Witamy na forum PC Format Zapraszamy do REJESTRACJI


Użytkownicy przeglądający ten wątek: 1 gości

Trojan - Logi ( Hijackthis, Silentrunners )[Windows Tools 2011]

#1
Trojan - Logi ( Hijackthis, Silentrunners )[Windows Tools 2011]
Witajcie,
Mój pierwszy post na forum, pierwszy raz mam też do czynienia z czymś takim, a mianowicie :
Używam Eset NOD32 i w pewnym momencie napisał mi, że objął kwarantanną trojana, w sumie nie zwróciłem na początku uwagi co takiego objął kwarantanną. Po jakimś czasie włączyła się sama JAVA i wyłączyło mi wszystkie włączone programy, w jednej chwili zainstalowała się jakaś aplikacja : Windows Tools 2011 imitująca wygląd jakiegoś antywirusa, pokazywała, że skanuje komputer i znajdowała różnego rodzaju robactwo.
Na pulpicie zmieniła się tapeta z napisami po angielsku, że żadne standardowe oprogramowanie nie usunie trojana, że rozesłane zostaną do internetu moje zdjęcia, wiadomości a nawet numery konta.
Wyłączyłem internet, komputer uruchomiłem po jakimś czasie w trybie awaryjnym i wywaliłem tego Windows Tools 2011.
Wchodząc w kwarantanne w Eset NOD32 wyświetla mi, że plik pochodził z:
hxxp://c c cssffff.co.cc/radfghdfghxcxvox.jar
Dodam, że na powyższą stronę nie wchodziłem.

Przy powodzie pisze :
Java/TrojanDownloader.OpenConnecrion.CU koń trojański

Znajomy mi kazał napisać w tym temacie, powiedział, że powiecie mi jak zrobić loga i Wy dacie mi jakiś kawałek kodu do wklejenia do jakiegoś specjalnego programu i on usunie wszystkie śmiecie.

Jak na razie wszystko jest w normie ale boję się nawrotu czy coś w tym stylu.

Bardzo proszę o pomoc i czekam na odpowiedź.

Hijackthis:
Kod:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:59:51, on 2011-01-20
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Adnotuj z Bamboo Link - C:\Program Files (x86)\Wacom\Bamboo Link\AnnotateWithErgo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Usuga stanu ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSService - Unknown owner - C:\Windows\SysWOW64\GSService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMServer - SMServer - C:\Windows\SysWOW64\snmvtsvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Usługa udostępniania w sieci programu Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10518 bytes


Na przyszłość maskuj szkodliwe linki.
Usuwam zbędne informacje.
Paweł01
 System operacyjny: windows_seven Przeglądarka: chrome
#2
RE: Trojan - Logi ( Hijackthis, Silentrunners )
Pokaż zestaw logów (masz system 64-bitowy).:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Nie odpowiadam w tematach z działu 'Bezpieczeństwo', w których brakuje pełnego zestawu logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Jeżeli prowadziłem wątek i w nim nie odpowiadam przez 3 dni-proszę o przypomnienie na PW.
Nie pomagam na PW.
Prośba o przetestowanie aplikacji: http://forum.pcformat.pl/Prosba-o-przete...L-OpenGL-t
 System operacyjny: windows_xp_2003 Przeglądarka: seamonkey
#3
RE: Trojan - Logi ( Hijackthis, RSIT, MBRCheck, OTL, DDS ) UPLOAD
Zrobiłem log w :
RSIT
Kod:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Deex at 2011-01-21 09:52:56
Microsoft Windows 7 Ultimate  
System drive C: has 108 GB (54%) free of 200 GB
Total RAM: 4094 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:54:07, on 2011-01-21
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Deex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:64141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\Users\Deex\AppData\Local\Temp\csrss.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Windows\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [conhost] C:\Users\Deex\AppData\Roaming\Microsoft\conhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Windows\Common Files (x86)\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Usuga stanu ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSService - Unknown owner - C:\Windows\SysWOW64\GSService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMServer - SMServer - C:\Windows\SysWOW64\snmvtsvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Usługa udostępniania w sieci programu Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9830 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
/QuitInfo:00000000000004A0;0000000000000458;  /AddRef;
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe"
"taskhost.exe"
/QuitInfo:000000000000019C;0000000000000194;  /AddRef;
/QuitInfo:00000000000001D8;000000000000052C;  
"C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\Explorer.EXE
/loadhooks /Parent:0000000000000768
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe"
"C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Windows\WindowsMobile\wmdc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
WTablet\Pen_TabletUser.exe
Pen_Tablet.exe au
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files (x86)\MagicTune Premium\MagicTune.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Windows\Program Files (x86)\Java\jre6\bin\javaw.exe" -Xmx512m -jar "C:\Program Files (x86)\JDownloader\JDownloader.jar"
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2604.010DEC00.331133750 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Deex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll" --lang=pl --plugin-data-dir="C:\Users\Deex\AppData\Local\Google\Chrome\User Data\Default" --channel=2604.09B4BE4C.1615919690 /prefetch:4
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel=2604.071F504C.638861431 /prefetch:12
"C:\Program Files (x86)\Gadu-Gadu 10\gg.exe"
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2604.09B5C480.1576820788 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2604.09B5C300.339968157 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Deex\AppData\Local\Google\Chrome\Application\8.0.552.237\gcswf32.dll" --lang=pl --plugin-data-dir="C:\Users\Deex\AppData\Local\Google\Chrome\User Data\Default" --channel=2604.0B551E4C.1704877770 /prefetch:4
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2604.0757AA80.951235620 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2604.075F1D80.418589040 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2604.09F92D80.1766538882 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2604.0756AD80.936324296 /prefetch:3
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 5FC72B76-D8E9-EA5F-5DE2-17515187DCDC -Reinvoke
"C:\Users\Deex\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

======Scheduled tasks folder======

C:\Windows\tasks\Driver Fetch.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2393284768-505288345-4158682497-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2393284768-505288345-4158682497-1000UA.job
C:\Windows\tasks\Registry Victor Schedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Windows\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-01-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} -

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MagicTuneEngine"=C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [2009-06-15 24064]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-22 10081312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2916584]
"TNOD UP"=C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe [2010-04-01 1811968]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"conhost"=C:\Users\Deex\AppData\Roaming\Microsoft\conhost.exe [2011-01-20 170496]
"SunJavaUpdateSched"=C:\Windows\Common Files (x86)\Java\Java Update\jusched.exe [2010-05-14 248552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-21 09:47:59 ----A---- C:\TDSSKiller.2.4.14.0_21.01.2011_09.47.59_log.txt
2011-01-21 09:47:04 ----D---- C:\Program Files\trend micro
2011-01-21 09:47:03 ----D---- C:\rsit
2011-01-21 00:24:09 ----D---- C:\Windows\Common Files (x86)
2011-01-21 00:23:52 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-01-21 00:23:44 ----D---- C:\Windows\Program Files (x86)
2011-01-20 23:53:10 ----A---- C:\Users\Deex\AppData\Roaming\dwm.exe
2011-01-20 23:50:45 ----D---- C:\Program Files\Trojan Remover
2011-01-20 23:16:46 ----A---- C:\Windows\SYSWOW64\zlib.dll
2011-01-20 23:16:45 ----D---- C:\Program Files (x86)\SoftprojectGP
2011-01-20 23:14:58 ----A---- C:\Users\Deex\AppData\Roaming\dwm.exe.vir
2011-01-18 20:17:49 ----D---- C:\Windows\WindowsMobile
2011-01-15 19:04:01 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2011-01-15 18:59:15 ----D---- C:\ProgramData\ESET
2011-01-15 18:59:15 ----D---- C:\Program Files\ESET
2011-01-15 18:15:22 ----D---- C:\Program Files (x86)\Lavalys
2011-01-14 09:38:59 ----D---- C:\Program Files (x86)\IZArc
2011-01-01 11:57:52 ----A---- C:\Windows\system32\drivers\pavboot64.sys
2011-01-01 11:56:22 ----D---- C:\Program Files (x86)\Panda Security

======List of files/folders modified in the last 1 months======

2011-01-21 09:54:06 ----D---- C:\Windows\Temp
2011-01-21 09:53:18 ----D---- C:\Windows\Prefetch
2011-01-21 09:47:59 ----D---- C:\Windows\system32\drivers
2011-01-21 09:47:04 ----RD---- C:\Program Files
2011-01-21 09:42:21 ----SHD---- C:\Windows\Installer
2011-01-21 09:42:21 ----HD---- C:\Config.Msi
2011-01-21 09:42:21 ----D---- C:\ProgramData\Microsoft Help
2011-01-21 03:47:21 ----SHD---- C:\System Volume Information
2011-01-21 01:12:30 ----D---- C:\Windows\system32\config
2011-01-21 00:24:09 ----D---- C:\Windows
2011-01-21 00:24:07 ----D---- C:\Program Files (x86)\Common Files
2011-01-21 00:23:52 ----D---- C:\Windows\SysWOW64
2011-01-21 00:23:45 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-01-21 00:23:45 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-01-21 00:23:45 ----A---- C:\Windows\SYSWOW64\java.exe
2011-01-21 00:00:44 ----D---- C:\Windows\System32
2011-01-21 00:00:43 ----D---- C:\Windows\inf
2011-01-21 00:00:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-20 23:55:20 ----HD---- C:\ProgramData
2011-01-20 23:55:07 ----D---- C:\Windows\tracing
2011-01-20 23:54:45 ----D---- C:\Users\Deex\AppData\Roaming\WTablet
2011-01-20 23:24:37 ----D---- C:\Windows\system32\catroot2
2011-01-20 23:24:37 ----D---- C:\Windows\Panther
2011-01-20 23:24:37 ----D---- C:\Windows\Logs
2011-01-20 23:24:37 ----D---- C:\Users\Deex\AppData\Roaming\uTorrent
2011-01-20 23:24:37 ----D---- C:\Users\Deex\AppData\Roaming\ipla
2011-01-20 23:24:36 ----D---- C:\SB4_DEMO
2011-01-20 23:24:34 ----D---- C:\ProgramData\FLEXnet
2011-01-20 23:24:34 ----D---- C:\Program Files (x86)\PC Inspector File Recovery
2011-01-20 23:24:34 ----D---- C:\Program Files (x86)\NAPI-PROJEKT
2011-01-20 23:24:34 ----D---- C:\Program Files (x86)\JDownloader
2011-01-20 23:24:34 ----D---- C:\Program Files (x86)\DrmRemoval
2011-01-20 23:24:33 ----D---- C:\Program Files\WinRAR
2011-01-20 23:16:45 ----RD---- C:\Program Files (x86)
2011-01-20 23:14:37 ----SD---- C:\Users\Deex\AppData\Roaming\Microsoft
2011-01-20 14:56:14 ----D---- C:\Users\Deex\AppData\Roaming\Media Player Classic
2011-01-19 21:26:35 ----D---- C:\Users\Deex\AppData\Roaming\Winamp
2011-01-18 20:35:23 ----D---- C:\WTablet
2011-01-18 20:18:49 ----D---- C:\Windows\system32\LogFiles
2011-01-18 20:17:44 ----D---- C:\Windows\system32\catroot
2011-01-18 20:17:39 ----D---- C:\Windows\system32\DriverStore
2011-01-18 15:31:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-01-17 19:36:59 ----D---- C:\Program Files (x86)\Gadu-Gadu 10
2011-01-15 18:53:33 ----D---- C:\Windows\system32\Tasks
2011-01-12 15:50:45 ----D---- C:\ProgramData\OpenFM
2011-01-01 12:01:45 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-30 10:39:34 ----D---- C:\Program Files\Autodesk
2010-12-26 18:16:02 ----D---- C:\Users\Deex\AppData\Roaming\Gadu-Gadu 10
2010-12-24 19:12:47 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2010-04-03 347336]
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2008-11-04 23096]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/03 23:42:00]; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-28 146928]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-07-16 35344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-03 6366720]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-03 186880]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 DrmRAudio;DrmRAudio; C:\Windows\system32\drivers\DrmRAudio.sys [2010-09-01 33848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-22 2271648]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 18216]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12848]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2008-08-18 15272]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 12976]
S0 sptd;sptd; C:\Windows\system32\drivers\sptd.sys []
S2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-03 6366720]
S3 BDFM;BDFM; C:\Windows\system32\DRIVERS\bdfm.sys [2010-04-03 163936]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-04-06 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-04-06 27176]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\Windows\system32\DRIVERS\s1039bus.sys [2010-03-15 127600]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 19568]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 161904]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 141424]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 34416]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1039obex.sys [2010-03-15 137328]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1039unic.sys [2010-03-15 158320]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ST330;ST330; C:\Windows\system32\DRIVERS\st330.sys [2010-03-20 47616]
S3 STBUS;STBUS; C:\Windows\system32\DRIVERS\stbus.sys [2010-03-20 24576]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver; C:\Windows\system32\DRIVERS\steth.sys [2010-03-20 58880]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;Sterownik WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-03 202752]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-03-21 79360]
R2 Bonjour Service;Usługa Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]
R2 EmmaDevMgmtSvc;Emma Device Management; C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe [2010-08-24 403064]
R2 EmmaUpdMgmtSvc;Emma Update Management; C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe [2010-08-24 193656]
R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit; C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [2008-12-11 3589416]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2010-08-27 8192]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-11 405920]
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe /service []
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
S3 aspnet_state;Usuga stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 42360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-21 655624]
S3 GSService;GSService; C:\Windows\SysWOW64\GSService.exe [2010-08-31 348160]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SMServer;SMServer; C:\Windows\SysWOW64\snmvtsvc.exe [2010-08-31 245760]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------
MBRCheck
Kod:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:            
Windows Version:        Windows 7 Ultimate Edition
Windows Information:         (build 7600), 64-bit
Base Board Manufacturer:    Gigabyte Technology Co., Ltd.
BIOS Manufacturer:        Award Software International, Inc.
System Manufacturer:        Gigabyte Technology Co., Ltd.
System Product Name:        EP35-DS3
Logical Drives Mask:        0x0000017d

Kernel Drivers (total 198):
  0x02E01000 \SystemRoot\system32\ntoskrnl.exe
  0x033DE000 \SystemRoot\system32\hal.dll
  0x00BCD000 \SystemRoot\system32\kdcom.dll
  0x00C2E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00C72000 \SystemRoot\system32\PSHED.dll
  0x00C86000 \SystemRoot\system32\CLFS.SYS
  0x00CE4000 \SystemRoot\system32\CI.dll
  0x00E96000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F3A000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F49000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00FA0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x00FA9000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00FB3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00FC0000 \SystemRoot\system32\DRIVERS\pci.sys
  0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E15000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E86000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00DA4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00DB4000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00FF3000 \SystemRoot\system32\drivers\pavboot64.sys
  0x00E8D000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x00DCE000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x00C00000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x0103B000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01087000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0109B000 \SystemRoot\system32\DRIVERS\bdfsfltr.sys
  0x01244000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x010F6000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01154000 \SystemRoot\System32\Drivers\cng.sys
  0x0121A000 \SystemRoot\System32\drivers\pcw.sys
  0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01439000 \SystemRoot\system32\drivers\ndis.sys
  0x0152B000 \SystemRoot\system32\drivers\NETIO.SYS
  0x0158B000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01600000 \SystemRoot\System32\drivers\tcpip.sys
  0x015B6000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01400000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x0180B000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x01857000 \SystemRoot\System32\Drivers\spldr.sys
  0x0185F000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01899000 \SystemRoot\System32\Drivers\mup.sys
  0x018AB000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x018B4000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x018EE000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01904000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x0196A000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x01994000 \SystemRoot\System32\Drivers\Null.SYS
  0x0199D000 \SystemRoot\System32\Drivers\Beep.SYS
  0x019A4000 \SystemRoot\system32\DRIVERS\ehdrv.sys
  0x019C9000 \SystemRoot\system32\drivers\MTiCtwl.sys
  0x019D2000 \SystemRoot\System32\drivers\vga.sys
  0x01410000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x019E0000 \SystemRoot\System32\drivers\watchdog.sys
  0x019F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x01800000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x01235000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x013E7000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x011C7000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x011D8000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x013F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x02C72000 \SystemRoot\system32\drivers\afd.sys
  0x02CFC000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x02D41000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x02D4A000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x02D70000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x02D7F000 \SystemRoot\system32\DRIVERS\serial.sys
  0x02D9C000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x02DB7000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x02DCB000 \SystemRoot\System32\drivers\discache.sys
  0x03A16000 \SystemRoot\system32\drivers\csc.sys
  0x03A99000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03AB7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x03AC8000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x03AEE000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x03B04000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x03C7E000 \SystemRoot\system32\DRIVERS\atipmdag.sys
  0x042E2000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x03C00000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x03C46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x03C6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x03B38000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x043D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x03B8E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x043E7000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x043F4000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x02DDA000 \SystemRoot\system32\DRIVERS\parport.sys
  0x01000000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x03BE4000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x03A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x0101E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x03C77000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
  0x00C0B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x03BF3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x03C7A000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
  0x0102E000 \SystemRoot\system32\drivers\DrmRAudio.sys
  0x0442A000 \SystemRoot\system32\drivers\portcls.sys
  0x04467000 \SystemRoot\system32\drivers\drmk.sys
  0x04489000 \SystemRoot\system32\drivers\ks.sys
  0x044CC000 \SystemRoot\system32\drivers\ksthunk.sys
  0x044D2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x044E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x0450C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04518000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04547000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x04562000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x04583000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x0459D000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x045A8000 \SystemRoot\system32\DRIVERS\mcdbus.sys
  0x04AAA000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x04AD9000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x04ADB000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04AED000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x04B47000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x04B52000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x04B5F000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
  0x04B67000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x04B75000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x04B8A000 \SystemRoot\system32\drivers\AtiHdmi.sys
  0x05654000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x0587D000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x0588B000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x0588D000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
  0x000C0000 \SystemRoot\System32\win32k.sys
  0x05896000 \SystemRoot\System32\drivers\Dxapi.sys
  0x058A2000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x058B0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x058BC000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x058C5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x058D8000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00400000 \SystemRoot\System32\TSDDD.dll
  0x00870000 \SystemRoot\System32\ATMFD.DLL
  0x058E6000 \SystemRoot\system32\drivers\luafv.sys
  0x00630000 \SystemRoot\System32\cdd.dll
  0x05909000 \SystemRoot\system32\DRIVERS\eamonm.sys
  0x05600000 \SystemRoot\system32\drivers\WudfPf.sys
  0x05621000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x05636000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x0344D000 \SystemRoot\system32\drivers\HTTP.sys
  0x03515000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x03533000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x03560000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x035AD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x035D0000 \SystemRoot\System32\Drivers\adfs.SYS
  0x03400000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
  0x03421000 \SystemRoot\system32\drivers\npf.sys
  0x04A00000 \SystemRoot\system32\drivers\peauth.sys
  0x0342D000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x04BAC000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x06ECC000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x06EDE000 \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
  0x06F09000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x07A34000 \SystemRoot\System32\DRIVERS\srv.sys
  0x07ACC000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x76DF0000 \Windows\System32\ntdll.dll
  0x479E0000 \Windows\System32\smss.exe
  0xFF110000 \Windows\System32\apisetschema.dll
  0xFF0C0000 \Windows\System32\autochk.exe
  0xFF0E0000 \Windows\System32\sechost.dll
  0xFEE80000 \Windows\System32\iertutil.dll
  0xFEDE0000 \Windows\System32\msvcrt.dll
  0xFEDC0000 \Windows\System32\imagehlp.dll
  0xFED70000 \Windows\System32\ws2_32.dll
  0xFED60000 \Windows\System32\nsi.dll
  0x76FC0000 \Windows\System32\normaliz.dll
  0x76FB0000 \Windows\System32\psapi.dll
  0xFEC80000 \Windows\System32\oleaut32.dll
  0xFEB70000 \Windows\System32\msctf.dll
  0xFEAF0000 \Windows\System32\shlwapi.dll
  0xFEA10000 \Windows\System32\advapi32.dll
  0xFE8E0000 \Windows\System32\rpcrt4.dll
  0xFE870000 \Windows\System32\gdi32.dll
  0xFE840000 \Windows\System32\imm32.dll
  0xFE710000 \Windows\System32\wininet.dll
  0xFE700000 \Windows\System32\lpk.dll
  0xFE630000 \Windows\System32\usp10.dll
  0xFE590000 \Windows\System32\clbcatq.dll
  0xFE4F0000 \Windows\System32\comdlg32.dll
  0xFE370000 \Windows\System32\urlmon.dll
  0xFE190000 \Windows\System32\setupapi.dll
  0xFE110000 \Windows\System32\difxapi.dll
  0x76CF0000 \Windows\System32\user32.dll
  0x76BD0000 \Windows\System32\kernel32.dll
  0xFD380000 \Windows\System32\shell32.dll
  0xFD330000 \Windows\System32\Wldap32.dll
  0xFD120000 \Windows\System32\ole32.dll
  0xFD080000 \Windows\System32\comctl32.dll
  0xFD010000 \Windows\System32\KernelBase.dll
  0xFCEA0000 \Windows\System32\crypt32.dll
  0xFCE60000 \Windows\System32\cfgmgr32.dll
  0xFCE40000 \Windows\System32\devobj.dll
  0xFCE00000 \Windows\System32\wintrust.dll
  0xFCDF0000 \Windows\System32\msasn1.dll
  0x76060000 \Windows\SysWOW64\normaliz.dll

Processes (total 78):
       0 System Idle Process
       4 System
     336 C:\Windows\System32\smss.exe
     492 csrss.exe
     564 C:\Windows\System32\wininit.exe
     580 csrss.exe
     612 C:\Windows\System32\services.exe
     628 C:\Windows\System32\lsass.exe
     636 C:\Windows\System32\lsm.exe
     752 C:\Windows\System32\svchost.exe
     836 C:\Windows\System32\winlogon.exe
     860 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\atiesrxx.exe
     364 C:\Windows\System32\svchost.exe
     412 C:\Windows\System32\svchost.exe
     400 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1236 C:\Windows\System32\atieclxx.exe
    1244 C:\Windows\System32\wisptis.exe
    1272 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\spoolsv.exe
    1440 C:\Windows\System32\svchost.exe
    1524 C:\Windows\SysWOW64\svchost.exe
    1592 C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    1628 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1688 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    1728 C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe
    1784 C:\Windows\System32\taskhost.exe
    1884 C:\Windows\System32\wisptis.exe
    1896 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
    1968 C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe
    2004 C:\Windows\System32\dwm.exe
    2024 C:\Windows\SysWOW64\svchost.exe
    2044 C:\Windows\explorer.exe
    1564 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
    2176 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2260 C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    2292 C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
    2336 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2488 C:\Windows\System32\svchost.exe
    2508 C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
    2524 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2532 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    2572 C:\Windows\WindowsMobile\wmdc.exe
    2632 C:\Windows\System32\svchost.exe
    2856 C:\Windows\System32\svchost.exe
    2916 C:\Windows\System32\Pen_Tablet.exe
     968 C:\Windows\System32\WTablet\Pen_TabletUser.exe
    2344 C:\Windows\System32\Pen_Tablet.exe
    2444 C:\Windows\System32\svchost.exe
    3176 C:\Program Files (x86)\MagicTune Premium\MagicTune.exe
    3448 C:\Windows\System32\svchost.exe
    3736 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4072 C:\Windows\System32\svchost.exe
    3780 C:\Windows\System32\svchost.exe
    5116 C:\Windows\System32\svchost.exe
    3096 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    4200 C:\Windows\Program Files (x86)\Java\jre6\bin\javaw.exe
    2604 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    4788 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    2084 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    1544 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    2284 C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
    4032 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    2436 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    4424 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    2852 C:\Windows\System32\SearchIndexer.exe
    4648 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    4808 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    4396 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    2728 C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
    3784 C:\Windows\System32\notepad.exe
    4252 MpCmdRun.exe
    1716 C:\Users\Deex\Downloads\RSITx64.exe
     740 WmiPrvSE.exe
    2300 C:\Windows\System32\svchost.exe
    5064 C:\Users\Deex\Downloads\MBRCheck.exe
    4356 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`d3cbae00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000061`a796de00  (NTFS)

PhysicalDrive0 Model Number: ST3640323AS, Rev: SD35    

      Size  Device Name          MBR Status
  --------------------------------------------
    596 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

TDSS Killer Nic nie znalazł.

Mam nadzieje, że tym razem wszystko jest okOczko

dds.scr :
DDS.txt
http://wklej.org/id/461283/
Attach.txt.
http://wklej.org/id/461284/

OTL :

OTL.txt
http://wklej.org/id/461286/
Extras.txt
http://wklej.org/id/461287/
 System operacyjny: windows_seven Przeglądarka: chrome
#4
RE: Trojan - Logi ( Hijackthis, Silentrunners )
Ustawiałeś proxy w Firefoxie ?
Utwórz nowy punkt przywracania systemu.
Uruchom OTL i wklej do niego:

Kod:
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542
O4 - HKLM..\Run: [conhost] C:\Users\Deex\AppData\Roaming\Microsoft\conhost.exe ()
F3:[b]64bit:[/b] - HKCU WinNT: Load - (C:\Users\Deex\AppData\Local\Temp\csrss.exe) - C:\Users\Deex\AppData\Local\Temp\csrss.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Deex\AppData\Local\Temp\csrss.exe) - C:\Users\Deex\AppData\Local\Temp\csrss.exe ()
O20 - HKCU Winlogon: Shell - (C:\Users\Deex\AppData\Roaming\dwm.exe) - C:\Users\Deex\AppData\Roaming\dwm.exe ()
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:63238B95

:Files
C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\toolbar@ask.com
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
C:\Users\Deex\AppData\Roaming\dwm.exe.vir
C:\Users\Deex\AppData\Roaming\dwm.exe
C:\Users\Deex\AppData\Roaming\Microsoft\conhost.exe
C:\Users\Deex\AppData\Local\Temp\csrss.exe

:Commands
[emptytemp]
[reboot]
wciśnij wykonaj skrypt.
Pokaż log z usuwania przez OTL, następnie pokaż nowy log z OTL i RSIT64.

Użyj SystemLook.exe (wersja 64-bitowa):
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
i wklej do niego:
Kod:
:regfind
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
Ask.com
Ask Toolbar

:filefind
csrss*
dwm*
conhost*

:file
C:\Windows\system32\DRIVERS\vms3cap.sys
C:\Windows\SysWOW64\snmvtsvc.exe
c:\Users\Deex\AppData\Roaming\FC38.E16

:dir
C:\Users\Deex\AppData\Roaming\Microsoft
c:\Users\Deex\AppData\Roaming\FC38.E16

:contents
C:\Windows\tasks\Driver Fetch.job
C:\Windows\tasks\Registry Victor Schedule.job
wciśnij look i pokaż co wyskoczy.
Nie odpowiadam w tematach z działu 'Bezpieczeństwo', w których brakuje pełnego zestawu logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Jeżeli prowadziłem wątek i w nim nie odpowiadam przez 3 dni-proszę o przypomnienie na PW.
Nie pomagam na PW.
Prośba o przetestowanie aplikacji: http://forum.pcformat.pl/Prosba-o-przete...L-OpenGL-t
 System operacyjny: linux Przeglądarka: firefox
#5
RE: Trojan - Logi ( Hijackthis, Silentrunners )
Właśnie jest problem bo musiałem dzisiaj rano zmienić bo mi net nie działał.
Teraz zauważyłem, że komputer nie rozpoznaje co ma jakim programem otwierać ...
Dzięki za pomoc, zabieram się do roboty z tym co wysłałeś i w tym poście albo kolejnym napisze czy pomogło.

EDIT :
Zrobiłem jak kazałeś, po wklejeniu skryptu wyszło coś takiego :
Kod:
SystemLook 04.09.10 by jpshortstuff
Log created at 18:04 on 21/01/2011 by Deex
Administrator - Elevation successful

========== regfind ==========

Searching for "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}]
[HKEY_USERS\S-1-5-21-2393284768-505288345-4158682497-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}]

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Ask Toolbar"
No data found.

========== filefind ==========

Searching for "csrss*"
C:\Users\Deex\AppData\Local\Temp\csrss.exe    --a---- 176128 bytes    [22:15 20/01/2011]    [22:15 20/01/2011] (Unable to calculate MD5)
C:\Windows\System32\csrss.exe    --a---- 7680 bytes    [23:19 13/07/2009]    [01:39 14/07/2009] 60C2862B4BF0FD9F582EF344C2B1EC72
C:\Windows\System32\pl-PL\csrss.exe.mui    --a---- 2048 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 3D1296096B537D9DA0A99A73B1255E95
C:\Windows\SysWOW64\pl-PL\csrss.exe.mui    --a---- 2048 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 6229A99A21298AABAE3635EA37A97A5B
C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_35ce489e694c0f67\csrss.exe.mui    --a---- 2048 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 3D1296096B537D9DA0A99A73B1255E95
C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe    --a---- 7680 bytes    [23:19 13/07/2009]    [01:39 14/07/2009] 60C2862B4BF0FD9F582EF344C2B1EC72
C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_d9afad1ab0ee9e31\csrss.exe.mui    --a---- 2048 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 6229A99A21298AABAE3635EA37A97A5B

Searching for "dwm*"
C:\Windows\PolicyDefinitions\DWM.admx    --a---- 7656 bytes    [21:01 10/06/2009]    [21:01 10/06/2009] 2739EC7AE90B69F6295E1FAD8F01C966
C:\Windows\PolicyDefinitions\pl-PL\DWM.adml    --a---- 5003 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 8DA3E76052686BD645184FDE9F4536E1
C:\Windows\System32\dwm.exe    --a---- 120320 bytes    [23:37 13/07/2009]    [01:39 14/07/2009] F162D5F5E845B9DC352DD1BAD8CEF1BC
C:\Windows\System32\dwmapi.dll    --a---- 82432 bytes    [23:37 13/07/2009]    [01:40 14/07/2009] DA1B7075260F3872585BFCDD668C648B
C:\Windows\System32\dwmcore.dll    --a---- 1634304 bytes    [23:39 13/07/2009]    [01:40 14/07/2009] 9D8AB964CE511AF81207DF0E1205184C
C:\Windows\System32\dwmredir.dll    --a---- 128512 bytes    [23:37 13/07/2009]    [01:40 14/07/2009] EF184066A851E7838D5BF8C8FAE66CC4
C:\Windows\System32\pl-PL\dwm.exe.mui    --a---- 17408 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] E737267347471DA68E4F60820C77B929
C:\Windows\System32\pl-PL\dwmapi.dll.mui    --a---- 2560 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 4B6681BDD8E98A753D47730C715E8AC5
C:\Windows\System32\pl-PL\dwmcore.dll.mui    --a---- 3072 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 3CDD43EBA5F302E3D28FA53C9A9D462C
C:\Windows\System32\pl-PL\dwmredir.dll.mui    --a---- 2560 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] CB5FD4CE835554D70429826EB46205E6
C:\Windows\SysWOW64\dwmapi.dll    --a---- 67072 bytes    [23:24 13/07/2009]    [01:15 14/07/2009] 39C5F32747B3414D1BB216FDB1DEFC58
C:\Windows\SysWOW64\dwmcore.dll    --a---- 1370624 bytes    [23:25 13/07/2009]    [01:15 14/07/2009] 60CC965A89E2072EBD26D63D5E1E1D18
C:\Windows\winsxs\amd64_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.1.7600.16385_none_3c03d63459ae619b\dwmapi.dll    --a---- 82432 bytes    [23:37 13/07/2009]    [01:40 14/07/2009] DA1B7075260F3872585BFCDD668C648B
C:\Windows\winsxs\amd64_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.1.7600.16385_none_3c03d63459ae619b\dwmcore.dll    --a---- 1634304 bytes    [23:39 13/07/2009]    [01:40 14/07/2009] 9D8AB964CE511AF81207DF0E1205184C
C:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_0536794243abdb5c\dwm.exe.mui    --a---- 17408 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] E737267347471DA68E4F60820C77B929
C:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_0536794243abdb5c\dwmapi.dll.mui    --a---- 2560 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 4B6681BDD8E98A753D47730C715E8AC5
C:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_0536794243abdb5c\dwmcore.dll.mui    --a---- 3072 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 3CDD43EBA5F302E3D28FA53C9A9D462C
C:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_0536794243abdb5c\dwmredir.dll.mui    --a---- 2560 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] CB5FD4CE835554D70429826EB46205E6
C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7600.16385_none_e99885bbd6e301de\dwm.exe    --a---- 120320 bytes    [23:37 13/07/2009]    [01:39 14/07/2009] F162D5F5E845B9DC352DD1BAD8CEF1BC
C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7600.16385_none_e99885bbd6e301de\dwmredir.dll    --a---- 128512 bytes    [23:37 13/07/2009]    [01:40 14/07/2009] EF184066A851E7838D5BF8C8FAE66CC4
C:\Windows\winsxs\amd64_microsoft-windows-dwm-adm.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_8c23b0afab58890c\DWM.adml    --a---- 5003 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] 8DA3E76052686BD645184FDE9F4536E1
C:\Windows\winsxs\amd64_microsoft-windows-dwm-adm_31bf3856ad364e35_6.1.7600.16385_none_9fc006a1b57beb3a\DWM.admx    --a---- 7656 bytes    [21:01 10/06/2009]    [21:01 10/06/2009] 2739EC7AE90B69F6295E1FAD8F01C966
C:\Windows\winsxs\x86_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.1.7600.16385_none_dfe53ab0a150f065\dwmapi.dll    --a---- 67072 bytes    [23:24 13/07/2009]    [01:15 14/07/2009] 39C5F32747B3414D1BB216FDB1DEFC58
C:\Windows\winsxs\x86_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.1.7600.16385_none_dfe53ab0a150f065\dwmcore.dll    --a---- 1370624 bytes    [23:25 13/07/2009]    [01:15 14/07/2009] 60CC965A89E2072EBD26D63D5E1E1D18

Searching for "conhost*"
C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf    --a---- 20518 bytes    [23:23 20/01/2011]    [17:05 21/01/2011] AD8CF19551C921141FAB8B1FE3BB0376
C:\Windows\System32\conhost.exe    --a---- 338432 bytes    [23:38 13/07/2009]    [01:39 14/07/2009] F64E8258351E501AA065AC499530367C
C:\Windows\System32\pl-PL\conhost.exe.mui    --a---- 3584 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] E74E64AB03A4646732E2F0C8F10A083A
C:\Windows\winsxs\amd64_microsoft-windows-consolehost.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_7164df14d92c04b0\conhost.exe.mui    --a---- 3584 bytes    [17:55 14/07/2009]    [17:55 14/07/2009] E74E64AB03A4646732E2F0C8F10A083A
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16385_none_d050b8f81bcacc5a\conhost.exe    --a---- 338432 bytes    [23:38 13/07/2009]    [01:39 14/07/2009] F64E8258351E501AA065AC499530367C

========== file ==========

C:\Windows\system32\DRIVERS\vms3cap.sys - File found and opened.
MD5: 88AF6E02AB19DF7FD07ECDF9C91E9AF6
Created at 18:08 on 14/07/2009
Modified at 23:42 on 13/07/2009
Size: 6656 bytes
Attributes: --a----
FileDescription: Microsoft S3 Emulated Device Cap Driver
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
ProductVersion: 6.1.7600.16385
OriginalFilename: vms3cap.sys
InternalName: vms3cap.sys
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

C:\Windows\SysWOW64\snmvtsvc.exe - File found and opened.
MD5: 5F07CBF04D004CBD4CBA63235C0A614E
Created at 19:28 on 19/11/2010
Modified at 18:35 on 31/08/2010
Size: 245760 bytes
Attributes: --a----
FileDescription: SMServer
FileVersion: 2,2010,218
ProductVersion: 2,2010,218
OriginalFilename: SMServer.exe
InternalName: SMServer.exe
ProductName: SMServer
CompanyName: SMServer
LegalCopyright: (c) SMServer

c:\Users\Deex\AppData\Roaming\FC38.E16 - File found and opened.
MD5: 48A7D88BE4E7879FD1086D5D95685467
Created at 22:14 on 20/01/2011
Modified at 00:46 on 21/01/2011
Size: 3720 bytes
Attributes: --a----
No version information available.

========== dir ==========

C:\Users\Deex\AppData\Roaming\Microsoft - Parameters: "(none)"

---Files---
None found.

---Folders---
AddIns    d------    [17:21 19/04/2010]
CLR Security Config    d------    [13:38 29/06/2010]
CLView    d------    [19:53 29/07/2010]
Credentials    d---s--    [20:46 20/03/2010]
Crypto    d---s--    [11:19 21/03/2010]
Document Building Blocks    d------    [17:49 27/04/2010]
eHome    d------    [14:39 12/04/2010]
Excel    d------    [11:17 05/05/2010]
HTML Help    d------    [10:02 22/06/2010]
IdentityCRL    d------    [20:12 19/04/2010]
Installer    d------    [19:53 23/03/2010]
Internet Explorer    d------    [20:45 20/03/2010]
MMC    d------    [13:32 24/03/2010]
Network    d------    [20:46 20/03/2010]
Office    d------    [17:21 19/04/2010]
PowerPoint    d------    [19:33 19/04/2010]
Proof    d------    [17:49 27/04/2010]
Protect    d---s--    [20:46 20/03/2010]
Speech    d------    [12:05 21/03/2010]
SystemCertificates    d---s--    [20:51 20/03/2010]
Templates    d------    [17:21 19/04/2010]
UProof    d------    [17:22 19/04/2010]
Windows    d------    [20:45 20/03/2010]
Windows Photo Viewer    d------    [15:56 25/03/2010]
Word    d------    [17:49 27/04/2010]

c:\Users\Deex\AppData\Roaming\FC38.E16 - Unable to find folder.

========== contents ==========

C:\Windows\tasks\Driver Fetch.job - Opened succesfully.

â[Ù}{Ý+L¢<E^ru=¿F<<
s€ €!ÛŽ<C:\Program Files (x86)\Driver Fetch\2.3.0.5\DriverFetch.exe--scan --stack=from-scheduler    Blitware
Driver Fetch0Ø

C:\Windows\tasks\Registry Victor Schedule.job - Opened succesfully.

­Í 9+ÝE [PÊÑG¶Fx<
s€Á €!ÛÏ:C:\Program Files (x86)\Victor Registry\RegistryVictor.exe(C:\Program Files (x86)\Victor Registry\Deex'Run Registry Victor at Scheduled Time.0Ú@

-= EOF =-

Jeśli to pomoże to powiem, że ESET usunął jakiegoś trojana.

Zaraz podam nowe logi tylko uruchomię ponownie komputerOczko

EDIT :
Po uruchomieniu ponownie komputera wyświetlił się kolejny log :
Kod:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\conhost not found.
File C:\Users\Deex\AppData\Roaming\Microsoft\conhost.exe not found.
C:\Users\Deex\AppData\Local\Temp\csrss.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Deex\AppData\Local\Temp\csrss.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Deex\AppData\Roaming\dwm.exe deleted successfully.
C:\Users\Deex\AppData\Roaming\dwm.exe moved successfully.
ADS C:\ProgramData\TEMP:63238B95 deleted successfully.
========== FILES ==========
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\searchplugin scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\lib scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\toolbar@ask.com scheduled to be moved on reboot.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Users\Deex\AppData\Roaming\dwm.exe.vir moved successfully.
File\Folder C:\Users\Deex\AppData\Roaming\dwm.exe not found.
File\Folder C:\Users\Deex\AppData\Roaming\Microsoft\conhost.exe not found.
File\Folder C:\Users\Deex\AppData\Local\Temp\csrss.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Deex
->Temp folder emptied: 2668987 bytes
->Temporary Internet Files folder emptied: 66072 bytes
->Java cache emptied: 820281 bytes
->FireFox cache emptied: 55296003 bytes
->Google Chrome cache emptied: 286271587 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1031 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15837 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85396 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 329,00 mb


OTL by OldTimer - Version 3.2.20.3 log created on 01212011_180626

Files\Folders moved on Reboot...
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\searchplugin scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\lib scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\searchplugin scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\lib scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} scheduled to be moved on reboot.
Folder move failed. C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\toolbar@ask.com scheduled to be moved on reboot.
C:\Users\Deex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Następnie wykonałem kolejny log
Kod:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Deex at 2011-01-21 18:16:47
Microsoft Windows 7 Ultimate  
System drive C: has 104 GB (52%) free of 200 GB
Total RAM: 4094 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:17:12, on 2011-01-21
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Common Files (x86)\Java\Java Update\jusched.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe
C:\Users\Deex\Downloads\OTL.exe
C:\Program Files\trend micro\Deex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:64141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Windows\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Windows\Common Files (x86)\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Usuga stanu ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSService - Unknown owner - C:\Windows\SysWOW64\GSService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMServer - SMServer - C:\Windows\SysWOW64\snmvtsvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Usługa udostępniania w sieci programu Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10043 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
/QuitInfo:00000000000004CC;00000000000004D0;  /AddRef;
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe"
"C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe"
"taskhost.exe"
"C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
/QuitInfo:00000000000001EC;000000000000020C;  /AddRef;
"C:\Windows\system32\Dwm.exe"
/QuitInfo:0000000000000198;0000000000000468;  
C:\Windows\Explorer.EXE
/loadhooks /Parent:00000000000004B0
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
WTablet\Pen_TabletUser.exe
Pen_Tablet.exe au
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Windows\WindowsMobile\wmdc.exe"
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Windows\Common Files (x86)\Java\Java Update\jusched.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\MagicTune Premium\MagicTune.exe"
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.0258CA80.1544457923 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Deex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll" --lang=pl --plugin-data-dir="C:\Users\Deex\AppData\Local\Google\Chrome\User Data\Default" --channel=3120.0A48764C.2062471002 /prefetch:4
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.075CD780.524612439 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.075CD900.936833709 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.075CDA80.1485352916 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.075CDC00.1921028471 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.03617780.1341515831 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.03617600.1038901771 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.03604600.2145685977 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.02530780.1363986270 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.02530900.2095261202 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.0A668D80.410054884 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3120.0A668A80.1656992721 /prefetch:3
"C:\Users\Deex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Deex\AppData\Local\Google\Chrome\Application\8.0.552.237\gcswf32.dll" --lang=pl --plugin-data-dir="C:\Users\Deex\AppData\Local\Google\Chrome\User Data\Default" --channel=3120.0A64F04C.283115366 /prefetch:4
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Gadu-Gadu 10\gg.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2393284768-505288345-4158682497-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2393284768-505288345-4158682497-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"  "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Deex\Downloads\RSITx64 (1).exe"
"C:\Users\Deex\Downloads\OTL.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Driver Fetch.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2393284768-505288345-4158682497-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2393284768-505288345-4158682497-1000UA.job
C:\Windows\tasks\Registry Victor Schedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Windows\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-01-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} -

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MagicTuneEngine"=C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [2009-06-15 24064]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-22 10081312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2916584]
"TNOD UP"=C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe [2010-04-01 1811968]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Windows\Common Files (x86)\Java\Java Update\jusched.exe [2010-05-14 248552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-21 18:06:26 ----D---- C:\_OTL
2011-01-21 09:47:59 ----A---- C:\TDSSKiller.2.4.14.0_21.01.2011_09.47.59_log.txt
2011-01-21 09:47:04 ----D---- C:\Program Files\trend micro
2011-01-21 09:47:03 ----D---- C:\rsit
2011-01-21 00:24:09 ----D---- C:\Windows\Common Files (x86)
2011-01-21 00:23:52 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-01-21 00:23:44 ----D---- C:\Windows\Program Files (x86)
2011-01-20 23:50:45 ----D---- C:\Program Files\Trojan Remover
2011-01-20 23:16:46 ----A---- C:\Windows\SYSWOW64\zlib.dll
2011-01-20 23:16:45 ----D---- C:\Program Files (x86)\SoftprojectGP
2011-01-18 20:17:49 ----D---- C:\Windows\WindowsMobile
2011-01-15 19:04:01 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2011-01-15 18:59:15 ----D---- C:\ProgramData\ESET
2011-01-15 18:59:15 ----D---- C:\Program Files\ESET
2011-01-15 18:15:22 ----D---- C:\Program Files (x86)\Lavalys
2011-01-14 09:38:59 ----D---- C:\Program Files (x86)\IZArc
2011-01-01 11:57:52 ----A---- C:\Windows\system32\drivers\pavboot64.sys
2011-01-01 11:56:22 ----D---- C:\Program Files (x86)\Panda Security

======List of files/folders modified in the last 1 months======

2011-01-21 18:17:12 ----D---- C:\Windows\Temp
2011-01-21 18:16:54 ----D---- C:\Windows\Prefetch
2011-01-21 18:13:03 ----D---- C:\Users\Deex\AppData\Roaming\WTablet
2011-01-21 18:12:51 ----D---- C:\Windows
2011-01-21 18:00:45 ----SHD---- C:\System Volume Information
2011-01-21 14:05:21 ----D---- C:\Program Files (x86)\Gadu-Gadu 10
2011-01-21 14:05:09 ----D---- C:\Windows\System32
2011-01-21 14:05:09 ----D---- C:\Windows\inf
2011-01-21 14:05:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-21 11:11:09 ----SD---- C:\Users\Deex\AppData\Roaming\Microsoft
2011-01-21 10:01:53 ----D---- C:\Windows\system32\catroot2
2011-01-21 09:47:59 ----D---- C:\Windows\system32\drivers
2011-01-21 09:47:04 ----RD---- C:\Program Files
2011-01-21 09:42:21 ----SHD---- C:\Windows\Installer
2011-01-21 09:42:21 ----HD---- C:\Config.Msi
2011-01-21 09:42:21 ----D---- C:\ProgramData\Microsoft Help
2011-01-21 01:12:30 ----D---- C:\Windows\system32\config
2011-01-21 00:24:07 ----D---- C:\Program Files (x86)\Common Files
2011-01-21 00:23:52 ----D---- C:\Windows\SysWOW64
2011-01-21 00:23:45 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-01-21 00:23:45 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-01-21 00:23:45 ----A---- C:\Windows\SYSWOW64\java.exe
2011-01-20 23:55:20 ----HD---- C:\ProgramData
2011-01-20 23:55:07 ----D---- C:\Windows\tracing
2011-01-20 23:24:37 ----D---- C:\Windows\Panther
2011-01-20 23:24:37 ----D---- C:\Windows\Logs
2011-01-20 23:24:37 ----D---- C:\Users\Deex\AppData\Roaming\uTorrent
2011-01-20 23:24:37 ----D---- C:\Users\Deex\AppData\Roaming\ipla
2011-01-20 23:24:36 ----D---- C:\SB4_DEMO
2011-01-20 23:24:34 ----D---- C:\ProgramData\FLEXnet
2011-01-20 23:24:34 ----D---- C:\Program Files (x86)\PC Inspector File Recovery
2011-01-20 23:24:34 ----D---- C:\Program Files (x86)\NAPI-PROJEKT
2011-01-20 23:24:34 ----D---- C:\Program Files (x86)\JDownloader
2011-01-20 23:24:34 ----D---- C:\Program Files (x86)\DrmRemoval
2011-01-20 23:24:33 ----D---- C:\Program Files\WinRAR
2011-01-20 23:16:45 ----RD---- C:\Program Files (x86)
2011-01-20 14:56:14 ----D---- C:\Users\Deex\AppData\Roaming\Media Player Classic
2011-01-19 21:26:35 ----D---- C:\Users\Deex\AppData\Roaming\Winamp
2011-01-18 20:35:23 ----D---- C:\WTablet
2011-01-18 20:18:49 ----D---- C:\Windows\system32\LogFiles
2011-01-18 20:17:44 ----D---- C:\Windows\system32\catroot
2011-01-18 20:17:39 ----D---- C:\Windows\system32\DriverStore
2011-01-18 15:31:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-01-15 18:53:33 ----D---- C:\Windows\system32\Tasks
2011-01-12 15:50:45 ----D---- C:\ProgramData\OpenFM
2011-01-01 12:01:45 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-30 10:39:34 ----D---- C:\Program Files\Autodesk
2010-12-26 18:16:02 ----D---- C:\Users\Deex\AppData\Roaming\Gadu-Gadu 10
2010-12-24 19:12:47 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2010-04-03 347336]
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2008-11-04 23096]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/03 23:42:00]; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-28 146928]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-07-16 35344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-03 6366720]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-03 186880]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 DrmRAudio;DrmRAudio; C:\Windows\system32\drivers\DrmRAudio.sys [2010-09-01 33848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-22 2271648]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 18216]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12848]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2008-08-18 15272]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 12976]
S0 sptd;sptd; C:\Windows\system32\drivers\sptd.sys []
S2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-03 6366720]
S3 BDFM;BDFM; C:\Windows\system32\DRIVERS\bdfm.sys [2010-04-03 163936]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-04-06 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-04-06 27176]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\Windows\system32\DRIVERS\s1039bus.sys [2010-03-15 127600]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 19568]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 161904]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 141424]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 34416]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1039obex.sys [2010-03-15 137328]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1039unic.sys [2010-03-15 158320]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ST330;ST330; C:\Windows\system32\DRIVERS\st330.sys [2010-03-20 47616]
S3 STBUS;STBUS; C:\Windows\system32\DRIVERS\stbus.sys [2010-03-20 24576]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver; C:\Windows\system32\DRIVERS\steth.sys [2010-03-20 58880]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;Sterownik WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-03 202752]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-03-21 79360]
R2 Bonjour Service;Usługa Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]
R2 EmmaDevMgmtSvc;Emma Device Management; C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe [2010-08-24 403064]
R2 EmmaUpdMgmtSvc;Emma Update Management; C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe [2010-08-24 193656]
R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit; C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [2008-12-11 3589416]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2010-08-27 8192]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-11 405920]
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe /service []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
S3 aspnet_state;Usuga stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 42360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-21 655624]
S3 GSService;GSService; C:\Windows\SysWOW64\GSService.exe [2010-08-31 348160]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SMServer;SMServer; C:\Windows\SysWOW64\snmvtsvc.exe [2010-08-31 245760]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------
Kolejny LOG OTL po wszystkich czynnościach
http://wklej.org/id/461514/

Extras.txt nie zrobił się .. robię od początku log.
Extras dalej się nie zrobił .. To co udało mi się zrobić to wystawiłem.
 System operacyjny: windows_seven Przeglądarka: chrome
#6
RE: Trojan - Logi ( Hijackthis, Silentrunners )
Cytat:Właśnie jest problem bo musiałem dzisiaj rano zmienić bo mi net nie działał.
Teraz zauważyłem, że komputer nie rozpoznaje co ma jakim programem otwierać ...

Powoli...czy to się stało przed wykonaniem poleceń z postu 4 czy dopiero po ?

Cytat:Teraz zauważyłem, że komputer nie rozpoznaje co ma jakim programem otwierać ...
Czy teraz wszystko działa czy coś jeszcze trzeba poprawić ?

Zamknij Firefoxa i usuń ręcznie foldery:
Kod:
C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
C:\Users\Deex\AppData\Roaming\mozilla\Firefox\Profiles\ncy5t62y.default\extensions\toolbar@ask.com
C:\Users\Deex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool

Ustawiałeś w IE oraz Firefoxie proxy?

W OTL wybierz Sprzątanie.

Przeskanuj komputer za pomocą MBAM, DrWebCureIt oraz NOD-em.
Jeśli narzędzia coś znajdą - pokaż z nich raporty.
Nie odpowiadam w tematach z działu 'Bezpieczeństwo', w których brakuje pełnego zestawu logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Jeżeli prowadziłem wątek i w nim nie odpowiadam przez 3 dni-proszę o przypomnienie na PW.
Nie pomagam na PW.
Prośba o przetestowanie aplikacji: http://forum.pcformat.pl/Prosba-o-przete...L-OpenGL-t
 System operacyjny: linux Przeglądarka: firefox
#7
RE: Trojan - Logi ( Hijackthis, Silentrunners )
Pliki usunięte, proxy nie ustawiałem.
MBAM znalazł zagrożenia, ale pokazał, że wszystko usunął z powodzeniem.


To, że coś się nie otwierało to była wina czyszczenia rejestru programem CleanGP.
Przywróciłem kopie i zaczęło wszystko działać.

Jest jedynie problem z Daemon Tools, wyskakuje błąd :
Ten program wymaga przynajmniej systemu Windows 2000 oraz SPTD w wersji 1.60 lub wyżej. Debugger jądra musi zostać wyłączony.
 System operacyjny: windows_seven Przeglądarka: chrome
#8
RE: Trojan - Logi ( Hijackthis, Silentrunners )
Do notatnika wklej:

Kod:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-
i zapisz jako fix.reg
Dwuklik na fix.reg i import do rejestru.

W Firefoxie zresetuj poniższe wartości:
Kod:
network.proxy.http
network.proxy.http_port
network.proxy.type

Cytat:MBAM znalazł zagrożenia, ale pokazał, że wszystko usunął z powodzeniem.
To pokaż, co znalazł...

Usuń ręcznie plik:
c:\Users\Deex\AppData\Roaming\FC38.E16
jeśli się jeszcze został.

Pokaż nowy log z OTL.

Użyj SystemLook.exe i wklej do niego:
Kod:
:dir
%AppData%\Microsoft\Windows
%AppData%

:filefind
shell.exe
wciśnij look i pokaż co wyskoczy.

Zdecyduj się, który program antywirusowy chcesz używać - NODa czy BitDefender. Jeden z programów antywirusowych powinien zostać odinstalowany.
Zaktualizuj Adobe Reader.

Cytat:Jest jedynie problem z Daemon Tools, wyskakuje błąd :
Ten program wymaga przynajmniej systemu Windows 2000 oraz SPTD w wersji 1.60 lub wyżej. Debugger jądra musi zostać wyłączony.
Odinstaluj Daemon Tools i usuń sterownik sptd.sys jeśli nadal jest:
http://www.fixitpc.pl/forum-6/announceme...ce-napedy/
Następnie próbuj zainstalować nowszą wersję Daemon Tools'a.

Być może zajdzie potrzeba samodzielnej instalacji sterownika sptd.sys:
http://www.duplexsecure.com/en/downloads
Nie odpowiadam w tematach z działu 'Bezpieczeństwo', w których brakuje pełnego zestawu logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Jeżeli prowadziłem wątek i w nim nie odpowiadam przez 3 dni-proszę o przypomnienie na PW.
Nie pomagam na PW.
Prośba o przetestowanie aplikacji: http://forum.pcformat.pl/Prosba-o-przete...L-OpenGL-t
 System operacyjny: windows_xp_2003 Przeglądarka: seamonkey
#9
RE: Trojan - Logi ( Hijackthis, Silentrunners )[Windows Tools 2011]
Mam problem, prawdopodobnie przez te wszystkie logi czy coś.
Jeśli chodzi o Deamon Tools to pomogło.
Większość stron internetowych działa mi poprawnie ale np. :
http://www.pkobp.pl
+
jakieś forum nie działają, nie jest to wina przeglądarki bo sprawdzałem w kilku ..
Wyskakuje w Google Chrome :

Kod:
Oops! Google Chrome could not find www.pkobp.pl
Try reloading: www.­pkobp.­pl
Additional suggestions:
Access a cached copy of www.­pkobp.­pl
Search on Google:

W Mozilli :

Kod:
Nie odnaleziono serwera

      

      
      
      

      
        
        

          

Firefox nie może odnaleźć serwera www.pkobp.pl.

        


        
        


    *   Sprawdź, czy adres nie zawiera literówek jak np.
          ww.example.com zamiast
          www.example.com

    *   Jeśli nie można otworzyć żadnej strony, należy sprawdzić swoje połączenie sieciowe.

    *   Jeśli komputer użytkownika jest chroniony przez zaporę sieciową lub serwer proxy, należy sprawdzić, czy program Firefox jest uprawniony do łączenia się z Internetem.



Serwerów proxy nie ustawiałem .. nie jest to wina tylko mojego komputera bo u siostry ( mamy podzielony net przez ruter ) też nie działa ..
Co to może być ?

Jeszcze przeglądając internet pojawia sie czsami Java/Trojandownloader ... i pokazuje ze NOD zablokował jakiegoś trojana ..
 System operacyjny: windows_seven Przeglądarka: chrome
#10
RE: Trojan - Logi ( Hijackthis, Silentrunners )[Windows Tools 2011]
Pokaż zatem nowy zestaw logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t

Czy problem ze stroną banku wystąpił już przed 23 stycznia, 23 stycznia czy później (skoro piszesz dopiero teraz) ?
Czy wykonałeś polecenia z postu 8 ? - jakoś tego nie widzę...
Nie odpowiadam w tematach z działu 'Bezpieczeństwo', w których brakuje pełnego zestawu logów:
http://forum.pcformat.pl/WAZNE-Jak-zaloz...ec-WAZNE-t
Jeżeli prowadziłem wątek i w nim nie odpowiadam przez 3 dni-proszę o przypomnienie na PW.
Nie pomagam na PW.
Prośba o przetestowanie aplikacji: http://forum.pcformat.pl/Prosba-o-przete...L-OpenGL-t
 System operacyjny: windows_xp_2003 Przeglądarka: seamonkey
Programy: Polecane / Nowe / Inne



Użytkownicy forum szukali:
tablet sie nie uruchia blad crashdmp.sysusgthrsvc

Podobne wątki (Trojan - Logi ( Hijackthis, Silentrunners )[Windows Tools 2011])
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Proszę o sprawdzenie logów Hijackthis i OTL maja0078 24 5412 27.07.2017, 17:37
Ostatni post: ~Anonim
  Logi - Windows 10 Nie Reaguje Na Nic artixx780 6 1162 27.01.2017, 23:37
Ostatni post: broda99
  Zainfekowanie laptopa? Trojan:Win32/Rundas!plock Av3nida 2 1542 04.08.2016, 18:54
Ostatni post: Av3nida

Skocz do:


Wybrane wątki (Trojan - Logi ( Hijackthis, Silentrunners )[Windows Tools 2011])
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Zawieszanie się komputera - logi kapustj 7 2836 07.03.2019 22:58
Ostatni post: Illidan
  Sprawdzenie logów SCLAWLER 8 1984 26.02.2019 19:26
Ostatni post: Juntao
  Proszę o sprawdzenie logów Naver 5 2066 17.02.2019 22:49
Ostatni post: Juntao
  Prośba o sprawdzenie loga ricardo59 2 2292 20.01.2019 18:00
Ostatni post: ricardo59
  wyskakujące okna cmd lukki 5 2340 18.01.2019 13:08
Ostatni post: morderca
  Win7 - wolny komp, problem z programem Delphi Cars - Prosze o sprawdzenie loga z FRST jkazan 9 2737 08.01.2019 23:12
Ostatni post: Pittakos
  prośba sprawdzenia logów - wyskakujące strony manyy 1 2382 20.12.2018 00:48
Ostatni post: morderca
  System nie może odnaleźć plików adrianek81 3 2830 29.11.2018 18:06
Ostatni post: morderca
  prośba o sprawdzenie logów, problem z wyskakującą stroną Idealis 5 2642 20.11.2018 20:48
Ostatni post: morderca
  Prośba o sprawdzenie logów ricardo59 2 2416 20.11.2018 18:15
Ostatni post: ricardo59
  Prośba o sprawdzenie logów. Cruzen 11 4282 16.11.2018 07:37
Ostatni post: morderca
  Prośba o sprawdzenie logów tomekg56 1 2295 14.11.2018 22:41
Ostatni post: morderca
  zamulony laptop - logi robert14-83 1 2634 12.11.2018 21:21
Ostatni post: morderca
  Komputer samoczynnie sie wyłącza i troche zamula. Vesiga 4 2537 03.11.2018 16:38
Ostatni post: Vesiga
  Yahoo, prośba o sprawdzenie logów Bobson1337 3 2711 08.10.2018 11:14
Ostatni post: morderca