REKLAMA

paczka2.zip

Win7 - Avast wykrywa w pliku svchost.exe zarażenie wirusem Dyna:Fake-Sys

W TDSSKillerze skopiowałem cały log Ctrl+A i Ctrl+C. Java rano nie działała, zupdatowałem ją po napisaniu poprzedniego posta.

Pobierz plik - link do postu

paczka2.zip
- OTL2.Txt
- 02122013_191817.log

paczka2.zip > OTL2.Txt

OTL logfile created on: 2013-02-12 19:19:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Czyszczenie
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 32,32% Memory free
6,50 Gb Paging File | 4,18 Gb Available in Paging File | 64,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96,19 Gb Total Space | 3,78 Gb Free Space | 3,93% Space Free | Partition Type: NTFS
Drive D: | 602,35 Gb Total Space | 45,64 Gb Free Space | 7,58% Space Free | Partition Type: NTFS

Computer Name: USER-KOMPUTER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-02-08 12:11:43 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-01-15 16:25:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Czyszczenie\OTL.exe
PRC - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-12-08 17:28:31 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-11-01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2012-11-01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2012-11-01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- D:\Program Files\VMware Player\vmware-authd.exe
PRC - [2012-10-30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-10-11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2012-10-02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012-10-02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012-10-02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-12-02 15:36:26 | 001,200,128 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2010-12-02 15:31:32 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2010-11-20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010-07-04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010-06-10 13:42:44 | 002,621,440 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010-03-09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010-03-09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010-03-05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010-01-25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009-09-23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-05-18 01:43:36 | 001,409,024 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009-05-05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009-04-02 05:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009-02-18 15:31:56 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-02-08 12:36:08 | 014,586,736 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013-02-08 12:11:58 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013-02-08 12:11:58 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013-02-08 12:11:58 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013-02-08 12:11:58 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013-02-08 12:11:57 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2013-02-08 12:11:57 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013-02-08 12:11:57 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013-02-08 12:11:57 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013-02-08 12:11:57 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013-02-08 12:11:57 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013-02-08 12:11:57 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013-02-08 12:11:57 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013-01-09 21:08:18 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2009-05-15 09:43:56 | 047,607,808 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009-05-07 09:53:18 | 000,106,496 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009-05-07 09:50:46 | 000,073,728 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2009-02-27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008-02-14 06:57:00 | 000,094,208 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013-02-09 12:48:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-02-08 12:36:08 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-11-01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012-11-01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2012-11-01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- D:\Program Files\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-10-11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012-10-02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-10-02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-06-03 18:46:21 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-07-04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010-03-09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010-01-25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009-09-23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-04-02 05:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009-02-18 15:31:56 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2006-02-01 23:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006-02-01 23:49:14 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006-02-01 23:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006-02-01 23:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006-02-01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012-12-14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-11-01 02:35:14 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012-11-01 02:34:52 | 000,061,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2012-11-01 02:34:08 | 000,037,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012-11-01 02:34:08 | 000,025,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012-11-01 02:34:08 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012-10-30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-10-30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-10-30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-10-30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-10-30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-10-30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012-10-24 14:16:58 | 000,061,464 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsock.sys -- (vsock)
DRV - [2012-10-24 14:16:50 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2012-10-15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012-10-11 17:15:36 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2012-10-02 23:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-09-20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012-09-20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010-12-18 12:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-27 17:05:39 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010-06-14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010-03-15 10:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010-03-15 10:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic)
DRV - [2010-03-15 10:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV - [2010-03-15 10:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010-03-15 10:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus)
DRV - [2010-03-15 10:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5)
DRV - [2010-03-15 10:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2009-06-30 04:58:26 | 000,089,048 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009-06-09 05:37:08 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009-05-13 12:11:32 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-05-08 04:23:18 | 001,047,552 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008-07-10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007-12-17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2004-07-06 11:27:40 | 000,163,840 | ---- | M] (AVerMedia Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Bt848.sys -- (BT848)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = wyborcza.pl/0,0.html?p=030
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = wyborcza.pl/0,0.html?p=030
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyOverride " = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: " "
FF - prefs.js..browser.search.defaulturl: " "
FF - prefs.js..browser.search.selectedEngine: " Google "
FF - prefs.js..browser.startup.homepage: " onet.pl "
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-05 16:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-02-09 12:48:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-01-20 15:55:04 | 000,000,000 | ---D | M]

[2010-02-05 16:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013-02-10 19:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ih2u4ykw.default\extensions
[2013-02-10 19:26:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ih2u4ykw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013-02-08 22:16:23 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ih2u4ykw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-02-10 19:26:52 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ih2u4ykw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013-01-20 15:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-01-20 15:55:03 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{7d1863b3-3ccb-ba8e-6dc8-c184b53141a9}
[2013-01-20 15:55:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013-01-20 15:55:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2013-02-09 12:48:12 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2006-08-09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2012-01-21 09:08:38 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-01-21 09:08:38 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-01-21 09:08:38 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-01-21 09:08:38 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-01-21 09:08:38 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-01-21 09:08:37 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A68F12BD-F453-4121-A79B-ECC71E8179CE}: DhcpNameServer = 62.179.1.63 62.179.1.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{af35f6df-3e93-11df-be51-806e6f6e6963}\Shell - " " = AutoRun
O33 - MountPoints2\{af35f6df-3e93-11df-be51-806e6f6e6963}\Shell\AutoRun\command - " " = E:\setup.exe
O33 - MountPoints2\{cb8279d7-14a1-11df-b291-90e6ba7d0e28}\Shell - " " = AutoRun
O33 - MountPoints2\{cb8279d7-14a1-11df-b291-90e6ba7d0e28}\Shell\AutoRun\command - " " = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37 - HKLM\...com [@ = comfile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-02-12 13:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-02-12 13:30:39 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-02-12 13:30:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-02-12 13:30:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-02-12 13:30:29 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-02-12 12:52:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013-02-06 12:19:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013-01-26 16:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013-01-26 16:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013-01-23 19:04:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ImgBurn
[2013-01-23 19:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2013-01-23 19:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2013-01-23 18:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2013-01-20 15:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-01-15 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\user\Doctor Web
[2013-01-15 15:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-01-15 15:53:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013-01-15 15:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-01-15 15:53:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[99 C:\*.tmp files - & gt; C:\*.tmp - & gt; ]
[6 C:\Windows\System32\*.tmp files - & gt; C:\Windows\System32\*.tmp - & gt; ]
[2 C:\Windows\*.tmp files - & gt; C:\Windows\*.tmp - & gt; ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-02-12 19:04:37 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013-02-12 18:36:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-02-12 13:30:24 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-02-12 13:30:21 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-02-12 13:30:21 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-02-12 13:30:21 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-02-12 13:30:17 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013-02-12 13:30:17 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013-02-12 13:01:40 | 000,014,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-02-12 13:01:40 | 000,014,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-02-12 12:54:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-12 12:54:00 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-10 14:06:11 | 000,818,848 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-02-10 14:06:11 | 000,731,770 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-02-10 14:06:11 | 000,186,964 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-02-10 14:06:11 | 000,151,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-02-08 12:36:08 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-02-08 12:36:08 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-01-26 16:55:39 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013-01-26 11:54:29 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013-01-26 11:54:29 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013-01-23 17:52:10 | 000,003,133 | ---- | M] () -- C:\Users\user\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2013-01-17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013-01-15 21:10:06 | 000,001,700 | ---- | M] () -- C:\Users\user\AppData\Local\recently-used.xbel
[2013-01-15 18:53:29 | 108,741,808 | ---- | M] () -- C:\Users\user\Desktop\gar3h3hk.exe
[2013-01-15 15:53:24 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[99 C:\*.tmp files - & gt; C:\*.tmp - & gt; ]
[6 C:\Windows\System32\*.tmp files - & gt; C:\Windows\System32\*.tmp - & gt; ]
[2 C:\Windows\*.tmp files - & gt; C:\Windows\*.tmp - & gt; ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-01-26 16:55:39 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013-01-26 11:54:10 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013-01-26 11:54:10 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013-01-23 17:52:10 | 000,003,133 | ---- | C] () -- C:\Users\user\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2013-01-15 21:10:06 | 000,001,700 | ---- | C] () -- C:\Users\user\AppData\Local\recently-used.xbel
[2013-01-15 18:53:49 | 108,741,808 | ---- | C] () -- C:\Users\user\Desktop\gar3h3hk.exe
[2013-01-15 15:53:24 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-01-09 19:46:22 | 000,180,000 | ---- | C] () -- C:\Windows\aaRemove.exe
[2013-01-07 15:32:15 | 000,200,697 | ---- | C] () -- C:\Windows\System32\poclbm121016GeForce 9600 GTv1w256l4.bin
[2012-12-18 14:00:55 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2012-12-18 14:00:55 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012-10-25 08:33:31 | 000,303,616 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2012-06-24 18:03:02 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012-06-24 18:03:02 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012-06-24 18:03:02 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2012-06-24 18:02:53 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012-02-02 16:55:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012-02-02 16:55:31 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012-01-26 14:02:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012-01-26 14:02:32 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012-01-26 14:02:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012-01-09 14:19:30 | 000,007,594 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2011-12-23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011-12-23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011-12-23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011-12-23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011-12-23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011-11-20 19:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-06-08 22:03:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-04-09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010-07-01 06:51:51 | 000,022,328 | ---- | C] () -- C:\Users\user\AppData\Roaming\PnkBstrK.sys
[2010-03-12 19:11:15 | 000,051,200 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-15 19:19:32 | 000,002,683 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.rss

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 08:27:10 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Both

& lt; End of report & gt;