 2
Running: 33cmsb72.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\awldrfow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Dodano Dzisiaj, 23:02:
i jak? lepiej to już wszystko wygląda?:)

**Posty:** 18165 · przez **wojtas** 17 Kwi 2010, 16:09

Czynności końcowe :

Uruchom OTL z opcji CleanUp
zrób skan Malwarebytes Anti-Malware (zaktualizuj, jak coś znajdzie pokaż raport na forum,)

**Posty:** 4 · przez **groooch** 17 Kwi 2010, 21:25

Program nic nie znalazł...jeeej:) dzięki wielkie za pomoc! takie pytanie jeszcze na koniec, jak mozna złapac tego wirusa? zaznaczam ze nie sciagam zadnych programow z neta..mozna go zlapac po prostu przegladajac jakies strony internetowej?
pozdrawiam ciepło i jeszcze raz dzięki:))

**Posty:** 18165 · przez **wojtas** 18 Kwi 2010, 09:54

możesz dosłownie wszędzie go złapać... możesz nawet przynieść na pendrivie czy coś... pozdro