poplop utworzono 5 lutego 2010 utworzono 5 lutego 2010 (edytowane) Witam, Zrobiłem log ComboFixem. I teraz proszę powiedzieć co mam zrobić po kolei. Co usunąć. Log Combofix:[log]ComboFix 10-02-04.08 - Poplop 2010-02-05 16:48:57.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1676 [GMT 1:00] Uruchomiony z: c:\documents and settings\Poplop\Moje dokumenty\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\0fpdq2dw.exe C:\0qw6vege.exe C:\1di1w.exe C:\1hqup.exe C:\2id9.exe C:\2sm66r.exe C:\3exi.exe C:\6ruaqx.exe C:\9d6tpg.exe C:\9g86.exe C:\autorun.inf C:\b00ijwpu.exe C:\c2e.exe C:\cs6phv6d.exe C:\curqp.exe c:\docume~1\Poplop\USTAWI~1\Temp\cvasds0.dll c:\docume~1\Poplop\USTAWI~1\Temp\cvasds1.dll c:\docume~1\Poplop\USTAWI~1\Temp\herss.exe c:\documents and settings\Poplop\Dane aplikacji\addon.dat c:\documents and settings\Poplop\Dane aplikacji\BITS c:\documents and settings\Poplop\Dane aplikacji\BITS\BITS.ini c:\documents and settings\Poplop\Dane aplikacji\BITS\DHTTable.dat c:\documents and settings\Poplop\Dane aplikacji\BITS\ProxyList.ini c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20090228174004.torrent c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20090228174004.torrent.~tmp c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20090228174004.torrent.bits c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20090228174004.torrent.filelist c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20090228174004.torrent.seeds c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20090406204723.torrent c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20090406204723.torrent.~tmp c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20090406204723.torrent.bits c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20090406204723.torrent.filelist c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20100120202332.torrent c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20100120202332.torrent.bits c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20100120202332.torrent.filelist c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20100120202332.torrent.hybridlist c:\documents and settings\Poplop\Dane aplikacji\BITS\Torrent\20100120202332.torrent.seeds c:\documents and settings\Poplop\Dane aplikacji\BITS\UPnP.ini C:\g12g.exe C:\hjvjte.exe C:\i9bwjpqc.exe C:\k0maw.exe C:\k8jc.exe C:\log.tmp C:\lphfa.exe C:\mbdm.exe C:\mbvd.exe C:\mje12tni.exe C:\nds0q.exe C:\ngp8l.exe C:\nqdymj.exe C:\nx.exe C:\nymdik.exe C:\ohd.exe C:\opdux.exe C:\pbudsara.exe C:\ph.exe c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll c:\program files\myglobalsearch c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL c:\program files\myglobalsearch\bar\Cache\00027593 c:\program files\myglobalsearch\bar\Cache\001C3928.bin c:\program files\myglobalsearch\bar\Cache\001C3A90.bin c:\program files\myglobalsearch\bar\Cache\001C3BA9.bin c:\program files\myglobalsearch\bar\Cache\files.ini c:\program files\myglobalsearch\bar\History\search c:\program files\myglobalsearch\bar\Settings\prevcfg.htm C:\q3kku.exe C:\q93fi6kf.exe C:\qbr2q.exe C:\qkm.exe C:\s3ek.exe C:\sbcatf.exe C:\se12ydam.exe C:\t8g.exe C:\vb0hsoay.exe C:\vlvtdflx.exe C:\wcgswa.exe C:\wfx062.exe c:\windows\d.ini c:\windows\ktd32.atm c:\windows\svchost.exe c:\windows\system32\28463 c:\windows\system32\28463\NHWV.001 c:\windows\system32\28463\NHWV.002 c:\windows\system32\28463\NHWV.005 c:\windows\system32\28463\NHWV.009 c:\windows\system32\Bifrost c:\windows\system32\Bifrost\klog.dat c:\windows\system32\ckl009.dat c:\windows\system32\explorer.exe c:\windows\system32\hattric c:\windows\system32\ieuinit.inf c:\windows\system32\SHELLLNK.TLB c:\windows\unins000.dat c:\windows\unins000.exe C:\wisf1.exe C:\wu1n.exe C:\xmor.exe C:\y.exe C:\ycvvj.exe C:\yu3.exe D:\0fpdq2dw.exe D:\0qw6vege.exe D:\1di1w.exe D:\1hqup.exe D:\2id9.exe D:\2sm66r.exe D:\3exi.exe D:\6ruaqx.exe D:\9d6tpg.exe D:\9g86.exe D:\Autorun.inf D:\b00ijwpu.exe D:\c2e.exe D:\cs6phv6d.exe D:\curqp.exe D:\g12g.exe D:\hjvjte.exe D:\i9bwjpqc.exe D:\k0maw.exe D:\k8jc.exe D:\lphfa.exe D:\mbdm.exe D:\mbvd.exe D:\mje12tni.exe D:\nds0q.exe D:\ngp8l.exe D:\nqdymj.exe D:\nx.exe D:\nymdik.exe D:\ohd.exe D:\opdux.exe D:\pbudsara.exe D:\ph.exe D:\q3kku.exe D:\q93fi6kf.exe D:\qbr2q.exe D:\qkm.exe D:\s3ek.exe D:\sbcatf.exe D:\se12ydam.exe D:\t8g.exe D:\vb0hsoay.exe D:\vlvtdflx.exe D:\wcgswa.exe D:\wfx062.exe D:\wisf1.exe D:\wu1n.exe D:\xmor.exe D:\y.exe D:\ycvvj.exe D:\yu3.exe J:\0fpdq2dw.exe J:\0qw6vege.exe J:\1di1w.exe J:\1hqup.exe J:\2id9.exe J:\2sm66r.exe J:\3exi.exe J:\6ruaqx.exe J:\9d6tpg.exe J:\9g86.exe J:\Autorun.inf J:\b00ijwpu.exe J:\c2e.exe J:\cs6phv6d.exe J:\curqp.exe J:\g12g.exe J:\hjvjte.exe J:\i9bwjpqc.exe J:\k0maw.exe J:\k8jc.exe J:\lphfa.exe J:\mbdm.exe J:\mbvd.exe J:\mje12tni.exe J:\nds0q.exe J:\ngp8l.exe J:\nqdymj.exe J:\nx.exe J:\nymdik.exe J:\ohd.exe J:\opdux.exe J:\pbudsara.exe J:\ph.exe J:\q3kku.exe J:\q93fi6kf.exe J:\qbr2q.exe J:\qkm.exe J:\s3ek.exe J:\sbcatf.exe J:\se12ydam.exe J:\t8g.exe J:\vlvtdflx.exe J:\wcgswa.exe J:\wfx062.exe J:\wisf1.exe J:\wu1n.exe J:\xmor.exe J:\y.exe J:\ycvvj.exe J:\yu3.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OREANS32 -------\Legacy_POWERMANAGER -------\Service_oreans32 -------\Service_PowerManager ((((((((((((((((((((((((( Pliki utworzone od 2010-01-05 do 2010-02-05 ))))))))))))))))))))))))))))))) . 2010-02-04 20:03 . 2010-02-04 20:04 -------- d-----w- c:\program files\Hamachi 2010-02-04 20:03 . 2010-02-04 20:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2010-02-04 14:12 . 2010-02-04 14:12 149504 --sh--r- C:\ws.exe 2010-02-03 16:13 . 2010-02-03 16:13 94208 --sh--r- C:\bveijo.exe 2010-01-30 17:10 . 2010-01-30 17:11 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\TS3Client 2010-01-29 19:39 . 2010-01-29 19:39 97280 --sh--r- C:\mvmdh.exe 2010-01-26 16:08 . 2010-01-26 16:07 100864 --sh--r- C:\df.exe 2010-01-20 19:25 . 2010-01-20 19:25 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2010-01-20 19:25 . 2010-01-20 19:25 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2010-01-20 19:25 . 2010-01-20 19:25 -------- d-----w- c:\program files\OpenAL 2010-01-19 17:35 . 2010-01-19 18:30 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Procaster 2010-01-19 17:35 . 2010-01-19 17:35 -------- d-----w- c:\program files\Livestream Procaster 2010-01-17 13:10 . 2010-01-17 13:17 -------- d-----w- C:\NSVtools 2010-01-17 13:09 . 2010-01-17 13:14 -------- d-----w- c:\program files\NSVtools 2010-01-17 13:02 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll 2010-01-17 13:02 . 2007-03-09 08:37 139264 ----a-w- c:\windows\system32\viscomqtde.dll 2010-01-17 13:02 . 2007-03-09 08:36 81920 ----a-w- c:\windows\system32\viscomwave.dll 2010-01-17 12:50 . 2010-02-01 20:10 -------- d-----w- c:\program files\Common Files\NSV 2010-01-17 09:31 . 2010-01-17 09:31 -------- d-----w- c:\documents and settings\Poplop\Pulpitgameboy 2010-01-16 18:39 . 2010-01-16 18:39 809 ----a-w- c:\windows\unins001.dat 2010-01-16 18:39 . 2010-01-16 18:39 744969 ----a-w- c:\windows\unins001.exe 2010-01-16 18:39 . 2009-12-21 13:49 11886696 ----a-w- c:\windows\gg.exe 2010-01-15 13:10 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-01-15 13:10 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-01-15 13:10 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-01-15 13:10 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-01-15 06:10 . 2010-01-15 06:10 33558 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe 2010-01-15 06:03 . 2010-01-15 06:03 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2010-01-14 21:17 . 2010-01-14 21:17 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2010-01-14 21:16 . 2010-02-04 13:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2010-01-14 21:16 . 2010-01-14 21:17 -------- d-----w- c:\program files\Google 2010-01-14 21:01 . 2010-02-02 04:20 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Temp 2010-01-14 21:01 . 2010-01-15 08:39 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-05 15:54 . 2009-10-07 16:55 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\VMware 2010-02-05 15:53 . 2009-10-07 16:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\VMware 2010-02-05 10:06 . 2009-04-19 07:27 -------- d-----w- c:\program files\Flock 2010-02-04 21:00 . 2009-10-08 18:28 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Hamachi 2010-02-03 17:14 . 2009-03-01 09:18 164880 ---ha-w- c:\documents and settings\Poplop\Dane aplikacji\Microsoft\Virtual PC\VPCKeyboard.dll 2010-01-30 16:52 . 2009-06-21 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-29 15:34 . 2009-01-17 18:32 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Skype 2010-01-29 15:13 . 2009-01-17 18:33 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\skypePM 2010-01-23 19:45 . 2009-12-07 07:27 -------- d-----w- c:\program files\EslWire 2010-01-20 09:33 . 2009-03-13 19:16 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\gtk-2.0 2010-01-17 10:21 . 2010-01-01 02:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-01-17 10:21 . 2010-01-01 02:15 103736 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-01-09 09:33 . 2009-05-31 17:32 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-01-08 14:59 . 2009-01-31 12:27 -------- d-----w- c:\program files\Common Files\Borland Shared 2010-01-04 18:25 . 2010-01-04 18:25 25214 ----a-r- c:\documents and settings\Poplop\Dane aplikacji\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe 2010-01-04 18:25 . 2001-10-26 18:15 92390 ----a-w- c:\windows\system32\perfc015.dat 2010-01-04 18:25 . 2001-10-26 18:15 508024 ----a-w- c:\windows\system32\perfh015.dat 2010-01-04 18:25 . 2010-01-04 18:25 -------- d-----w- c:\program files\MySQL 2010-01-03 17:04 . 2010-01-03 17:02 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-01-03 17:02 . 2010-01-03 17:02 -------- d-----w- c:\program files\ALLConverter 2010-01-03 15:35 . 2009-03-21 10:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2010-01-02 10:04 . 2009-10-26 15:40 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\FileZilla 2010-01-01 15:26 . 2009-01-17 13:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-01 02:16 . 2010-01-01 02:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-01-01 02:15 . 2009-05-21 11:12 22328 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\PnkBstrK.sys 2010-01-01 02:15 . 2009-05-21 11:12 22328 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\PnkBstrK.sys 2009-12-31 10:53 . 2009-12-31 10:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\BioWare 2009-12-31 10:50 . 2009-12-31 10:50 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-31 10:49 . 2009-12-31 07:34 -------- d-----w- c:\program files\Common Files\BioWare 2009-12-27 14:03 . 2009-12-23 14:12 -------- d-----w- c:\program files\ipla 2009-12-24 19:27 . 2009-12-23 14:12 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\ipla 2009-12-23 17:18 . 2009-12-27 08:54 52224 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\FFExternalAlert.dll 2009-12-23 17:18 . 2009-12-27 08:54 101376 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\RadioWMPCore.dll 2009-12-23 14:12 . 2009-12-23 14:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-12-23 14:09 . 2009-12-23 14:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10 2009-12-21 21:13 . 2009-01-17 15:36 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\123 Free Solitaire 2009-12-21 21:11 . 2009-12-21 12:52 10 ----a-w- c:\windows\popcinfo.dat 2009-12-21 13:47 . 2009-12-21 13:47 37376 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2009-12-21 13:01 . 2009-12-21 12:58 -------- d-----w- c:\program files\123 Free Solitaire 2009-12-21 12:49 . 2009-12-21 12:48 -------- d-----w- c:\program files\Zuma Deluxe 2009-12-17 17:41 . 2009-02-23 18:59 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\teamspeak2 2009-12-15 20:04 . 2009-12-15 20:03 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Notepad++ 2009-12-14 16:53 . 2009-12-14 16:53 421376 --sh--w- C:\gfx.com 2009-12-08 16:40 . 2009-12-08 16:40 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\aerix 2009-11-28 18:21 . 2009-11-28 18:21 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2009-11-28 18:21 . 2009-11-28 18:21 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2009-11-28 18:21 . 2009-11-28 18:21 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2009-11-24 06:50 . 2009-11-24 06:50 152576 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-24 06:21 . 2009-11-24 06:21 79488 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-17 11:32 . 2009-12-07 07:27 23512 ----a-w- c:\windows\system32\drivers\ESLvnic.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304] "entry"="c:\gfx.com" [2009-12-14 421376] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Poplop^Menu Start^Programy^Autostart^raw32.dll] path=c:\documents and settings\Poplop\Menu Start\Programy\Autostart\raw32.dll backup=c:\windows\pss\raw32.dllStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\entry] 2009-12-14 16:53 421376 --sh--w- c:\gfx.com [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE] 2004-08-03 22:44 1033728 ------w- c:\windows\explorer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater] 2010-01-14 21:16 197104 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 189488 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray] 2009-08-14 18:12 64048 ----a-w- d:\vmware\VMware Player\hqtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebServ] 2008-01-28 22:36 1563136 ----a-w- d:\webserv\WebServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\totalcmd\\TOTALCMD.EXE"= "c:\\Documents and Settings\\Poplop\\Dane aplikacji\\ENet\\Apache\\Apache.exe"= "d:\\Metin2_PL\\metin2.bin"= "d:\\Counter-Strike\\hl.exe"= "d:\\Counter-Strike\\hlds.exe"= "d:\\Gadu-Gadu\\gg.exe"= "d:\\csns\\hl.exe"= "d:\\HLSW\\hlsw.exe"= "d:\\csns\\hlds.exe"= "d:\\csns\\hltv.exe"= "d:\\Teamspeak2_RC2\\server_windows.exe"= "d:\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= "d:\\NX Client for Windows\\nxclient.exe"= "d:\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= "d:\\NX Client for Windows\\bin\\nxssh.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\csnonsteam\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\counter-strike\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\deathmatch classic\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life blue shift\\hl.exe"= "d:\\Ares\\Ares.exe"= "c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Xfire\\Xfire.exe"= "d:\\Psi-pedrito\\Psi.exe"= "d:\\MySteam\\steamapps\\poplop96\\team fortress classic\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\counter-strike beta\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\opposing force\\hl.exe"= "d:\\csnonsteam\\hlds.exe"= "d:\\FreeCall.com\\FreeCall\\FreeCall.exe"= "d:\\iaxLite\\iaxLite.exe"= "d:\\Metin2_PL\\metin2client.bin"= "d:\\VMware\\VMware Player\\vmware-authd.exe"= "d:\\MySteam\\Steam.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life 2 deathmatch\\hl2.exe"= "d:\\Wolfenstein - Enemy Territory\\ET.exe"= "c:\\Documents and Settings\\Poplop\\Pulpit\\Portmap\\PortMap.exe"= "c:\\Documents and Settings\\Poplop\\Pulpit\\Kuba\\serwer samp\\samp-server.exe"= "d:\\MySteam\\steamapps\\poplop96\\ricochet\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\team fortress 2\\hl2.exe"= "c:\\Program Files\\WinSCP\\WinSCP.exe"= "d:\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\EslWire\\wire.exe"= "c:\\Program Files\\EslWire\\dppm_source.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"= "d:\\MySteam\\steamapps\\poplop96\\zombie panic! source\\hl2.exe"= "d:\\Gadu-Gadu 10\\gg.exe"= "d:\\Dragon Age\\bin_ship\\daorigins.exe"= "d:\\Dragon Age\\DAOriginsLauncher.exe"= "d:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "d:\\Techland\\Call of Juarez - Wiezy Krwi\\CoJBiBGame_x86.exe"= "d:\\Java\\jre6\\bin\\java.exe"= "j:\\Metek + Atlantyda\\mc.exe"= "j:\\Metek + Atlantyda\\Longjuytgamelogin.exe"= "j:\\PLMETIN2\\mc.exe"= "j:\\PLMETIN2\\Rava.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "d:\\MySteam\\steamapps\\common\\osmos demo\\OsmosDemo.exe"= "d:\\MySteam\\steamapps\\common\\quake 3 arena demo\\quake3.exe"= "d:\\MySteam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22:TCP"= 22:TCP:22 "12975:TCP"= 12975:TCP:12975 "3297:TCP"= 3297:TCP:3297 "3306:TCP"= 3306:TCP:3306 R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-07 721904] R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [2008-04-12 11392] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-03-10 100560] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-03-10 41744] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-08-14 54960] R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2009-12-07 23512] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-03-10 87568] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-01-17 428160] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 133104] S3 DAUpdaterSvc;Dragon Age: Początek - Aktualizator zawartości;d:\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-31 25832] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt --> c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-11-28 13224] S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-03 55296] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-08-15 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-10-18 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-10-18 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-11-28 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-11-28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-11-28 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-11-28 97704] S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?] . Zawartość folderu 'Zaplanowane zadania' 2010-02-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-14 21:16] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:17] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:17] 2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job - c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-01-14 21:01] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job - c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-01-14 21:01] . . ------- Skan uzupełniający ------- . mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/ IE: &Download All by FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bholink.htm IE: &Pobierz wszystko przez FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bhoall.htm IE: &Pobrane przez FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bholink.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: d:\vmware\VMware Player\vsocklib.dll FF - ProfilePath - c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2009787&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2009787&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2009787&SearchSource=2&q= FF - component: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\RadioWMPCore.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: d:\java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: d:\java\jre6\bin\new_plugin\npjp2.dll FF - plugin: d:\opera\program\plugins\NPSWF32.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{28ABB9FB-95BB-413D-BB6E-ACF302693D76} - c:\windows\system32\mqupgrdd.dll HKCU-Run-wsctf.exe - wsctf.exe HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE HKLM-Run-NHWV Agent - c:\windows\system32\28463\NHWV.exe MSConfigStartUp-cdoosoft - c:\docume~1\Poplop\USTAWI~1\Temp\herss.exe MSConfigStartUp-DBRLON - c:\windows\system32\Launcher1.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-EADM - d:\electronic arts\EADM\Uninstall.exe AddRemove-EuroGrand Casino - j:\kasyno\EuroGrand Casino\_SetupCasino.exe AddRemove-Niezbędnik CD_is1 - c:\windows\unins000.exe AddRemove-SMART_is1 - d:\smartsystem\unins000.exe AddRemove-sXe_Injected - d:\sxe injected\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-05 16:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5542F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3 \Driver\ACPI -> ACPI.sys @ 0xb9e65cb8 \Driver\atapi -> 0x8a5542f8 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d03ba0 PacketIndicateHandler -> NDIS.sys @ 0xb9d10b21 SendHandler -> NDIS.sys @ 0xb9cee87b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1932) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3580) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll d:\microsoft virtual pc\VPCShExH.DLL c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe d:\cpucool\CooLSrv.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\vmnat.exe c:\windows\system32\vmnetdhcp.exe d:\vmware\VMware Player\vmware-authd.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2010-02-05 16:57:39 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-05 15:57 Przed: 7 555 162 112 bajtów wolnych Po: 8 949 317 632 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [Boot Loader] Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS timeout=2 [Operating Systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 4E9225E8C94AA175FF05BD1F4ADDC624 [/log] Log z OTListlt2: [log]OTL logfile created on: 2010-02-05 17:43:11 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Poplop\Moje dokumenty\Downloads Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 1024 7800 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,57 Gb Total Space | 8,39 Gb Free Space | 22,32% Space Free | Partition Type: NTFS Drive D: | 149,68 Gb Total Space | 65,53 Gb Free Space | 43,78% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 45,17 Gb Total Space | 26,90 Gb Free Space | 59,55% Space Free | Partition Type: NTFS Computer Name: POPLOP-27F58ACF Current User Name: Poplop Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-02-05 17:42:32 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Poplop\Moje dokumenty\Downloads\OTL.exe PRC - [2010-01-21 08:24:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2010-01-14 22:23:09 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe PRC - [2010-01-01 03:16:54 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-12-14 17:53:22 | 000,421,376 | -HS- | M] ( ) -- c:\gfx.com PRC - [2009-08-14 19:13:08 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe PRC - [2009-08-14 19:12:46 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe PRC - [2009-08-14 19:12:34 | 000,113,200 | ---- | M] (VMware, Inc.) -- D:\VMware\VMware Player\vmware-authd.exe PRC - [2009-08-14 03:08:00 | 000,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2009-07-30 20:15:46 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2009-07-30 20:15:44 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe PRC - [2008-04-12 16:40:32 | 000,118,784 | ---- | M] () -- D:\CPUCooL\CooLSRV.exe PRC - [2007-09-03 08:52:22 | 016,841,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-10-27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006-08-30 10:58:38 | 000,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\VMSnap3.EXE PRC - [2006-06-28 17:54:06 | 000,049,152 | ---- | M] (Vimicro) -- C:\WINDOWS\Domino.EXE PRC - [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-03 23:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-08-03 23:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-03 23:44:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-03 23:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-03 23:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-03 23:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-08-03 23:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-02-05 17:42:32 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Poplop\Moje dokumenty\Downloads\OTL.exe MOD - [2004-08-03 23:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-03 23:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2004-08-03 23:44:14 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2004-08-03 23:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-03 23:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-03 23:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2004-08-03 23:44:12 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-03 23:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-03 23:44:10 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-03 23:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-03 23:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-03 23:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2004-08-03 23:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-03 23:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-03 23:44:08 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-03 23:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-03 23:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2004-08-03 23:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-03 23:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-03 23:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-03 23:44:00 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2004-08-03 23:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-03 23:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-03 23:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-03 23:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-03 23:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-01-14 22:17:01 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate) SRV - [2010-01-14 22:16:31 | 000,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2010-01-01 03:16:54 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009-09-28 03:09:00 | 003,426,552 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2009-08-14 19:13:08 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2009-08-14 19:12:46 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service) SRV - [2009-08-14 19:12:34 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- D:\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2009-08-14 03:08:00 | 000,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2009-08-13 20:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart) SRV - [2009-07-26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009-07-14 13:37:10 | 000,066,056 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R) SRV - [2008-12-01 10:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- D:\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2008-04-12 16:40:32 | 000,118,784 | ---- | M] () [Auto | Running] -- D:\CPUCooL\CooLSRV.exe -- (CPUCooLServer) SRV - [2007-06-01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007-04-13 21:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004-10-22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2010-02-04 21:03:54 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-11-28 19:21:02 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009-11-28 19:21:02 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2009-11-17 12:32:10 | 000,023,512 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1) DRV - [2009-08-14 19:13:58 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon) DRV - [2009-08-14 19:13:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2009-08-14 19:13:56 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86) DRV - [2009-08-14 19:13:56 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci) DRV - [2009-08-14 19:13:54 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd) DRV - [2009-08-14 19:12:16 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport) DRV - [2009-08-14 12:40:04 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2009-08-14 12:40:04 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2009-08-14 05:27:00 | 004,485,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-05-27 16:39:41 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-04-19 16:04:53 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-04-11 08:37:58 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2009-02-16 17:47:00 | 000,087,568 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2009-02-16 17:47:00 | 000,041,744 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2009-02-16 17:46:56 | 000,100,560 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2009-01-17 19:40:05 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-01-17 19:40:05 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008-12-01 10:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- D:\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2008-04-12 16:40:28 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ntiopnp.sys -- (ntiopnp) DRV - [2008-04-12 16:40:28 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ntiomin.sys -- (ntiomin) DRV - [2008-02-12 02:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm) DRV - [2008-02-05 00:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2007-09-05 10:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-06-28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007-06-28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007-06-19 08:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm) DRV - [2007-06-19 08:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) DRV - [2007-06-19 08:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) DRV - [2007-06-19 08:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex) DRV - [2007-06-19 08:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) DRV - [2007-06-19 08:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl) DRV - [2007-06-19 08:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM) DRV - [2007-05-03 00:48:00 | 000,055,296 | ---- | M] (Leaf Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\leafnets.sys -- (leafnets) DRV - [2007-04-24 10:33:46 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007-04-24 10:33:46 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex) DRV - [2007-04-24 10:33:44 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007-04-24 10:33:42 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007-04-24 10:33:34 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2007-04-03 12:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex) DRV - [2007-04-03 12:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007-04-03 12:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007-04-03 12:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2007-03-08 00:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006-12-28 17:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2006-09-19 13:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2006-08-31 10:30:18 | 000,392,058 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303) X-calibur USB PC Camera (Vimicro301 Neptune) DRV - [2006-08-11 14:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006-07-05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-06-14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2006-04-25 10:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303) DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004-08-03 21:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2004-05-13 22:54:34 | 000,014,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2004-05-13 22:54:32 | 000,021,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2004-05-13 22:54:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2004-05-13 22:54:26 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2004-05-13 22:54:24 | 000,044,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001-08-17 20:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1957994488-1177238915-839522115-1003\S-1-5-21-1957994488-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "softonicen Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2009787&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2009787&SearchSource=13" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 36 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {d6902984-559d-4d30-83ba-6315d7c84cd1}:2.5.2.14 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2009787&SearchSource=2&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Dane aplikacji\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-01-15 07:10:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2009-12-25 14:57:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2009-08-11 19:33:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-15 07:10:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-05 16:51:29 | 000,000,000 | ---D | M] [2009-04-19 08:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Mozilla\Extensions [2009-04-19 08:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Poplop\Dane aplikacji\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2010-01-24 14:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions [2009-12-27 09:54:47 | 000,000,000 | ---D | M] (softonicen Toolbar) -- C:\Documents and Settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1} [2009-08-11 19:08:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-12-27 09:54:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009-03-25 08:39:56 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\searchplugins\conduit.xml [2010-01-25 15:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-04-17 15:34:14 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [2009-07-30 23:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-07-30 23:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-07-30 23:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-07-30 23:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-07-30 23:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-07-30 23:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-02-05 17:17:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1957994488-1177238915-839522115-1003\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKU\S-1-5-21-1957994488-1177238915-839522115-1003\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.EXE (Vimicro) O4 - HKLM..\Run: [entry] c:\gfx.com ( ) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1957994488-1177238915-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1957994488-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1957994488-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1957994488-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1957994488-1177238915-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download All by FlashGet - D:\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - D:\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: &Pobierz wszystko przez FlashGet - D:\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Pobrane przez FlashGet - D:\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} file://D:\XVTVPlayer\nsvplayx_vp3_mp3.cab (NsvPlayX Control) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-17 13:11:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-01-08 15:35:39 | 000,000,000 | ---D | M] - D:\AutoIt3 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-01-17 13:54:39 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-05 17:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\VMware [2010-02-05 16:47:56 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010-02-05 16:44:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-02-05 16:44:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-02-05 16:44:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-02-05 16:44:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-02-05 16:44:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-02-05 16:42:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-02-04 21:03:54 | 000,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys [2010-02-04 21:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Hamachi [2010-01-30 18:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Dane aplikacji\TS3Client [2010-01-20 20:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Moje dokumenty\OsmosDemo [2010-01-20 20:25:25 | 000,413,696 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2010-01-20 20:25:25 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [2010-01-20 20:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2010-01-20 17:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Moje dokumenty\Pobieranie [2010-01-19 18:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\Procaster [2010-01-19 18:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster [2010-01-19 17:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Pulpit\tv [2010-01-17 17:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Pulpit\paneltv [2010-01-17 14:10:57 | 000,000,000 | ---D | C] -- C:\NSVtools [2010-01-17 14:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\NSVtools [2010-01-17 14:02:55 | 000,438,272 | ---- | C] (DMSoft Technologies) -- C:\WINDOWS\System32\SkinCrafter.dll [2010-01-17 14:02:54 | 000,856,064 | ---- | C] (Essien Research & Development) -- C:\WINDOWS\System32\mpgfiltr.ax [2010-01-17 14:02:54 | 000,208,896 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\VideoEdit.ocx [2010-01-17 14:02:54 | 000,139,264 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomqtde.dll [2010-01-17 14:02:54 | 000,081,920 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomwave.dll [2010-01-17 13:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NSV [2010-01-17 10:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Pulpit\instalki dla wszystkie [2010-01-17 10:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Pulpitgameboy [2010-01-16 19:39:28 | 011,886,696 | ---- | C] (GG Network S.A.) -- C:\WINDOWS\gg.exe [2010-01-15 07:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2010-01-15 07:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-01-14 22:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-01-14 22:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-01-14 22:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-01-14 22:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater [2010-01-14 22:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010-01-14 22:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Moje dokumenty\Downloads [2010-01-14 22:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\Temp [2010-01-14 22:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google [2009-10-11 18:53:17 | 000,028,672 | ---- | C] ( ) -- C:\WINDOWS\System32\shelllnk.dll [2009-07-06 10:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Ashampoo Antivirus [2009-01-17 13:10:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-01-17 13:10:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-05 17:28:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-02-05 17:18:18 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-02-05 17:17:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-05 17:17:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-02-05 17:17:40 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-02-05 17:17:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-05 17:17:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-05 17:16:49 | 014,680,064 | -H-- | M] () -- C:\Documents and Settings\Poplop\NTUSER.DAT [2010-02-05 17:16:49 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Poplop\ntuser.ini [2010-02-05 16:48:01 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2010-02-05 16:06:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job [2010-02-05 14:20:26 | 002,112,624 | -H-- | M] () -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-04 22:06:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job [2010-02-04 21:03:54 | 000,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys [2010-02-04 21:03:54 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\hamachi.lnk [2010-02-04 15:12:24 | 000,149,504 | RHS- | M] () -- C:\ws.exe [2010-02-03 17:13:14 | 000,094,208 | RHS- | M] () -- C:\bveijo.exe [2010-02-03 09:13:32 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\PUTTY.RND [2010-02-03 09:06:34 | 000,004,499 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2010-02-03 09:00:37 | 000,001,989 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini [2010-02-02 05:20:31 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\Google Chrome.lnk [2010-02-01 14:35:37 | 000,001,286 | ---- | M] () -- C:\WINDOWS\win.ini [2010-02-01 14:35:37 | 000,000,222 | ---- | M] () -- C:\Boot.bak [2010-01-30 18:10:19 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk [2010-01-29 20:39:01 | 000,097,280 | RHS- | M] () -- C:\mvmdh.exe [2010-01-29 17:34:28 | 000,002,267 | ---- | M] () -- C:\Podgladaukcja.html [2010-01-29 17:31:50 | 000,107,217 | ---- | M] () -- C:\tlo.jpg [2010-01-28 17:11:23 | 000,000,000 | RHS- | M] () -- C:\config.sys [2010-01-27 21:04:41 | 014,346,405 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\da_2.334.zip [2010-01-27 20:53:17 | 003,022,072 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\whm_nulled.rar [2010-01-27 20:47:56 | 023,232,843 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\31 Hosting Scripts Collection - Nulled.rar [2010-01-26 17:07:43 | 000,100,864 | RHS- | M] () -- C:\df.exe [2010-01-23 22:09:45 | 000,000,420 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\Ares.lnk [2010-01-20 20:25:25 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2010-01-20 20:25:25 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [2010-01-20 10:33:57 | 000,021,245 | ---- | M] () -- C:\Documents and Settings\Poplop\.recently-used.xbel [2010-01-19 18:35:52 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Livestream Procaster.lnk [2010-01-18 21:04:57 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\FlashGet 2.0.lnk [2010-01-18 21:04:42 | 000,308,869 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\mediaplayer-viral.zip [2010-01-17 14:28:25 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Poplop\Dane aplikacji\winscp.rnd [2010-01-17 14:27:11 | 070,646,243 | ---- | M] () -- C:\flaskOut.nsv [2010-01-17 14:25:35 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-01-17 14:16:31 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-17 14:15:59 | 000,000,487 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\Extra Video Converter.lnk [2010-01-17 11:21:55 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-01-17 11:21:38 | 000,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010-01-16 19:39:29 | 000,000,809 | ---- | M] () -- C:\WINDOWS\unins001.dat [2010-01-16 19:39:24 | 000,744,969 | ---- | M] () -- C:\WINDOWS\unins001.exe [2010-01-16 19:34:51 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Inno Setup Compiler.lnk [2010-01-16 19:24:53 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\Quick Menu Builder.lnk [2010-01-16 09:32:10 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\123 Free Solitaire (2).lnk [2010-01-15 07:10:49 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-01-14 22:17:10 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Kalendarz Google.lnk [2010-01-14 22:17:10 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gmail.lnk [2010-01-14 22:17:10 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Dokumenty Google.lnk [2010-01-09 10:23:30 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Poplop\SciTE.session [2010-01-07 20:51:20 | 001,158,758 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\ibp2.sql [2010-01-06 19:12:34 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Poplop\Pulpit\ToolsMT2 - uruchom!.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-05 16:47:57 | 000,262,400 | ---- | C] () -- C:\cmldr [2010-02-05 16:44:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-02-05 16:44:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-02-05 16:44:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-02-05 16:44:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-02-05 16:44:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-02-04 21:03:54 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\hamachi.lnk [2010-02-04 15:12:50 | 000,149,504 | RHS- | C] () -- C:\ws.exe [2010-02-03 17:13:44 | 000,094,208 | RHS- | C] () -- C:\bveijo.exe [2010-01-30 18:10:19 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk [2010-01-29 20:39:28 | 000,097,280 | RHS- | C] () -- C:\mvmdh.exe [2010-01-29 17:31:49 | 000,107,217 | ---- | C] () -- C:\tlo.jpg [2010-01-27 20:54:49 | 014,346,405 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\da_2.334.zip [2010-01-27 20:50:48 | 003,022,072 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\whm_nulled.rar [2010-01-27 20:24:18 | 023,232,843 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\31 Hosting Scripts Collection - Nulled.rar [2010-01-26 17:08:10 | 000,100,864 | RHS- | C] () -- C:\df.exe [2010-01-23 22:09:45 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\Ares.lnk [2010-01-23 16:33:49 | 000,000,972 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-01-20 10:33:57 | 000,021,245 | ---- | C] () -- C:\Documents and Settings\Poplop\.recently-used.xbel [2010-01-19 18:35:52 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Livestream Procaster.lnk [2010-01-18 21:04:57 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\FlashGet 2.0.lnk [2010-01-18 21:04:29 | 000,308,869 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\mediaplayer-viral.zip [2010-01-17 14:27:09 | 070,646,243 | ---- | C] () -- C:\flaskOut.nsv [2010-01-17 14:15:59 | 000,000,487 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\Extra Video Converter.lnk [2010-01-16 19:39:28 | 000,744,969 | ---- | C] () -- C:\WINDOWS\unins001.exe [2010-01-16 19:39:28 | 000,000,809 | ---- | C] () -- C:\WINDOWS\unins001.dat [2010-01-16 19:34:51 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Inno Setup Compiler.lnk [2010-01-16 19:24:53 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\Quick Menu Builder.lnk [2010-01-14 22:17:10 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Kalendarz Google.lnk [2010-01-14 22:17:10 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gmail.lnk [2010-01-14 22:17:10 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Dokumenty Google.lnk [2010-01-14 22:17:05 | 000,001,036 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-01-14 22:17:04 | 000,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-01-14 22:10:02 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\Google Chrome.lnk [2010-01-14 22:01:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job [2010-01-14 22:01:49 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job [2010-01-08 15:42:54 | 000,000,342 | ---- | C] () -- C:\Documents and Settings\Poplop\SciTE.session [2010-01-07 20:51:20 | 001,158,758 | ---- | C] () -- C:\Documents and Settings\Poplop\Pulpit\ibp2.sql [2010-01-03 18:02:13 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-01-01 03:15:41 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-12-30 21:46:39 | 000,000,305 | ---- | C] () -- C:\WINDOWS\game.ini [2009-11-19 22:22:26 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Poplop\Dane aplikacji\winscp.rnd [2009-10-11 18:53:13 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2009-10-08 18:46:39 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll [2009-10-07 17:54:50 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll [2009-08-28 17:45:27 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll [2009-07-06 10:27:49 | 000,002,596 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak [2009-07-06 10:27:49 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak [2009-07-06 10:27:49 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak [2009-07-06 10:27:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Backup.INI [2009-05-27 13:53:33 | 000,162,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-05-21 12:30:39 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-05-21 12:12:41 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Poplop\Dane aplikacji\PnkBstrK.sys [2009-04-29 22:19:22 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009-04-17 15:34:17 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Poplop\Dane aplikacji\Smiley.ico [2009-04-12 18:41:39 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-04-07 06:58:34 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-03-10 14:36:01 | 000,100,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys [2009-02-15 17:10:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Poplop\Ustawienia lokalne\Dane aplikacji\PUTTY.RND [2009-02-03 15:08:49 | 000,000,058 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI [2009-01-28 07:39:19 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2009-01-19 17:15:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-01-18 08:11:17 | 000,001,989 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-01-18 08:10:31 | 000,004,499 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-01-17 19:40:05 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-01-17 19:40:05 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-01-17 15:01:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\KRCapture.dll [2009-01-17 15:01:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\KRProcess.dll [2009-01-17 15:01:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\KRDetector.dll [2009-01-17 15:01:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll [2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-04-12 16:40:28 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntiopnp.sys [2008-04-12 16:40:28 | 000,011,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntiomin.sys [2007-11-26 20:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2004-08-03 23:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-06-24 23:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll [2002-11-06 16:42:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SDL_gfx.dll [2002-10-13 11:25:14 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MesaGlut.dll [2002-10-13 11:23:36 | 000,363,008 | ---- | C] () -- C:\WINDOWS\System32\MesaGLU.dll [2002-10-13 11:21:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\osmesa.dll [2002-10-13 11:21:44 | 001,417,216 | ---- | C] () -- C:\WINDOWS\System32\MesaGL.dll [2002-10-07 03:49:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll [2002-05-20 06:12:50 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll [2002-04-13 11:01:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll [2002-04-13 11:01:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll [2002-04-13 11:00:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll [2002-02-07 11:43:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\sdl_sound.dll [2001-12-03 19:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\in_flac.dll [2001-08-13 00:00:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2001-08-13 00:00:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2001-08-12 23:59:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2001-04-05 13:24:14 | 000,169,443 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll [2001-04-05 13:24:14 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\libpng1.dll [2001-04-04 19:33:50 | 000,209,920 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll [color=#E56717]========== LOP Check ==========[/color] [2009-12-31 11:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BioWare [2009-04-07 07:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2009-01-18 21:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\E-Net [2009-04-17 15:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\E1C5 [2009-07-07 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2009-12-07 08:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESL Wire [2009-07-06 11:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA [2009-12-23 15:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2009-08-29 11:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-06-05 13:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Stardock [2009-08-14 21:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca [2010-01-09 10:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-12-21 22:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\123 Free Solitaire [2009-12-08 17:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\aerix [2009-04-07 07:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\DAEMON Tools [2009-05-27 18:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\DAEMON Tools Lite [2009-04-09 17:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\DAEMON Tools Pro [2009-01-18 21:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\ENet [2010-01-02 11:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\FileZilla [2009-04-19 08:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Flock [2009-08-29 11:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\FreeCall [2009-01-18 20:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Gadu-Gadu [2009-12-23 15:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Gadu-Gadu 10 [2010-01-20 10:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\gtk-2.0 [2009-12-06 11:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\HLSW [2009-12-24 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\ipla [2009-12-15 21:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Notepad++ [2009-11-19 20:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Nowe Gadu-Gadu [2009-06-05 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Nvu [2009-08-29 11:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\OpenFM [2009-04-18 09:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Opera [2009-09-21 10:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Thinstall [2009-02-01 17:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Thunderbird [2009-05-24 09:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\Tibia [2010-01-30 18:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Poplop\Dane aplikacji\TS3Client [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-10-07 17:54:23 | 000,001,024 | ---- | M] () -- C:\.rnd [2009-01-17 13:11:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-02-01 14:35:37 | 000,000,222 | ---- | M] () -- C:\Boot.bak [2010-02-05 16:48:01 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-02-03 17:13:14 | 000,094,208 | RHS- | M] () -- C:\bveijo.exe [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-02-05 17:21:03 | 000,025,386 | ---- | M] () -- C:\ComboFix.txt [2010-02-05 16:57:40 | 000,032,504 | ---- | M] () -- C:\ComboFix2.txt [2010-01-28 17:11:23 | 000,000,000 | RHS- | M] () -- C:\config.sys [2009-01-17 14:49:01 | 000,000,206 | ---- | M] () -- C:\csb.log [2010-01-26 17:07:43 | 000,100,864 | RHS- | M] () -- C:\df.exe [2010-01-17 14:27:11 | 070,646,243 | ---- | M] () -- C:\flaskOut.nsv [2009-12-14 17:53:22 | 000,421,376 | -HS- | M] ( ) -- C:\gfx.com [2009-01-17 13:11:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-08-27 16:16:52 | 000,002,749 | ---- | M] () -- C:\LGSInst.Log [2009-07-06 11:01:07 | 000,000,059 | ---- | M] () -- C:\Logfile.txt [2009-01-17 13:11:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-01-29 20:39:01 | 000,097,280 | RHS- | M] () -- C:\mvmdh.exe [2004-08-03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-08-03 21:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr [2010-02-05 17:17:28 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys [2009-04-05 10:48:16 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2010-01-29 17:34:28 | 000,002,267 | ---- | M] () -- C:\Podgladaukcja.html [2009-12-25 19:11:25 | 000,000,000 | ---- | M] () -- C:\Podgladopis.html [2009-01-17 14:49:01 | 000,000,429 | ---- | M] () -- C:\RHDSetup.log [2009-12-11 19:45:51 | 000,000,127 | -HS- | M] () -- C:\set.ini [2009-12-08 18:10:44 | 000,000,058 | ---- | M] () -- C:\testlog.txt [2010-01-29 17:31:50 | 000,107,217 | ---- | M] () -- C:\tlo.jpg [2010-02-04 15:12:24 | 000,149,504 | RHS- | M] () -- C:\ws.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report > [/log]
Mateusz J. komentarz 5 lutego 2010 komentarz 5 lutego 2010 Do notatnika wklej: [code]File:: C:\ws.exe C:\bveijo.exe C:\mvmdh.exe C:\df.exe C:\gfx.com c:\documents and settings\Poplop\Menu Start\Programy\Autostart\raw32.dll c:\windows\pss\raw32.dll Folder:: c:\program files\BearShare Applications Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] [-HKLM\~\startupfolder\C:^Documents and Settings^Poplop^Menu Start^Programy^Autostart^raw32.dll] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\entry] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE][/code]W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą[b] CFScript.txt[/b] i zapisz go w tym katalogu co ściągnięty i zapisany został [b]combofix[/b] Na ikonę [b]ComboFix[/b] przeciągasz zrobiony plik [b]CFScript.txt[/b] Tak jak na obrazku: [img]http://img212.imageshack.us/img212/740/cfscript10uc2su5.gif[/img] Rozpocznie się usuwanie [b]i powstanie log , który pokazujesz na forum.[/b] Wykonaj: http://www.forumpc.pl/index.php?showtopic=107753 (Raport na forum). 1
poplop komentarz 5 lutego 2010 Autor komentarz 5 lutego 2010 Dziękuję Ci! Pomogło! Lecz jeszcze komputer zamula. Jak wtedy zamulał 10 na 10 to teraz z jakieś 4 na 10. Oto log z ComboFixa: [log] ComboFix 10-02-04.08 - Poplop 2010-02-05 18:23:33.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1571 [GMT 1:00] Uruchomiony z: c:\documents and settings\Poplop\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Poplop\Pulpit\CFScript.txt FILE :: "C:\bveijo.exe" "C:\df.exe" "c:\documents and settings\Poplop\Menu Start\Programy\Autostart\raw32.dll" "C:\gfx.com" "C:\mvmdh.exe" "c:\windows\pss\raw32.dll" "C:\ws.exe" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bveijo.exe C:\df.exe C:\gfx.com C:\mvmdh.exe c:\program files\BearShare Applications c:\program files\BearShare Applications\BearShare MediaBar\basis.xml c:\program files\BearShare Applications\BearShare MediaBar\bearshare.bmp c:\program files\BearShare Applications\BearShare MediaBar\bearshare_icons.bmp c:\program files\BearShare Applications\BearShare MediaBar\bearshare_logo.bmp c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll c:\program files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll c:\program files\BearShare Applications\BearShare MediaBar\beforeNavigate.js c:\program files\BearShare Applications\BearShare MediaBar\button_arrow.bmp c:\program files\BearShare Applications\BearShare MediaBar\button_arrow_clk.bmp c:\program files\BearShare Applications\BearShare MediaBar\button_arrow_hl.bmp c:\program files\BearShare Applications\BearShare MediaBar\mailsites.html c:\program files\BearShare Applications\BearShare MediaBar\myemail.bmp c:\program files\BearShare Applications\BearShare MediaBar\myemail_hl.bmp c:\program files\BearShare Applications\BearShare MediaBar\mysites.bmp c:\program files\BearShare Applications\BearShare MediaBar\mysites_hl.bmp c:\program files\BearShare Applications\BearShare MediaBar\resizer.bmp c:\program files\BearShare Applications\BearShare MediaBar\search.bmp c:\program files\BearShare Applications\BearShare MediaBar\search_clk.bmp c:\program files\BearShare Applications\BearShare MediaBar\search_hl.bmp c:\program files\BearShare Applications\BearShare MediaBar\search_images.bmp c:\program files\BearShare Applications\BearShare MediaBar\search_maps.bmp c:\program files\BearShare Applications\BearShare MediaBar\search_news.bmp c:\program files\BearShare Applications\BearShare MediaBar\search_videos.bmp c:\program files\BearShare Applications\BearShare MediaBar\showSettings.js c:\program files\BearShare Applications\BearShare MediaBar\storesearchcriteria.js c:\program files\BearShare Applications\BearShare MediaBar\topsites.html c:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe c:\program files\BearShare Applications\BearShare MediaBar\version.txt c:\program files\BearShare Applications\BearShare MediaBar\web.bmp C:\ws.exe . ((((((((((((((((((((((((( Pliki utworzone od 2010-01-05 do 2010-02-05 ))))))))))))))))))))))))))))))) . 2010-02-04 20:03 . 2010-02-04 20:04 -------- d-----w- c:\program files\Hamachi 2010-02-04 20:03 . 2010-02-04 20:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2010-01-30 17:10 . 2010-01-30 17:11 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\TS3Client 2010-01-20 19:25 . 2010-01-20 19:25 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2010-01-20 19:25 . 2010-01-20 19:25 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2010-01-20 19:25 . 2010-01-20 19:25 -------- d-----w- c:\program files\OpenAL 2010-01-19 17:35 . 2010-01-19 18:30 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Procaster 2010-01-19 17:35 . 2010-01-19 17:35 -------- d-----w- c:\program files\Livestream Procaster 2010-01-17 13:10 . 2010-01-17 13:17 -------- d-----w- C:\NSVtools 2010-01-17 13:09 . 2010-01-17 13:14 -------- d-----w- c:\program files\NSVtools 2010-01-17 13:02 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll 2010-01-17 13:02 . 2007-03-09 08:37 139264 ----a-w- c:\windows\system32\viscomqtde.dll 2010-01-17 13:02 . 2007-03-09 08:36 81920 ----a-w- c:\windows\system32\viscomwave.dll 2010-01-17 12:50 . 2010-02-01 20:10 -------- d-----w- c:\program files\Common Files\NSV 2010-01-17 09:31 . 2010-01-17 09:31 -------- d-----w- c:\documents and settings\Poplop\Pulpitgameboy 2010-01-16 18:39 . 2010-01-16 18:39 809 ----a-w- c:\windows\unins001.dat 2010-01-16 18:39 . 2010-01-16 18:39 744969 ----a-w- c:\windows\unins001.exe 2010-01-16 18:39 . 2009-12-21 13:49 11886696 ----a-w- c:\windows\gg.exe 2010-01-15 13:10 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-01-15 13:10 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-01-15 13:10 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-01-15 13:10 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-01-15 06:10 . 2010-01-15 06:10 33558 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe 2010-01-15 06:03 . 2010-01-15 06:03 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2010-01-14 21:17 . 2010-01-14 21:17 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2010-01-14 21:16 . 2010-02-04 13:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2010-01-14 21:16 . 2010-01-14 21:17 -------- d-----w- c:\program files\Google 2010-01-14 21:01 . 2010-02-02 04:20 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Temp 2010-01-14 21:01 . 2010-01-15 08:39 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-05 17:19 . 2009-10-07 16:55 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\VMware 2010-02-05 17:19 . 2009-10-07 16:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\VMware 2010-02-05 10:06 . 2009-04-19 07:27 -------- d-----w- c:\program files\Flock 2010-02-04 21:00 . 2009-10-08 18:28 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Hamachi 2010-02-03 17:14 . 2009-03-01 09:18 164880 ---ha-w- c:\documents and settings\Poplop\Dane aplikacji\Microsoft\Virtual PC\VPCKeyboard.dll 2010-01-30 16:52 . 2009-06-21 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-29 15:34 . 2009-01-17 18:32 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Skype 2010-01-29 15:13 . 2009-01-17 18:33 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\skypePM 2010-01-23 19:45 . 2009-12-07 07:27 -------- d-----w- c:\program files\EslWire 2010-01-20 09:33 . 2009-03-13 19:16 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\gtk-2.0 2010-01-17 10:21 . 2010-01-01 02:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-01-17 10:21 . 2010-01-01 02:15 103736 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-01-09 09:33 . 2009-05-31 17:32 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-01-08 14:59 . 2009-01-31 12:27 -------- d-----w- c:\program files\Common Files\Borland Shared 2010-01-04 18:25 . 2010-01-04 18:25 25214 ----a-r- c:\documents and settings\Poplop\Dane aplikacji\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe 2010-01-04 18:25 . 2001-10-26 18:15 92390 ----a-w- c:\windows\system32\perfc015.dat 2010-01-04 18:25 . 2001-10-26 18:15 508024 ----a-w- c:\windows\system32\perfh015.dat 2010-01-04 18:25 . 2010-01-04 18:25 -------- d-----w- c:\program files\MySQL 2010-01-03 17:04 . 2010-01-03 17:02 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-01-03 17:02 . 2010-01-03 17:02 -------- d-----w- c:\program files\ALLConverter 2010-01-03 15:35 . 2009-03-21 10:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2010-01-02 10:04 . 2009-10-26 15:40 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\FileZilla 2010-01-01 15:26 . 2009-01-17 13:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-01 02:16 . 2010-01-01 02:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-01-01 02:15 . 2009-05-21 11:12 22328 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\PnkBstrK.sys 2010-01-01 02:15 . 2009-05-21 11:12 22328 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\PnkBstrK.sys 2009-12-31 10:53 . 2009-12-31 10:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\BioWare 2009-12-31 10:50 . 2009-12-31 10:50 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-31 10:49 . 2009-12-31 07:34 -------- d-----w- c:\program files\Common Files\BioWare 2009-12-27 14:03 . 2009-12-23 14:12 -------- d-----w- c:\program files\ipla 2009-12-24 19:27 . 2009-12-23 14:12 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\ipla 2009-12-23 17:18 . 2009-12-27 08:54 52224 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\FFExternalAlert.dll 2009-12-23 17:18 . 2009-12-27 08:54 101376 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\RadioWMPCore.dll 2009-12-23 14:12 . 2009-12-23 14:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-12-23 14:09 . 2009-12-23 14:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10 2009-12-21 21:13 . 2009-01-17 15:36 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\123 Free Solitaire 2009-12-21 21:11 . 2009-12-21 12:52 10 ----a-w- c:\windows\popcinfo.dat 2009-12-21 13:47 . 2009-12-21 13:47 37376 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2009-12-21 13:01 . 2009-12-21 12:58 -------- d-----w- c:\program files\123 Free Solitaire 2009-12-21 12:49 . 2009-12-21 12:48 -------- d-----w- c:\program files\Zuma Deluxe 2009-12-17 17:41 . 2009-02-23 18:59 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\teamspeak2 2009-12-15 20:04 . 2009-12-15 20:03 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Notepad++ 2009-12-08 16:40 . 2009-12-08 16:40 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\aerix 2009-11-28 18:21 . 2009-11-28 18:21 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2009-11-28 18:21 . 2009-11-28 18:21 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2009-11-28 18:21 . 2009-11-28 18:21 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2009-11-24 06:50 . 2009-11-24 06:50 152576 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-24 06:21 . 2009-11-24 06:21 79488 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-17 11:32 . 2009-12-07 07:27 23512 ----a-w- c:\windows\system32\drivers\ESLvnic.sys . ((((((((((((((((((((((((((((( SnapShot@2010-02-05_15.53.43 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-05 17:19 . 2010-02-05 17:19 16384 c:\windows\Temp\Perflib_Perfdata_8a4.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater] 2010-01-14 21:16 197104 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 189488 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray] 2009-08-14 18:12 64048 ----a-w- d:\vmware\VMware Player\hqtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebServ] 2008-01-28 22:36 1563136 ----a-w- d:\webserv\WebServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\totalcmd\\TOTALCMD.EXE"= "c:\\Documents and Settings\\Poplop\\Dane aplikacji\\ENet\\Apache\\Apache.exe"= "d:\\Metin2_PL\\metin2.bin"= "d:\\Counter-Strike\\hl.exe"= "d:\\Counter-Strike\\hlds.exe"= "d:\\Gadu-Gadu\\gg.exe"= "d:\\csns\\hl.exe"= "d:\\HLSW\\hlsw.exe"= "d:\\csns\\hlds.exe"= "d:\\csns\\hltv.exe"= "d:\\Teamspeak2_RC2\\server_windows.exe"= "d:\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= "d:\\NX Client for Windows\\nxclient.exe"= "d:\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= "d:\\NX Client for Windows\\bin\\nxssh.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\csnonsteam\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\counter-strike\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\deathmatch classic\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life blue shift\\hl.exe"= "d:\\Ares\\Ares.exe"= "c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Xfire\\Xfire.exe"= "d:\\Psi-pedrito\\Psi.exe"= "d:\\MySteam\\steamapps\\poplop96\\team fortress classic\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\counter-strike beta\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\opposing force\\hl.exe"= "d:\\csnonsteam\\hlds.exe"= "d:\\FreeCall.com\\FreeCall\\FreeCall.exe"= "d:\\iaxLite\\iaxLite.exe"= "d:\\Metin2_PL\\metin2client.bin"= "d:\\VMware\\VMware Player\\vmware-authd.exe"= "d:\\MySteam\\Steam.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life 2 deathmatch\\hl2.exe"= "d:\\Wolfenstein - Enemy Territory\\ET.exe"= "c:\\Documents and Settings\\Poplop\\Pulpit\\Portmap\\PortMap.exe"= "c:\\Documents and Settings\\Poplop\\Pulpit\\Kuba\\serwer samp\\samp-server.exe"= "d:\\MySteam\\steamapps\\poplop96\\ricochet\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\team fortress 2\\hl2.exe"= "c:\\Program Files\\WinSCP\\WinSCP.exe"= "d:\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\EslWire\\wire.exe"= "c:\\Program Files\\EslWire\\dppm_source.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"= "d:\\MySteam\\steamapps\\poplop96\\zombie panic! source\\hl2.exe"= "d:\\Gadu-Gadu 10\\gg.exe"= "d:\\Dragon Age\\bin_ship\\daorigins.exe"= "d:\\Dragon Age\\DAOriginsLauncher.exe"= "d:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "d:\\Techland\\Call of Juarez - Wiezy Krwi\\CoJBiBGame_x86.exe"= "d:\\Java\\jre6\\bin\\java.exe"= "j:\\Metek + Atlantyda\\mc.exe"= "j:\\Metek + Atlantyda\\Longjuytgamelogin.exe"= "j:\\PLMETIN2\\mc.exe"= "j:\\PLMETIN2\\Rava.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "d:\\MySteam\\steamapps\\common\\osmos demo\\OsmosDemo.exe"= "d:\\MySteam\\steamapps\\common\\quake 3 arena demo\\quake3.exe"= "d:\\MySteam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22:TCP"= 22:TCP:22 "12975:TCP"= 12975:TCP:12975 "3297:TCP"= 3297:TCP:3297 "3306:TCP"= 3306:TCP:3306 R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [2008-04-12 11392] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-03-10 100560] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-03-10 41744] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-08-14 54960] R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2009-12-07 23512] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-03-10 87568] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-01-17 428160] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-07 721904] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 133104] S3 DAUpdaterSvc;Dragon Age: Początek - Aktualizator zawartości;d:\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-31 25832] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt --> c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-11-28 13224] S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-03 55296] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-08-15 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-10-18 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-10-18 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-11-28 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-11-28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-11-28 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-11-28 97704] S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?] . Zawartość folderu 'Zaplanowane zadania' 2010-02-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-14 21:16] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:17] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:17] 2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job - c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-01-14 21:01] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job - c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-01-14 21:01] . . ------- Skan uzupełniający ------- . mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/ IE: &Download All by FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bholink.htm IE: &Pobierz wszystko przez FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bhoall.htm IE: &Pobrane przez FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bholink.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: d:\vmware\VMware Player\vsocklib.dll FF - ProfilePath - c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2009787&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2009787&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2009787&SearchSource=2&q= FF - component: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\RadioWMPCore.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-entry - c:\gfx.com AddRemove-BearShare MediaBar - c:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-05 18:27 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7BCB90]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3 \Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8 \Driver\atapi -> 0x8a7bcb90 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9e0aba0 PacketIndicateHandler -> NDIS.sys @ 0xb9e17b21 SendHandler -> NDIS.sys @ 0xb9df587b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1912) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2010-02-05 18:28:23 ComboFix-quarantined-files.txt 2010-02-05 17:28 Przed: 8 978 063 360 bajtów wolnych Po: 8 937 140 224 bajtów wolnych - - End Of File - - 7C3E9DC5BF236F681283C39DED169533 [/log]
Gość komentarz 5 lutego 2010 komentarz 5 lutego 2010 (edytowane) Zamontuj ten skrypt: [quote] File:: D:\ws.exe J:\ws.exe D:\bveijo.exe J:\bveijo.exe D:\mvmdh.exe J:\mvmdh.exe D:\df.exe J:\df.exe D:\gfx.com J:\gfx.com c:\windows\gg.exe [/quote] 1
poplop komentarz 5 lutego 2010 Autor komentarz 5 lutego 2010 Jak jeszcze coś się znajdzie to dajcie znać: [log] ComboFix 10-02-05.01 - Poplop 2010-02-05 20:17:31.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1573 [GMT 1:00] Uruchomiony z: c:\documents and settings\Poplop\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Poplop\Pulpit\CFScript.txt FILE :: "c:\windows\gg.exe" "D:\bveijo.exe" "D:\df.exe" "D:\gfx.com" "D:\mvmdh.exe" "D:\ws.exe" "J:\bveijo.exe" "J:\df.exe" "J:\gfx.com" "J:\mvmdh.exe" "J:\ws.exe" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\gg.exe c:\windows\svchost.exe D:\bveijo.exe D:\df.exe D:\mvmdh.exe D:\ws.exe J:\bveijo.exe J:\df.exe J:\mvmdh.exe J:\ws.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER -------\Service_PowerManager ((((((((((((((((((((((((( Pliki utworzone od 2010-01-05 do 2010-02-05 ))))))))))))))))))))))))))))))) . 2010-02-04 20:03 . 2010-02-04 20:04 -------- d-----w- c:\program files\Hamachi 2010-02-04 20:03 . 2010-02-04 20:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2010-01-30 17:10 . 2010-01-30 17:11 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\TS3Client 2010-01-20 19:25 . 2010-01-20 19:25 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2010-01-20 19:25 . 2010-01-20 19:25 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2010-01-20 19:25 . 2010-01-20 19:25 -------- d-----w- c:\program files\OpenAL 2010-01-19 17:35 . 2010-01-19 18:30 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Procaster 2010-01-19 17:35 . 2010-01-19 17:35 -------- d-----w- c:\program files\Livestream Procaster 2010-01-17 13:10 . 2010-01-17 13:17 -------- d-----w- C:\NSVtools 2010-01-17 13:09 . 2010-01-17 13:14 -------- d-----w- c:\program files\NSVtools 2010-01-17 13:02 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll 2010-01-17 13:02 . 2007-03-09 08:37 139264 ----a-w- c:\windows\system32\viscomqtde.dll 2010-01-17 13:02 . 2007-03-09 08:36 81920 ----a-w- c:\windows\system32\viscomwave.dll 2010-01-17 12:50 . 2010-02-01 20:10 -------- d-----w- c:\program files\Common Files\NSV 2010-01-17 09:31 . 2010-01-17 09:31 -------- d-----w- c:\documents and settings\Poplop\Pulpitgameboy 2010-01-16 18:39 . 2010-01-16 18:39 809 ----a-w- c:\windows\unins001.dat 2010-01-16 18:39 . 2010-01-16 18:39 744969 ----a-w- c:\windows\unins001.exe 2010-01-15 13:10 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-01-15 13:10 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-01-15 13:10 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-01-15 13:10 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-01-15 06:10 . 2010-01-15 06:10 33558 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe 2010-01-15 06:03 . 2010-01-15 06:03 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2010-01-14 21:17 . 2010-01-14 21:17 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2010-01-14 21:16 . 2010-02-04 13:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2010-01-14 21:16 . 2010-01-14 21:17 -------- d-----w- c:\program files\Google 2010-01-14 21:01 . 2010-02-02 04:20 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Temp 2010-01-14 21:01 . 2010-01-15 08:39 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-05 19:23 . 2009-10-07 16:55 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\VMware 2010-02-05 19:22 . 2009-10-07 16:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\VMware 2010-02-05 10:06 . 2009-04-19 07:27 -------- d-----w- c:\program files\Flock 2010-02-04 21:00 . 2009-10-08 18:28 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Hamachi 2010-02-03 17:14 . 2009-03-01 09:18 164880 ---ha-w- c:\documents and settings\Poplop\Dane aplikacji\Microsoft\Virtual PC\VPCKeyboard.dll 2010-01-30 16:52 . 2009-06-21 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-29 15:34 . 2009-01-17 18:32 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Skype 2010-01-29 15:13 . 2009-01-17 18:33 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\skypePM 2010-01-23 19:45 . 2009-12-07 07:27 -------- d-----w- c:\program files\EslWire 2010-01-20 09:33 . 2009-03-13 19:16 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\gtk-2.0 2010-01-17 10:21 . 2010-01-01 02:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-01-17 10:21 . 2010-01-01 02:15 103736 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-01-09 09:33 . 2009-05-31 17:32 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-01-08 14:59 . 2009-01-31 12:27 -------- d-----w- c:\program files\Common Files\Borland Shared 2010-01-04 18:25 . 2010-01-04 18:25 25214 ----a-r- c:\documents and settings\Poplop\Dane aplikacji\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe 2010-01-04 18:25 . 2001-10-26 18:15 92390 ----a-w- c:\windows\system32\perfc015.dat 2010-01-04 18:25 . 2001-10-26 18:15 508024 ----a-w- c:\windows\system32\perfh015.dat 2010-01-04 18:25 . 2010-01-04 18:25 -------- d-----w- c:\program files\MySQL 2010-01-03 17:04 . 2010-01-03 17:02 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-01-03 17:02 . 2010-01-03 17:02 -------- d-----w- c:\program files\ALLConverter 2010-01-03 15:35 . 2009-03-21 10:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2010-01-02 10:04 . 2009-10-26 15:40 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\FileZilla 2010-01-01 15:26 . 2009-01-17 13:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-01 02:16 . 2010-01-01 02:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-01-01 02:15 . 2009-05-21 11:12 22328 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\PnkBstrK.sys 2010-01-01 02:15 . 2009-05-21 11:12 22328 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\PnkBstrK.sys 2009-12-31 10:53 . 2009-12-31 10:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\BioWare 2009-12-31 10:50 . 2009-12-31 10:50 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-31 10:49 . 2009-12-31 07:34 -------- d-----w- c:\program files\Common Files\BioWare 2009-12-27 14:03 . 2009-12-23 14:12 -------- d-----w- c:\program files\ipla 2009-12-24 19:27 . 2009-12-23 14:12 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\ipla 2009-12-23 17:18 . 2009-12-27 08:54 52224 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\FFExternalAlert.dll 2009-12-23 17:18 . 2009-12-27 08:54 101376 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\RadioWMPCore.dll 2009-12-23 14:12 . 2009-12-23 14:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-12-23 14:09 . 2009-12-23 14:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10 2009-12-21 21:13 . 2009-01-17 15:36 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\123 Free Solitaire 2009-12-21 21:11 . 2009-12-21 12:52 10 ----a-w- c:\windows\popcinfo.dat 2009-12-21 13:47 . 2009-12-21 13:47 37376 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2009-12-21 13:01 . 2009-12-21 12:58 -------- d-----w- c:\program files\123 Free Solitaire 2009-12-21 12:49 . 2009-12-21 12:48 -------- d-----w- c:\program files\Zuma Deluxe 2009-12-17 17:41 . 2009-02-23 18:59 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\teamspeak2 2009-12-15 20:04 . 2009-12-15 20:03 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Notepad++ 2009-12-08 16:40 . 2009-12-08 16:40 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\aerix 2009-11-28 18:21 . 2009-11-28 18:21 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2009-11-28 18:21 . 2009-11-28 18:21 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2009-11-28 18:21 . 2009-11-28 18:21 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2009-11-24 06:50 . 2009-11-24 06:50 152576 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-24 06:21 . 2009-11-24 06:21 79488 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-17 11:32 . 2009-12-07 07:27 23512 ----a-w- c:\windows\system32\drivers\ESLvnic.sys . ((((((((((((((((((((((((((((( SnapShot@2010-02-05_15.53.43 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-05 19:23 . 2010-02-05 19:23 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat + 2010-02-05 19:13 . 2010-02-05 19:13 16384 c:\windows\Temp\Perflib_Perfdata_1a4.dat + 2010-02-05 18:47 . 2010-02-05 18:47 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe - 2010-01-30 16:52 . 2010-01-30 16:52 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater] 2010-01-14 21:16 197104 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 189488 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray] 2009-08-14 18:12 64048 ----a-w- d:\vmware\VMware Player\hqtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebServ] 2008-01-28 22:36 1563136 ----a-w- d:\webserv\WebServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\totalcmd\\TOTALCMD.EXE"= "c:\\Documents and Settings\\Poplop\\Dane aplikacji\\ENet\\Apache\\Apache.exe"= "d:\\Metin2_PL\\metin2.bin"= "d:\\Counter-Strike\\hl.exe"= "d:\\Counter-Strike\\hlds.exe"= "d:\\Gadu-Gadu\\gg.exe"= "d:\\csns\\hl.exe"= "d:\\HLSW\\hlsw.exe"= "d:\\csns\\hlds.exe"= "d:\\csns\\hltv.exe"= "d:\\Teamspeak2_RC2\\server_windows.exe"= "d:\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= "d:\\NX Client for Windows\\nxclient.exe"= "d:\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= "d:\\NX Client for Windows\\bin\\nxssh.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\csnonsteam\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\counter-strike\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\deathmatch classic\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life blue shift\\hl.exe"= "d:\\Ares\\Ares.exe"= "c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Xfire\\Xfire.exe"= "d:\\Psi-pedrito\\Psi.exe"= "d:\\MySteam\\steamapps\\poplop96\\team fortress classic\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\counter-strike beta\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\opposing force\\hl.exe"= "d:\\csnonsteam\\hlds.exe"= "d:\\FreeCall.com\\FreeCall\\FreeCall.exe"= "d:\\iaxLite\\iaxLite.exe"= "d:\\Metin2_PL\\metin2client.bin"= "d:\\VMware\\VMware Player\\vmware-authd.exe"= "d:\\MySteam\\Steam.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life 2 deathmatch\\hl2.exe"= "d:\\Wolfenstein - Enemy Territory\\ET.exe"= "c:\\Documents and Settings\\Poplop\\Pulpit\\Portmap\\PortMap.exe"= "c:\\Documents and Settings\\Poplop\\Pulpit\\Kuba\\serwer samp\\samp-server.exe"= "d:\\MySteam\\steamapps\\poplop96\\ricochet\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\team fortress 2\\hl2.exe"= "c:\\Program Files\\WinSCP\\WinSCP.exe"= "d:\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\EslWire\\wire.exe"= "c:\\Program Files\\EslWire\\dppm_source.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"= "d:\\MySteam\\steamapps\\poplop96\\zombie panic! source\\hl2.exe"= "d:\\Gadu-Gadu 10\\gg.exe"= "d:\\Dragon Age\\bin_ship\\daorigins.exe"= "d:\\Dragon Age\\DAOriginsLauncher.exe"= "d:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "d:\\Techland\\Call of Juarez - Wiezy Krwi\\CoJBiBGame_x86.exe"= "d:\\Java\\jre6\\bin\\java.exe"= "j:\\Metek + Atlantyda\\mc.exe"= "j:\\Metek + Atlantyda\\Longjuytgamelogin.exe"= "j:\\PLMETIN2\\mc.exe"= "j:\\PLMETIN2\\Rava.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "d:\\MySteam\\steamapps\\common\\osmos demo\\OsmosDemo.exe"= "d:\\MySteam\\steamapps\\common\\quake 3 arena demo\\quake3.exe"= "d:\\MySteam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22:TCP"= 22:TCP:22 "12975:TCP"= 12975:TCP:12975 "3297:TCP"= 3297:TCP:3297 "3306:TCP"= 3306:TCP:3306 R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-07 721904] R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [2008-04-12 11392] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-03-10 100560] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-03-10 41744] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-08-14 54960] R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2009-12-07 23512] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-03-10 87568] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-01-17 428160] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 133104] S3 DAUpdaterSvc;Dragon Age: Początek - Aktualizator zawartości;d:\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-31 25832] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt --> c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-11-28 13224] S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-03 55296] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-08-15 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-10-18 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-10-18 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-11-28 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-11-28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-11-28 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-11-28 97704] S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?] . Zawartość folderu 'Zaplanowane zadania' 2010-02-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-14 21:16] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:17] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:17] 2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job - c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-01-14 21:01] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job - c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-01-14 21:01] . . ------- Skan uzupełniający ------- . mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/ IE: &Download All by FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bholink.htm IE: &Pobierz wszystko przez FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bhoall.htm IE: &Pobrane przez FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bholink.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: d:\vmware\VMware Player\vsocklib.dll FF - ProfilePath - c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2009787&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2009787&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2009787&SearchSource=2&q= FF - component: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\RadioWMPCore.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-05 20:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A556938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3 \Driver\ACPI -> ACPI.sys @ 0xb9e65cb8 \Driver\atapi -> 0x8a556938 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9cf1ba0 PacketIndicateHandler -> NDIS.sys @ 0xb9cfeb21 SendHandler -> NDIS.sys @ 0xb9cdc87b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1932) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3132) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll d:\microsoft virtual pc\VPCShExH.DLL c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe d:\cpucool\CooLSrv.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\vmnat.exe c:\windows\system32\vmnetdhcp.exe d:\vmware\VMware Player\vmware-authd.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2010-02-05 20:26:29 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-05 19:26 ComboFix2.txt 2010-02-05 17:28 Przed: 8 937 304 064 bajtów wolnych Po: 8 880 054 272 bajtów wolnych - - End Of File - - FFAF285E21E11FE88C39E4C3E42B557F [/log]
Gość komentarz 5 lutego 2010 komentarz 5 lutego 2010 Masz JEFFO czyli ... zarażone exe. [b]1.[/b] Ściągnij szczepionkę >>> http://www.sophos.com/support/cleaners/jeefogui.com [b]2.[/b] Uruchom komputer ponownie i wejdź do Trybu Awaryjnego (F8 przed bootem Windows'a). [b]3.[/b] Odpal szczepionke. [b]4.[/b] Naciśnij [b]Accept[/b]. [b]5.[/b] Pojawi Ci się okienko, wciśnij przycisk [b]Configuration[/b] i zaznacz tak samo jak tutaj: [url=http://img121.imageshack.us/i/beztytuu3w.png/][img]http://img121.imageshack.us/img121/1656/beztytuu3w.png[/img][/url] [b]6.[/b] Po zaznaczeniu 3 opcji naciskasz [b]OK[/b]. [b]7.[/b] Naciskasz [b]Start Scan[/b] i pozwalasz na leczenie zarażonych plików. [b]8.[/b] Czekaż, aż skończy i wklejasz potem raport na Forum.
Mateusz J. komentarz 5 lutego 2010 komentarz 5 lutego 2010 Pojawił się powermanager... Wykonaj: http://www.forumpc.pl/index.php?showtopic=107753 (Raport na forum, koneicznie!) Następnie nowy log z ComboFix. 1
poplop komentarz 6 lutego 2010 Autor komentarz 6 lutego 2010 Zeskanowałem kompa tym jeffo. Ale logów nie wstawię bo zajmują 27 MB Jutro przeskanuje tym co podał Jesiona.Log z mbam (jak coś znajdziecie to mnie poinformujcie ): [log] Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3697 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 6.0.2900.2180 2010-02-06 19:53:32 mbam-log-2010-02-06 (19-53-32).txt Typ skanowania: Pełne skanowanie (C:\|) Przeskanowane obiekty: 182918 Upłynęło: 32 minute(s), 34 second(s) Zainfekowane procesy w pamięci: 1 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 17 Zainfekowane wartości rejestru: 4 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 0 Zainfekowane pliki: 110 Zainfekowane procesy w pamięci: C:\WINDOWS\svchost.exe (Trojan.Agent) -> Unloaded process successfully. Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\n.cs4 (Backdoor.CIADoor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0958c4c9-77b0-4aa8-9364-7886bfca7e39} (Backdoor.CIADoor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e14dce67-8fb7-4721-8149-179baa4d792c} (Backdoor.CIADoor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c9f1c5a0-f3d8-48e2-8b8c-3e86b4cac7e3} (Backdoor.CIADoor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wsctf.exe (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\WINDOWS\system32\EXPLORER.EXE (Password.Stealer) -> Quarantined and deleted successfully. C:\0fpdq2dw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\0fpdq2dw.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\1di1w.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\1hqup.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\2id9.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\2sm66r.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\6ruaqx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\9d6tpg.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\9g86.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\c2e.exe.vir (Spyware.OnLineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\cs6phv6d.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\curqp.exe.vir (Worm.Taterf) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\g12g.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\i9bwjpqc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\k8jc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\lphfa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\mbdm.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\mbvd.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\nds0q.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\ngp8l.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\nqdymj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\nx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\pbudsara.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\qbr2q.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\s3ek.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\se12ydam.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\vb0hsoay.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\wcgswa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\wfx062.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\wisf1.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\wu1n.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\xmor.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\y.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\ycvvj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\q3kku.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\vlvtdflx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\EXPLORER.EXE.vir (Password.Stealer) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\0fpdq2dw.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\1di1w.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\1hqup.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\2id9.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\2sm66r.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\6ruaqx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\9d6tpg.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\9g86.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\c2e.exe.vir (Spyware.OnLineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\cs6phv6d.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\curqp.exe.vir (Worm.Taterf) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\g12g.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\i9bwjpqc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\k8jc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\lphfa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\mbdm.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\mbvd.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\nds0q.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\ngp8l.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\nqdymj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\nx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\pbudsara.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\q3kku.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\qbr2q.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\s3ek.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\se12ydam.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\vb0hsoay.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\vlvtdflx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\wcgswa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\wfx062.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\wisf1.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\wu1n.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\xmor.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\y.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\D\ycvvj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\0fpdq2dw.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\1di1w.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\1hqup.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\2id9.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\2sm66r.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\6ruaqx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\9d6tpg.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\9g86.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\c2e.exe.vir (Spyware.OnLineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\cs6phv6d.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\curqp.exe.vir (Worm.Taterf) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\g12g.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\i9bwjpqc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\k8jc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\lphfa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\mbdm.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\mbvd.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\nds0q.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\ngp8l.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\nqdymj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\nx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\pbudsara.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\q3kku.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\qbr2q.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\s3ek.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\se12ydam.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\vlvtdflx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\wcgswa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\wfx062.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\wisf1.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\wu1n.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\xmor.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\y.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\J\ycvvj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Poplop\Ustawienia lokalne\temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Poplop\Ustawienia lokalne\temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot. [/log]
poplop komentarz 8 lutego 2010 Autor komentarz 8 lutego 2010 Dam później bo teraz coś robię. I muszę skończyć do 14...Zrobiłem już log ComboFixem: [log] ComboFix 10-02-05.01 - Poplop 2010-02-07 17:34:28.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1669 [GMT 1:00] Uruchomiony z: c:\documents and settings\Poplop\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\windows\svchost.exe c:\windows\system32\1602Unst.exe c:\windows\system32\explorer.exe D:\0fpdq2dw.exe D:\Autorun.inf J:\0fpdq2dw.exe J:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER ((((((((((((((((((((((((( Pliki utworzone od 2010-01-07 do 2010-02-07 ))))))))))))))))))))))))))))))) . 2010-02-06 18:17 . 2010-02-06 18:17 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Malwarebytes 2010-02-06 18:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-06 18:17 . 2010-02-06 18:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-02-06 18:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-06 12:05 . 2010-02-06 12:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\EA Core 2010-02-06 12:00 . 2010-02-06 12:00 38784 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-06 12:00 . 2010-02-06 12:00 38784 ----a-w- c:\documents and settings\Default User\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-06 12:00 . 2010-02-06 12:00 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-02-06 10:09 . 2010-02-06 10:08 150528 --sh--r- C:\ws.exe 2010-02-04 20:03 . 2010-02-04 20:04 -------- d-----w- c:\program files\Hamachi 2010-02-04 20:03 . 2010-02-04 20:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2010-01-30 17:10 . 2010-01-30 17:11 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\TS3Client 2010-01-20 19:25 . 2010-01-20 19:25 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2010-01-20 19:25 . 2010-01-20 19:25 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2010-01-20 19:25 . 2010-01-20 19:25 -------- d-----w- c:\program files\OpenAL 2010-01-19 17:35 . 2010-01-19 18:30 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Procaster 2010-01-19 17:35 . 2010-01-19 17:35 -------- d-----w- c:\program files\Livestream Procaster 2010-01-17 13:10 . 2010-01-17 13:17 -------- d-----w- C:\NSVtools 2010-01-17 13:09 . 2010-01-17 13:14 -------- d-----w- c:\program files\NSVtools 2010-01-17 13:02 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll 2010-01-17 13:02 . 2007-03-09 08:37 139264 ----a-w- c:\windows\system32\viscomqtde.dll 2010-01-17 13:02 . 2007-03-09 08:36 81920 ----a-w- c:\windows\system32\viscomwave.dll 2010-01-17 12:50 . 2010-02-01 20:10 -------- d-----w- c:\program files\Common Files\NSV 2010-01-17 09:31 . 2010-01-17 09:31 -------- d-----w- c:\documents and settings\Poplop\Pulpitgameboy 2010-01-16 18:39 . 2010-02-05 21:02 744969 ----a-w- c:\windows\unins001.exe 2010-01-16 18:39 . 2010-01-16 18:39 809 ----a-w- c:\windows\unins001.dat 2010-01-15 13:10 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-01-15 13:10 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-01-15 13:10 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-01-15 13:10 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-01-15 06:10 . 2010-01-15 06:10 33558 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe 2010-01-15 06:03 . 2010-01-15 06:03 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2010-01-14 21:17 . 2010-01-14 21:17 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2010-01-14 21:16 . 2010-02-06 15:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2010-01-14 21:16 . 2010-01-14 21:17 -------- d-----w- c:\program files\Google 2010-01-14 21:01 . 2010-02-02 04:20 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Temp 2010-01-14 21:01 . 2010-01-15 08:39 -------- d-----w- c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-07 16:40 . 2009-10-07 16:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\VMware 2010-02-07 16:33 . 2009-10-07 16:55 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\VMware 2010-02-07 15:12 . 2009-04-19 07:27 -------- d-----w- c:\program files\Flock 2010-02-06 12:00 . 2009-07-07 09:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Electronic Arts 2010-02-06 09:27 . 2009-01-17 13:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-05 21:01 . 2009-05-11 21:35 155136 ----a-w- c:\windows\system32\atibtmon.exe 2010-02-05 21:01 . 2009-01-17 13:48 1228288 ----a-w- c:\windows\RtlUpd.exe 2010-02-05 21:01 . 2009-01-17 13:48 2202112 ----a-w- c:\windows\MicCal.exe 2010-02-05 21:01 . 2009-08-27 12:16 148992 ----a-w- c:\windows\lsb_un20.exe 2010-02-05 21:01 . 2009-04-19 11:51 341504 ----a-w- c:\windows\IsUninst.exe 2010-02-05 21:01 . 2009-01-17 13:48 351744 ----a-w- c:\windows\HideWin.exe 2010-02-05 21:00 . 2009-01-17 14:01 212480 ----a-w- c:\windows\amcap.exe 2010-02-04 21:00 . 2009-10-08 18:28 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Hamachi 2010-02-03 17:14 . 2009-03-01 09:18 164880 ---ha-w- c:\documents and settings\Poplop\Dane aplikacji\Microsoft\Virtual PC\VPCKeyboard.dll 2010-01-30 16:52 . 2009-06-21 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-29 15:34 . 2009-01-17 18:32 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Skype 2010-01-29 15:13 . 2009-01-17 18:33 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\skypePM 2010-01-23 19:45 . 2009-12-07 07:27 -------- d-----w- c:\program files\EslWire 2010-01-20 09:33 . 2009-03-13 19:16 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\gtk-2.0 2010-01-17 10:21 . 2010-01-01 02:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-01-17 10:21 . 2010-01-01 02:15 103736 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-01-09 09:33 . 2009-05-31 17:32 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-01-08 14:59 . 2009-01-31 12:27 -------- d-----w- c:\program files\Common Files\Borland Shared 2010-01-04 18:25 . 2010-01-04 18:25 25214 ----a-r- c:\documents and settings\Poplop\Dane aplikacji\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe 2010-01-04 18:25 . 2001-10-26 18:15 92390 ----a-w- c:\windows\system32\perfc015.dat 2010-01-04 18:25 . 2001-10-26 18:15 508024 ----a-w- c:\windows\system32\perfh015.dat 2010-01-04 18:25 . 2010-01-04 18:25 -------- d-----w- c:\program files\MySQL 2010-01-03 17:04 . 2010-01-03 17:02 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-01-03 17:02 . 2010-01-03 17:02 -------- d-----w- c:\program files\ALLConverter 2010-01-03 15:35 . 2009-03-21 10:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2010-01-02 10:04 . 2009-10-26 15:40 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\FileZilla 2010-01-01 02:16 . 2010-01-01 02:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-01-01 02:15 . 2009-05-21 11:12 22328 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\PnkBstrK.sys 2010-01-01 02:15 . 2009-05-21 11:12 22328 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\PnkBstrK.sys 2009-12-31 10:53 . 2009-12-31 10:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\BioWare 2009-12-31 10:50 . 2009-12-31 10:50 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-31 10:49 . 2009-12-31 07:34 -------- d-----w- c:\program files\Common Files\BioWare 2009-12-27 14:03 . 2009-12-23 14:12 -------- d-----w- c:\program files\ipla 2009-12-24 19:27 . 2009-12-23 14:12 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\ipla 2009-12-23 17:18 . 2009-12-27 08:54 52224 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\FFExternalAlert.dll 2009-12-23 17:18 . 2009-12-27 08:54 101376 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Mozilla\Firefox\Profiles\9mszj51z.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}\components\RadioWMPCore.dll 2009-12-23 14:12 . 2009-12-23 14:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-12-23 14:09 . 2009-12-23 14:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2009-12-23 14:00 . 2009-12-23 14:00 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10 2009-12-21 21:13 . 2009-01-17 15:36 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\123 Free Solitaire 2009-12-21 21:11 . 2009-12-21 12:52 10 ----a-w- c:\windows\popcinfo.dat 2009-12-21 13:47 . 2009-12-21 13:47 37376 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2009-12-21 13:01 . 2009-12-21 12:58 -------- d-----w- c:\program files\123 Free Solitaire 2009-12-21 12:49 . 2009-12-21 12:48 -------- d-----w- c:\program files\Zuma Deluxe 2009-12-17 17:41 . 2009-02-23 18:59 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\teamspeak2 2009-12-15 20:04 . 2009-12-15 20:03 -------- d-----w- c:\documents and settings\Poplop\Dane aplikacji\Notepad++ 2009-11-28 18:21 . 2009-11-28 18:21 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2009-11-28 18:21 . 2009-11-28 18:21 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2009-11-28 18:21 . 2009-11-28 18:21 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2009-11-24 06:50 . 2009-11-24 06:50 152576 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-24 06:21 . 2009-11-24 06:21 79488 ----a-w- c:\documents and settings\Poplop\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-17 11:32 . 2009-12-07 07:27 23512 ----a-w- c:\windows\system32\drivers\ESLvnic.sys . ((((((((((((((((((((((((((((( SnapShot@2010-02-05_15.53.43 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-07 16:33 . 2010-02-07 16:33 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat + 2009-01-17 14:30 . 2010-02-06 07:30 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2009-01-17 14:30 . 2009-08-16 10:17 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2010-02-06 12:00 . 2010-02-06 12:00 21504 c:\windows\Installer\94600f.msi + 2010-02-06 12:00 . 2010-02-06 12:00 27648 c:\windows\Installer\946008.msi + 2010-02-05 18:47 . 2010-02-05 18:47 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe - 2010-01-30 16:52 . 2010-01-30 16:52 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe + 2009-01-17 14:01 . 2010-02-05 21:02 138752 c:\windows\VM303Cap.exe - 2009-01-17 14:01 . 2005-04-30 17:46 138752 c:\windows\VM303Cap.exe + 2009-02-03 14:04 . 2010-02-05 21:02 327680 c:\windows\uninst.exe + 2009-04-19 11:41 . 2010-02-05 21:02 159236 c:\windows\UnGins.exe - 2009-04-19 11:41 . 2001-01-12 17:47 159236 c:\windows\UnGins.exe + 2008-07-29 20:26 . 2010-02-05 21:02 324096 c:\windows\system32\XPSViewer\XPSViewer.exe - 2006-09-28 17:56 . 2006-09-28 17:56 182784 c:\windows\system32\WudfHost.exe + 2006-09-28 17:56 . 2010-02-05 21:02 182784 c:\windows\system32\WudfHost.exe - 2006-10-26 12:45 . 2006-10-26 12:45 329728 c:\windows\system32\WISPTIS.EXE + 2006-10-26 12:45 . 2010-02-05 21:02 329728 c:\windows\system32\WISPTIS.EXE + 2009-08-31 19:32 . 2010-02-05 21:02 295936 c:\windows\system32\TweakUI.exe - 2009-03-25 17:53 . 2009-05-15 19:17 167424 c:\windows\system32\SpoonUninstall.exe + 2009-03-25 17:53 . 2010-02-05 21:02 167424 c:\windows\system32\SpoonUninstall.exe + 2006-10-14 14:44 . 2010-02-05 21:02 633856 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe - 2006-10-14 14:44 . 2008-07-06 10:50 633856 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe + 2009-10-06 17:41 . 2010-02-05 21:02 155136 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atibtmon.exe - 2009-10-06 17:41 . 2009-05-11 21:35 155136 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atibtmon.exe + 2008-07-29 19:35 . 2010-02-05 21:02 351744 c:\windows\system32\PresentationHost.exe + 2008-11-26 07:55 . 2010-02-05 21:02 318976 c:\windows\system32\PhysXCplUI.exe + 2008-11-25 07:38 . 2010-02-05 21:02 318976 c:\windows\system32\PhysXCompatCplUI.exe - 2009-05-21 11:12 . 2009-05-21 12:58 705536 c:\windows\system32\pbsvc.exe + 2009-05-21 11:12 . 2010-02-05 21:02 705536 c:\windows\system32\pbsvc.exe - 2009-01-17 13:47 . 2006-09-11 16:27 392704 c:\windows\system32\nvusmb.exe + 2009-01-17 13:47 . 2010-02-05 21:02 392704 c:\windows\system32\nvusmb.exe - 2009-01-17 13:47 . 2007-06-22 10:51 392704 c:\windows\system32\nvunrm.exe + 2009-01-17 13:47 . 2010-02-05 21:02 392704 c:\windows\system32\nvunrm.exe - 2009-01-17 13:47 . 2007-05-01 07:23 392704 c:\windows\system32\NVUNINST.EXE + 2009-01-17 13:47 . 2010-02-05 21:02 392704 c:\windows\system32\NVUNINST.EXE + 2009-08-07 10:05 . 2010-02-05 21:02 185632 c:\windows\system32\javaws.exe - 2009-08-07 10:05 . 2009-08-07 10:05 185632 c:\windows\system32\javaws.exe + 2009-08-07 10:05 . 2010-02-05 21:02 181536 c:\windows\system32\javaw.exe - 2009-08-07 10:05 . 2009-08-07 10:05 181536 c:\windows\system32\javaw.exe - 2008-07-29 18:24 . 2008-07-29 18:24 658432 c:\windows\system32\icardagt.exe + 2008-07-29 18:24 . 2010-02-05 21:02 658432 c:\windows\system32\icardagt.exe - 2006-10-18 19:00 . 2006-10-18 19:00 286208 c:\windows\system32\drmupgds.exe + 2006-10-18 19:00 . 2010-02-05 21:02 286208 c:\windows\system32\drmupgds.exe + 2009-02-28 13:35 . 2010-02-05 21:01 185856 c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE - 2009-02-28 13:35 . 1999-06-25 09:55 185856 c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE + 2009-06-04 12:15 . 2010-02-05 21:01 151040 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe - 2009-06-04 12:15 . 2009-06-04 12:15 151040 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe - 2009-06-05 11:38 . 2009-06-05 11:38 504760 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe + 2009-06-05 11:38 . 2010-02-05 21:01 504760 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe + 2009-02-28 13:35 . 2010-02-05 21:01 496568 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe - 2009-02-28 13:35 . 2009-01-16 18:25 496568 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe + 2009-07-03 04:58 . 2010-02-05 21:01 320376 c:\windows\system32\Adobe\Shockwave 11\nssstub.exe - 2009-07-03 04:58 . 2009-07-03 04:58 320376 c:\windows\system32\Adobe\Shockwave 11\nssstub.exe - 1999-01-12 13:09 . 1999-01-12 13:09 417280 c:\windows\speech\vcmd.exe + 1999-01-12 13:09 . 2010-02-05 21:01 417280 c:\windows\speech\vcmd.exe + 2009-01-17 14:06 . 2010-02-05 21:01 140288 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe - 2009-01-17 14:06 . 2004-08-03 22:44 140288 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe + 2008-07-29 17:47 . 2010-02-05 21:01 305656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe - 2008-07-29 17:47 . 2008-07-29 17:47 305656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe + 2009-01-17 14:01 . 2010-02-05 21:00 643584 c:\windows\EffectResources\VM0303\FrameWizard.exe - 2010-01-01 15:24 . 2006-09-16 00:05 257840 c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe + 2010-01-01 15:24 . 2010-02-05 21:00 257840 c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe + 2010-01-01 15:25 . 2010-02-05 21:00 855552 c:\windows\$NtUninstallWMFDist11$\wmsetsdk.exe - 2010-01-01 15:25 . 2004-10-11 09:20 855552 c:\windows\$NtUninstallWMFDist11$\wmsetsdk.exe - 2010-01-01 15:25 . 2006-05-16 17:11 249568 c:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe + 2010-01-01 15:25 . 2010-02-05 21:00 249568 c:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe + 2009-05-27 12:50 . 2010-02-05 21:00 257840 c:\windows\$NtUninstallWIC$\spuninst\spuninst.exe - 2009-05-27 12:50 . 2006-10-16 14:10 257840 c:\windows\$NtUninstallWIC$\spuninst\spuninst.exe + 2009-11-28 18:32 . 2010-02-05 21:00 257840 c:\windows\$NtUninstallWdf01007$\spuninst\spuninst.exe - 2009-11-28 18:32 . 2008-03-21 12:57 257840 c:\windows\$NtUninstallWdf01007$\spuninst\spuninst.exe + 2010-01-01 15:25 . 2010-02-05 21:00 249568 c:\windows\$NtUninstallKB926239$\spuninst\spuninst.exe - 2010-01-01 15:25 . 2005-10-12 23:12 249568 c:\windows\$NtUninstallKB926239$\spuninst\spuninst.exe - 2009-07-06 09:26 . 2005-10-12 23:21 252640 c:\windows\$NtUninstallKB918997$\spuninst\spuninst.exe + 2009-07-06 09:26 . 2010-02-05 21:00 252640 c:\windows\$NtUninstallKB918997$\spuninst\spuninst.exe + 2009-01-17 13:48 . 2010-02-05 21:00 245984 c:\windows\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe - 2009-01-17 13:48 . 2004-11-18 09:44 245984 c:\windows\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe + 2009-01-17 13:55 . 2010-02-05 21:00 249056 c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe - 2009-01-17 13:55 . 2005-05-04 13:45 249056 c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe + 2007-04-23 15:42 . 2010-02-05 21:02 1003008 c:\windows\UNRecode.exe + 2007-05-15 08:45 . 2010-02-05 21:02 1003008 c:\windows\UNNeroVision.exe + 2007-02-28 15:41 . 2010-02-05 21:02 1003008 c:\windows\UNNeroShowTime.exe + 2007-06-01 09:23 . 2010-02-05 21:02 1003008 c:\windows\UNNeroMediaHome.exe + 2007-03-20 20:22 . 2010-02-05 21:02 1003008 c:\windows\UNNeroBackItUp.exe + 2009-01-17 16:25 . 2010-02-05 21:02 1228288 c:\windows\system32\ReinstallBackups\0002\DriverFiles\RtlUpd.exe - 2009-01-17 16:25 . 2007-07-26 10:06 1228288 c:\windows\system32\ReinstallBackups\0002\DriverFiles\RtlUpd.exe - 2009-01-17 16:25 . 2007-06-28 08:44 2202112 c:\windows\system32\ReinstallBackups\0002\DriverFiles\MicCal.exe + 2009-01-17 16:25 . 2010-02-05 21:02 2202112 c:\windows\system32\ReinstallBackups\0002\DriverFiles\MicCal.exe + 2009-06-04 11:45 . 2010-02-05 21:01 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wsctf.exe"="wsctf.exe" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater] 2010-02-05 20:58 197104 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2010-02-05 20:57 189488 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray] 2009-08-14 18:12 64048 ----a-w- d:\vmware\VMware Player\hqtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebServ] 2008-01-28 22:36 1563136 ----a-w- d:\webserv\WebServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\totalcmd\\TOTALCMD.EXE"= "c:\\Documents and Settings\\Poplop\\Dane aplikacji\\ENet\\Apache\\Apache.exe"= "d:\\Metin2_PL\\metin2.bin"= "d:\\Counter-Strike\\hl.exe"= "d:\\Counter-Strike\\hlds.exe"= "d:\\Gadu-Gadu\\gg.exe"= "d:\\csns\\hl.exe"= "d:\\HLSW\\hlsw.exe"= "d:\\csns\\hlds.exe"= "d:\\csns\\hltv.exe"= "d:\\Teamspeak2_RC2\\server_windows.exe"= "d:\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= "d:\\NX Client for Windows\\nxclient.exe"= "d:\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= "d:\\NX Client for Windows\\bin\\nxssh.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\csnonsteam\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\counter-strike\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\deathmatch classic\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life blue shift\\hl.exe"= "d:\\Ares\\Ares.exe"= "c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Xfire\\Xfire.exe"= "d:\\Psi-pedrito\\Psi.exe"= "d:\\MySteam\\steamapps\\poplop96\\team fortress classic\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\counter-strike beta\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\opposing force\\hl.exe"= "d:\\csnonsteam\\hlds.exe"= "d:\\FreeCall.com\\FreeCall\\FreeCall.exe"= "d:\\iaxLite\\iaxLite.exe"= "d:\\Metin2_PL\\metin2client.bin"= "d:\\VMware\\VMware Player\\vmware-authd.exe"= "d:\\MySteam\\Steam.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "d:\\MySteam\\steamapps\\poplop96\\half-life 2 deathmatch\\hl2.exe"= "d:\\Wolfenstein - Enemy Territory\\ET.exe"= "c:\\Documents and Settings\\Poplop\\Pulpit\\Portmap\\PortMap.exe"= "c:\\Documents and Settings\\Poplop\\Pulpit\\Kuba\\serwer samp\\samp-server.exe"= "d:\\MySteam\\steamapps\\poplop96\\ricochet\\hl.exe"= "d:\\MySteam\\steamapps\\poplop96\\team fortress 2\\hl2.exe"= "c:\\Program Files\\WinSCP\\WinSCP.exe"= "d:\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\EslWire\\wire.exe"= "c:\\Program Files\\EslWire\\dppm_source.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"= "d:\\MySteam\\steamapps\\poplop96\\zombie panic! source\\hl2.exe"= "d:\\Gadu-Gadu 10\\gg.exe"= "d:\\Dragon Age\\bin_ship\\daorigins.exe"= "d:\\Dragon Age\\DAOriginsLauncher.exe"= "d:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "d:\\Techland\\Call of Juarez - Wiezy Krwi\\CoJBiBGame_x86.exe"= "d:\\Java\\jre6\\bin\\java.exe"= "j:\\Metek + Atlantyda\\mc.exe"= "j:\\Metek + Atlantyda\\Longjuytgamelogin.exe"= "j:\\PLMETIN2\\mc.exe"= "j:\\PLMETIN2\\Rava.exe"= "d:\\MySteam\\steamapps\\common\\osmos demo\\OsmosDemo.exe"= "d:\\MySteam\\steamapps\\common\\quake 3 arena demo\\quake3.exe"= "d:\\MySteam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\MySteam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22:TCP"= 22:TCP:22 "12975:TCP"= 12975:TCP:12975 "3297:TCP"= 3297:TCP:3297 "3306:TCP"= 3306:TCP:3306 R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-07 721904] R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [2008-04-12 11392] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-03-10 100560] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-03-10 41744] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-08-14 54960] R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2009-12-07 23512] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-03-10 87568] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-01-17 428160] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 133104] S3 DAUpdaterSvc;Dragon Age: Początek - Aktualizator zawartości;d:\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-31 25832] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt --> c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-11-28 13224] S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-03 55296] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-08-15 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-10-18 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-10-18 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-11-28 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-11-28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-11-28 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-11-28 97704] S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?] . Zawartość folderu 'Zaplanowane zadania' 2010-02-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-14 21:16] 2010-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:17] 2010-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:17] 2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job - c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-01-14 21:01] 2010-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job - c:\documents and settings\Poplop\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-01-14 21:01] . . ------- Skan uzupełniający ------- . mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/ IE: &Download All by FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bholink.htm IE: &Pobierz wszystko przez FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bhoall.htm IE: &Pobrane przez FlashGet - d:\flashget network\FlashGet universal\ComDlls\Bholink.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: d:\vmware\VMware Player\vsocklib.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-07 17:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5544B0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3 \Driver\ACPI -> ACPI.sys @ 0xb9e65cb8 \Driver\atapi -> 0x8a5544b0 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9cf1ba0 PacketIndicateHandler -> NDIS.sys @ 0xb9cfeb21 SendHandler -> NDIS.sys @ 0xb9cdc87b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Poplop\Pulpit\Testy\EVEREST Ultimate Edition\kerneld.wnt" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1932) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2920) c:\windows\system32\msi.dll c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll d:\illustrate\dBpowerAMP\dBShell.dll c:\windows\system32\WPDShServiceObj.dll d:\microsoft virtual pc\VPCShExH.DLL c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe c:\windows\RTHDCPL.EXE d:\cpucool\CooLSrv.exe c:\windows\system32\PnkBstrA.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\vmnat.exe c:\windows\system32\vmnetdhcp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2010-02-07 17:43:59 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-07 16:43 ComboFix2.txt 2010-02-05 17:28 Przed: 8 442 388 480 bajtów wolnych Po: 8 865 636 352 bajtów wolnych - - End Of File - - A731DF3306C3352D4A6F2156EDDD666A [/log]Pomożecie? Dałem log z ComboFix'a.Dałem log z ComboFix. Więc pomożecie?
Mateusz J. komentarz 9 lutego 2010 komentarz 9 lutego 2010 Podpinasz zainfekowany pendrive lub tego typu urządzenie. Sformatuj go, następnie tworzysz 2 razy log z ComboFix.
poplop komentarz 10 lutego 2010 Autor komentarz 10 lutego 2010 Ale ja mam bardzo dużo rzeczy na tym pendrive. A może Pendrive czymś przeskanować? Bo nie chcę tracić aż tylu rzeczy...Przeskanowałem Pendriva mbam: [log] Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3697 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 6.0.2900.2180 2010-02-10 20:18:25 mbam-log-2010-02-10 (20-18-25).txt Typ skanowania: Pełne skanowanie (L:\|) Przeskanowane obiekty: 114167 Upłynęło: 2 minute(s), 24 second(s) Zainfekowane procesy w pamięci: 1 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 2 Zainfekowane wartości rejestru: 3 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 0 Zainfekowane pliki: 12 Zainfekowane procesy w pamięci: C:\WINDOWS\svchost.exe (Trojan.Agent) -> Unloaded process successfully. Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wsctf.exe (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: L:\vb0hsoay.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. L:\0fpdq2dw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. L:\EXPLORER.EXE (Password.Stealer) -> Quarantined and deleted successfully. L:\curqp.exe (Worm.Taterf) -> Quarantined and deleted successfully. L:\wu1n.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. L:\c2e.exe (Trojan.Agent) -> Quarantined and deleted successfully. L:\host.exe (Trojan.Dropper) -> Quarantined and deleted successfully. L:\1di1w.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Poplop\Ustawienia lokalne\temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot. C:\Documents and Settings\Poplop\Ustawienia lokalne\temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Poplop\Ustawienia lokalne\temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot. [/log]
Mateusz J. komentarz 10 lutego 2010 komentarz 10 lutego 2010 Wygląda na to, że mbam usunął tą najważniejszą część infekcji. Wykonaj: [quote]Wirusy z pendrive/dysku przenośnego/mp4/mp3/itp - sformatuj najlepiej jeśli posiadasz. Lub usuń ręcznie: http://www.searchengines.pl/Infekcje-z-pendrive-mediow-przenosnych-t94761.html (Patrz post #2, Sprawdzanie dysku z niedziałającą opcją Pokaż ukryte) [/quote] Następnie 2 nowe logi z ComboFix.
poplop komentarz 11 lutego 2010 Autor komentarz 11 lutego 2010 A jakiego Antywirusa polecasz? Ma być darmowy. Nie nie może to być avast. Kiedyś miałem kompa bez neta i wgrałem na orginalny Win XP avasta z Komputer Świat. I mi wykrywał wirusy gdy system dopiero ci się zainstalował. Teraz jeszcze mam problemy z Win32 ponieważ gdy chciałem włączyć jakąś grę to pisze że to nie prawidłowa aplikacja Win32. Jak to naprawić?
Psycholandia komentarz 13 lutego 2010 komentarz 13 lutego 2010 Z darmowych polecam antywirusa Avirę + firewalla Comodo, albo ZoneAlarm
poplop komentarz 13 lutego 2010 Autor komentarz 13 lutego 2010 Spróbuje wgrać te antywirusy i przeskanuje pendrive i dyski. Zobaczę czy usunie
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.