JoneQ utworzono 15 lutego 2010 utworzono 15 lutego 2010 Witam ! Przez okragly miesiac korzystalem z mojego komputera bez anty wirusa, jak powiedzial moj kolega: "ja nie korzystam z anty wirusa i mi mam 0 wirow". Tak do tego czasu bylem pewien ze nie bede mial zadnych wirusow jezeli nic nie bede pobierac. Tak wiec pobieralem tylko gry z Steamu (cos niby chat, z opcja kupna i pobierania po zakupie tych gier w oryginale). Teraz wlasnie zauwazylem ze moj komputer lapie czeste tzw. lagi, na poczatku myslalem ze to Spyware Terminator robi skany, ale mialem ochrone przed spyware wylaczona. Potem zauwazylem ze firefox.exe ciagle dziala i zabiera coraz wiecej ramu mimo iz nie widnial na pasku zadan. Zauwazylem takze dziwne procesy ktorych wczesniej nie widzialem i nie bylem w stanie opisac czym one sa, gdyz na komputerze mam tylko GG, Steam, Firefox, Skype i Spyware terminatora ktorym skanowalem ostatnio system i nic nie wykryl. Moze napisalem to niezrozumiale (za co przepraszam), ale sam sie juz w tym mieszam. Napiszcie co potrzebujecie aby ustalic co z moim komputerem, a ja dostarcze wszelkie informacje !
Gość komentarz 15 lutego 2010 komentarz 15 lutego 2010 Log z OTL'a na początek: http://www.forumpc.pl/index.php?showtopic=104338
JoneQ komentarz 15 lutego 2010 Autor komentarz 15 lutego 2010 [quote name='KamilJB' date='15 luty 2010 - 19:21' timestamp='1266258067' post='975446'] Log z OTL'a na początek: http://www.forumpc.pl/index.php?showtopic=104338 [/quote] A nie moze byc z HJthis ?
Gość komentarz 15 lutego 2010 komentarz 15 lutego 2010 [quote name='Netheous' date='15 luty 2010 - 21:00' timestamp='1266264008' post='975543'] A nie moze byc z HJthis ? [/quote] Nie.
JoneQ komentarz 15 lutego 2010 Autor komentarz 15 lutego 2010 Troche późno ale... [log]OTL logfile created on: 2010-02-15 21:49:59 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Neth\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 366,00 Mb Available Physical Memory | 36,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 10,55 Gb Free Space | 18,00% Space Free | Partition Type: NTFS Drive D: | 127,71 Gb Total Space | 24,67 Gb Free Space | 19,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NETH-DOM Current User Name: Neth Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-02-15 21:49:13 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neth\Pulpit\OTL.exe PRC - [2010-02-10 00:31:55 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Temp\Iqr.exe PRC - [2010-02-10 00:31:53 | 000,138,240 | ---- | M] () -- C:\WINDOWS\msa.exe PRC - [2010-01-22 20:36:00 | 000,621,320 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2010-01-06 15:53:38 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-11-26 09:59:52 | 001,217,808 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2009-11-15 15:25:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-11-15 15:25:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-10-28 13:44:08 | 011,539,048 | ---- | M] (GG Network S.A.) -- D:\Nowe Gadu-Gadu\gg.exe PRC - [2009-10-28 12:43:06 | 000,077,824 | ---- | M] () -- D:\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-10-09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009-10-09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009-08-03 20:05:02 | 000,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 18:21:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 18:21:44 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2008-04-14 18:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 18:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 18:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 18:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 18:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2008-01-14 13:18:20 | 003,182,248 | ---- | M] (Beepa P/L) -- D:\Fraps\fraps.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-02-15 21:49:13 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neth\Pulpit\OTL.exe MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 18:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 18:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 18:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 18:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 18:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 18:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 18:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 18:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 18:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 18:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 18:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 18:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 18:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 18:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 18:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 17:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008-01-14 13:15:34 | 000,159,744 | ---- | M] (Beepa P/L) -- D:\Fraps\fraps.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (spmd) SRV - File not found [Disabled | Stopped] -- -- (NMSAccessU) SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing) SRV - [2010-02-10 00:31:48 | 000,178,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS) SRV - [2009-11-19 19:30:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-11-15 15:25:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-11-13 21:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService) SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2009-10-08 01:11:00 | 003,323,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2008-08-05 12:19:58 | 000,069,632 | ---- | M] () [Auto | Stopped] -- D:\Softimage\XSI_7.0\Application\bin\raysat3_6_53_22server.exe -- (RaySat3_6_53_22Server) SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-12-02 21:56:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-12-02 21:56:15 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-11-21 22:51:45 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-09-28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-09-27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2008-04-13 17:39:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-09-19 20:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-03-02 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2005-10-05 17:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2005-08-11 13:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2005-03-04 20:53:00 | 000,127,872 | R--- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService) DRV - [2004-10-27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-299502267-725345543-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ IE - HKU\S-1-5-21-299502267-725345543-682003330-1004\S-1-5-21-299502267-725345543-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.0.0283 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.5.7.5 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1 FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.2 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.0 FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q=" FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\ FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-22 16:28:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-06 15:53:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-11-15 14:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Extensions [2010-02-15 10:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions [2009-11-25 16:01:00 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-11-15 17:01:36 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2009-11-15 17:01:36 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2009-11-15 17:02:17 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2009-11-15 16:48:26 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2009-11-15 16:50:03 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66} [2009-11-15 16:48:12 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2010-02-15 10:59:55 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2010-01-24 12:45:25 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2009-11-21 22:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\DTToolbar@toolbarnet.com [2009-12-03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\BearShareWebSearch.xml [2010-01-24 13:10:28 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\conduit.xml [2009-11-21 22:51:47 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\daemon-search.xml [2010-01-04 06:54:38 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\mywebsearch.xml [2009-11-25 16:01:06 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\winamp-search.xml [2010-02-15 21:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-11-03 02:54:10 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-12-03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml [2009-11-03 02:54:10 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-11-03 02:54:10 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-11-03 02:54:10 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-11-03 02:54:10 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-11-03 02:54:10 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-12-28 16:15:18 | 000,000,775 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKU\S-1-5-21-299502267-725345543-682003330-1004\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKU\S-1-5-21-299502267-725345543-682003330-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-299502267-725345543-682003330-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe () O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-299502267-725345543-682003330-1004..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-299502267-725345543-682003330-1004..\Run: [F5JMWNZTHI] C:\Documents and Settings\Neth\Ustawienia lokalne\Temp\Iqr.exe () O4 - HKU\S-1-5-21-299502267-725345543-682003330-1004..\Run: [ROUA3O12PW] C:\WINDOWS\msa.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-299502267-725345543-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll File not found O9 - Extra Button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll File not found O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-15 13:28:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-15 13:27:46 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll () [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-15 21:49:11 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neth\Pulpit\OTL.exe [2010-02-15 18:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi [2010-02-15 11:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\3ACB [2010-02-14 16:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Valve [2010-02-11 11:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\TortoiseSVN [2010-02-11 10:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\Subversion [2010-02-11 10:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\TSVNCache [2010-02-11 10:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays [2010-02-11 10:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN [2010-02-10 01:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-02-10 00:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\Avnex [2010-02-10 00:31:08 | 000,000,000 | ---D | C] -- C:\AV_LOGS [2010-02-01 22:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\WINDOWS [2010-02-01 15:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\danny_kay1710 [2010-02-01 00:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2010-01-28 21:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\.minecraft [2010-01-28 21:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Pulpit\GRAP [2010-01-27 18:42:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010-01-24 12:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files [2010-01-24 12:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010-01-24 12:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\Conduit [2010-01-24 12:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\DVDVideoSoft [2010-01-22 21:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\licensecb [2010-01-22 21:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\licensecb [2010-01-22 21:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CrazyBump [2010-01-22 21:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Crazybump [2010-01-22 21:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\CrazyBump [2010-01-22 19:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010-01-22 17:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Pulpit\PSP Games [2010-01-22 15:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Moje dokumenty\My Received Files [2010-01-22 15:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\bearsharemediabartb [2010-01-22 15:41:08 | 000,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx [2010-01-22 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications [2010-01-21 23:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Moje dokumenty\RPGXP [2010-01-18 08:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Enterbrain [2010-01-17 17:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Moje dokumenty\EA Games [2010-01-17 16:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES [2009-12-17 18:14:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-12-11 07:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-11-15 13:30:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-11-15 13:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-15 21:49:13 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neth\Pulpit\OTL.exe [2010-02-15 21:28:21 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010-02-15 21:21:14 | 000,000,238 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-02-15 20:39:36 | 039,094,288 | ---- | M] () -- C:\Documents and Settings\Neth\Pulpit\FCKNLAGGINPIECEOFSHIT.wmv [2010-02-15 20:32:54 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-15 19:06:30 | 000,686,034 | ---- | M] () -- C:\Documents and Settings\Neth\Pulpit\ss1.bmp [2010-02-15 18:34:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job [2010-02-15 18:34:49 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegPowerClean.job [2010-02-15 18:34:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-15 18:34:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-15 17:10:50 | 001,201,186 | ---- | M] () -- C:\Documents and Settings\Neth\Pulpit\vbct_10k.rar [2010-02-15 15:50:42 | 005,609,600 | ---- | M] () -- C:\Documents and Settings\Neth\Pulpit\Justin Timberlake Feat Andy - Dick In The Box (Uncensored) Best Quality!.mp3 [2010-02-15 06:55:31 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Neth\NTUSER.DAT [2010-02-15 06:55:31 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Neth\ntuser.ini [2010-02-14 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan.job [2010-02-14 16:57:59 | 000,018,304 | ---- | M] () -- C:\Documents and Settings\Neth\.recently-used.xbel [2010-02-10 13:30:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-10 00:31:53 | 000,138,240 | ---- | M] () -- C:\WINDOWS\msa.exe [2010-02-10 00:31:48 | 000,178,176 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll [2010-02-08 12:24:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-01 23:58:43 | 002,106,628 | -H-- | M] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-01 23:45:13 | 000,000,740 | ---- | M] () -- C:\WINDOWS\win.ini [2010-02-01 22:45:14 | 000,047,104 | ---- | M] () -- C:\WINDOWS\System32\KMVIDC32.DLL [2010-02-01 19:04:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\videomach-5.2.0.exe [2010-02-01 18:58:08 | 007,651,110 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\^^.mpg [2010-02-01 18:53:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\^^.mpg [2010-02-01 16:06:57 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010-02-01 00:32:29 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\0B96A44C31.sys [2010-01-31 22:02:02 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RPCReminder.job [2010-01-26 22:11:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202(2).JPG [2010-01-26 22:11:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202(1).JPG [2010-01-26 22:10:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202.JPG [2010-01-23 11:13:00 | 003,631,806 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\Leszek.zip [2010-01-23 11:10:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Leszek.zip [2010-01-23 11:03:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Leszek.rar [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-15 20:34:15 | 039,094,288 | ---- | C] () -- C:\Documents and Settings\Neth\Pulpit\FCKNLAGGINPIECEOFSHIT.wmv [2010-02-15 19:06:30 | 000,686,034 | ---- | C] () -- C:\Documents and Settings\Neth\Pulpit\ss1.bmp [2010-02-15 15:50:27 | 005,609,600 | ---- | C] () -- C:\Documents and Settings\Neth\Pulpit\Justin Timberlake Feat Andy - Dick In The Box (Uncensored) Best Quality!.mp3 [2010-02-14 16:57:59 | 000,018,304 | ---- | C] () -- C:\Documents and Settings\Neth\.recently-used.xbel [2010-02-10 00:32:10 | 000,138,240 | ---- | C] () -- C:\WINDOWS\msa.exe [2010-02-10 00:31:59 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010-02-10 00:31:56 | 000,000,238 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-02-10 00:31:48 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\sshnas21.dll [2010-02-07 14:17:34 | 001,201,186 | ---- | C] () -- C:\Documents and Settings\Neth\Pulpit\vbct_10k.rar [2010-02-01 22:28:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL [2010-02-01 19:04:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\videomach-5.2.0.exe [2010-02-01 18:54:01 | 007,651,110 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\^^.mpg [2010-02-01 18:53:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\^^.mpg [2010-01-26 22:11:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202(2).JPG [2010-01-26 22:11:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202(1).JPG [2010-01-26 22:10:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202.JPG [2010-01-23 11:10:45 | 003,631,806 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\Leszek.zip [2010-01-23 11:10:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Leszek.zip [2010-01-23 11:03:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Leszek.rar [2010-01-22 15:41:19 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Neth\Dane aplikacji\Smiley.ico [2010-01-21 23:16:01 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0B96A44C31.sys [2010-01-18 08:10:27 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010-01-14 19:16:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-12-16 15:25:01 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-12-10 22:10:35 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009-12-10 22:10:35 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009-12-10 22:10:35 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009-12-08 08:45:15 | 000,000,735 | ---- | C] () -- C:\WINDOWS\Sof2.INI [2009-12-02 21:56:15 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-12-02 21:56:15 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-12-02 21:39:25 | 000,000,204 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2009-11-21 22:51:45 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-11-20 08:01:22 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009-11-16 20:51:25 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-15 14:00:01 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2005-08-30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll [2005-08-30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll [2005-08-30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-11-15 13:28:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009-11-15 13:24:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2006-03-02 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-11-15 13:28:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-15 13:28:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-15 13:28:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006-03-02 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-12-11 07:06:07 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-02-15 18:34:30 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF < End of report >[/log]
Gość komentarz 16 lutego 2010 komentarz 16 lutego 2010 [quote] NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll ()[/quote] Log z ComboFixa daj.
JoneQ komentarz 18 lutego 2010 Autor komentarz 18 lutego 2010 [log]ComboFix 10-02-12.01 - Neth 2010-02-16 16:19:11.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1023.765 [GMT 1:00] Uruchomiony z: c:\documents and settings\Neth\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Neth\videomach-5.2.0.exe c:\program files\Smart-Shopper c:\program files\Smart-Shopper\Uninst.exe c:\windows\msa.exe c:\windows\system32\ieuinit.inf c:\windows\system32\SIntf16.dll c:\windows\system32\sshnas21.dll c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_SSHNAS -------\Service_SSHNAS ((((((((((((((((((((((((( Pliki utworzone od 2010-01-16 do 2010-02-16 ))))))))))))))))))))))))))))))) . 2010-02-15 10:00 . 2010-02-15 10:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3ACB 2010-02-14 15:40 . 2010-02-14 20:26 -------- d-----w- c:\program files\Valve 2010-02-11 10:07 . 2010-02-11 10:07 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\TortoiseSVN 2010-02-11 09:59 . 2010-02-11 09:59 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Subversion 2010-02-11 09:58 . 2010-02-16 20:22 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\TSVNCache 2010-02-11 09:58 . 2010-02-11 09:58 -------- d-----w- c:\program files\Common Files\TortoiseOverlays 2010-02-11 09:58 . 2010-02-11 09:58 -------- d-----w- c:\program files\TortoiseSVN 2010-02-10 00:33 . 2010-02-10 00:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2010-02-09 23:31 . 2010-02-09 23:31 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Avnex 2010-02-09 23:31 . 2010-02-09 23:31 -------- d-----w- C:\AV_LOGS 2010-02-01 21:28 . 1997-08-26 11:06 315904 ----a-w- c:\windows\IsUninst.exe 2010-02-01 21:28 . 2010-02-01 21:28 -------- d-----w- c:\documents and settings\Neth\WINDOWS 2010-02-01 21:28 . 2010-02-01 21:45 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL 2010-02-01 14:37 . 2010-02-01 14:37 -------- d-----w- c:\program files\danny_kay1710 2010-01-31 23:39 . 2010-02-15 05:55 -------- d-----w- c:\program files\Spyware Terminator 2010-01-28 20:51 . 2010-01-28 21:03 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\.minecraft 2010-01-24 11:49 . 2010-02-15 19:55 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files 2010-01-24 11:45 . 2010-01-24 11:45 -------- d-----w- c:\program files\Conduit 2010-01-24 11:45 . 2010-01-24 11:45 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\Conduit 2010-01-24 11:45 . 2010-01-25 08:21 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\DVDVideoSoft 2010-01-24 11:45 . 2010-01-24 11:45 52224 ----a-w- c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll 2010-01-24 11:45 . 2010-01-24 11:45 101376 ----a-w- c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll 2010-01-23 10:10 . 2010-01-23 10:10 0 ----a-w- c:\documents and settings\Neth\Leszek.zip 2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\licensecb 2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\licensecb 2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\CrazyBump 2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\program files\Crazybump 2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\CrazyBump 2010-01-22 18:41 . 2010-01-22 18:41 -------- d-----w- c:\program files\Trend Micro 2010-01-22 14:41 . 2010-02-15 11:26 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\bearsharemediabartb 2010-01-22 14:41 . 2010-02-15 16:48 -------- d-----w- c:\program files\BearShare Applications 2010-01-21 22:16 . 2010-01-31 23:32 56 --sh--r- c:\windows\system32\0B96A44C31.sys 2010-01-20 15:53 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-18 07:10 . 2010-02-01 15:06 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-01-18 07:09 . 2010-01-18 07:09 -------- d-----w- c:\program files\Common Files\Enterbrain . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-15 20:22 . 2009-11-17 18:56 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Skype 2010-02-15 19:26 . 2009-11-20 19:24 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-02-15 18:19 . 2009-11-17 18:58 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\skypePM 2010-02-15 09:09 . 2009-11-15 13:33 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Nowe Gadu-Gadu 2010-02-14 15:40 . 2009-11-15 13:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-10 17:38 . 2009-11-25 14:56 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Winamp 2010-02-10 16:52 . 2009-11-22 20:25 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\gtk-2.0 2010-02-09 20:38 . 2009-11-16 19:41 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\BitTorrent 2010-01-31 23:42 . 2010-01-03 20:57 -------- d-----w- c:\program files\Winferno 2010-01-25 12:30 . 2009-11-19 15:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-01-25 12:29 . 2009-11-19 15:23 -------- d-----w- c:\program files\DVDVideoSoft 2010-01-21 18:25 . 2010-01-03 20:57 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Smart-Shopper 2010-01-17 15:42 . 2010-01-17 15:42 -------- d-----w- c:\program files\EA GAMES 2010-01-14 18:15 . 2010-01-14 18:15 -------- d-----w- c:\program files\TechSmith 2010-01-06 22:05 . 2010-01-06 22:05 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 2010-01-06 22:05 . 2010-01-06 22:05 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe 2010-01-06 22:05 . 2010-01-06 22:05 -------- d-----w- c:\program files\Illustrate 2010-01-06 20:33 . 2010-01-06 20:32 26286 ----a-w- c:\windows\scunin.dat 2010-01-06 20:33 . 2010-01-06 20:32 967 ----a-w- c:\windows\ScUnin.pif 2010-01-06 20:33 . 2010-01-06 20:32 94208 ----a-w- c:\windows\ScUnin.exe 2010-01-04 14:27 . 2009-11-15 13:25 23528 ----a-w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-01-03 21:02 . 2010-01-03 21:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Winferno 2010-01-01 18:37 . 2009-11-15 14:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-01 18:36 . 2009-12-02 20:56 -------- d-----w- c:\program files\AGEIA Technologies 2010-01-01 18:35 . 2010-01-01 18:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-01-01 18:35 . 2010-01-01 18:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-01-01 18:35 . 2010-01-01 18:35 -------- d-----w- c:\program files\OpenAL 2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-28 18:23 . 2009-12-28 18:23 -------- d-----w- c:\program files\LogMeIn Hamachi 2009-12-28 15:02 . 2009-11-19 18:14 -------- d-----w- c:\program files\Common Files\Adobe 2009-12-26 11:09 . 2009-12-26 11:09 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{0134E361-C5BE-40C9-8408-DE27B2801AC8} 2009-12-24 17:24 . 2009-12-24 17:24 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\runic games 2009-12-24 17:16 . 2009-12-24 17:16 -------- d-----w- c:\program files\Runic Games 2009-12-24 08:35 . 2009-12-24 08:34 1669040 ----a-w- c:\documents and settings\All Users\Dane aplikacji\WildTangent\Game Console - WildGames\Downloads\en-us\Installers\SetupGamesClient.exe 2009-12-23 22:51 . 2009-12-23 22:51 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\WildTangent 2009-12-23 22:51 . 2009-12-23 22:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\WildTangent 2009-12-23 22:51 . 2009-12-23 22:49 -------- d-----w- c:\program files\WildGames 2009-12-22 05:10 . 2006-03-02 12:00 669696 ----a-w- c:\windows\system32\wininet.dll 2009-12-22 05:10 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-21 11:58 . 2009-12-26 11:09 2822139 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{0134E361-C5BE-40C9-8408-DE27B2801AC8}\Templar Flyff Launcher.exe 2009-12-17 07:42 . 2009-11-15 12:24 345088 ----a-w- c:\windows\system32\mspaint.exe 2009-12-16 14:25 . 2009-12-16 14:25 129 ----a-w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2009-12-16 07:07 . 2006-03-02 12:00 88816 ----a-w- c:\windows\system32\perfc015.dat 2009-12-16 07:07 . 2006-03-02 12:00 499510 ----a-w- c:\windows\system32\perfh015.dat 2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-11 06:10 . 2009-11-15 12:27 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-10 21:10 . 2009-12-10 21:10 21840 ----a-w- c:\windows\system32\SIntfNT.dll 2009-12-10 21:10 . 2009-12-10 21:10 17212 ----a-w- c:\windows\system32\SIntf32.dll 2009-12-09 10:11 . 2004-08-04 00:38 2067328 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-09 10:11 . 2006-03-02 12:00 2190464 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-03 06:42 . 2009-12-03 06:42 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-02 20:56 . 2009-12-02 20:56 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-12-02 20:56 . 2009-12-02 20:56 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-11-27 17:14 . 2006-03-02 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:14 . 2004-08-04 00:44 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:09 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:09 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:09 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:09 . 2004-08-04 00:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:09 . 2001-10-26 17:29 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-21 21:51 . 2009-11-21 21:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}] 2009-12-20 09:51 87480 ----a-w- c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2009-12-27 13:30 504248 ----a-w- c:\program files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480] [HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-15 149280] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952] "DataMngr"="c:\program files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe" [2009-12-27 184760] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"= "d:\\Nowe Gadu-Gadu\\gg.exe"= "d:\\Steam\\steamapps\\darmonius\\team fortress 2\\hl2.exe"= "d:\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Steam\\steamapps\\darmonius\\counter-strike source\\hl2.exe"= "d:\\Steam\\Steam.exe"= "d:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Steam\\steamapps\\darmonius\\garrysmod\\hl2.exe"= "d:\\Steam\\steamapps\\darmonius\\source sdk base\\hl2.exe"= "d:\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"= "d:\\CoD 4\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "d:\\Steam\\steamapps\\darmonius\\source 2007 dedicated server\\srcds.exe"= "d:\\Steam\\steamapps\\darmonius\\dedicated server\\hlds.exe"= "d:\\Steam\\steamapps\\darmonius\\counter-strike\\hl.exe"= "d:\\Steam\\steamapps\\darmonius\\source dedicated server\\srcds.exe"= "c:\\WINDOWS\\system32\\java.exe"= "d:\\Steam\\steamapps\\darmonius\\deathmatch classic\\hl.exe"= "d:\\Worms 4 Mayhem\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"= "d:\\Steam\\steamapps\\darmonius\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\Crazybump\\CB.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Valve\\hlds.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-21 691696] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568] R2 RaySat3_6_53_22Server;RaySat3_6_53_22 Server;d:\softimage\XSI_7.0\Application\bin\raysat3_6_53_22server.exe [2009-11-26 69632] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] . Zawartość folderu 'Zaplanowane zadania' 2009-11-16 c:\windows\Tasks\NSSstub.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-11-15 22:37] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.bearshare.com/ FF - ProfilePath - c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BearShare Web Search FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q= FF - component: c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll FF - component: c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Neth\Dane aplikacji\Mozilla\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\Neth\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - USUNIĘTO PUSTE WPISY - - - - WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file) HKCU-Run-AdobeBridge - (no file) HKCU-Run-ROUA3O12PW - c:\windows\msa.exe AddRemove-Adobe Photoshop CS3 PL - c:\documents and settings\Neth\Pulpit\Uninstal.exe AddRemove-File Deleter_is1 - c:\program files\FileDeleter\unins000.exe AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe AddRemove-RegPowerClean_is1 - c:\program files\Winferno\RegistryPowerCleaner\unins000.exe AddRemove-Smart-Shopper - c:\program files\Smart-Shopper\Uninst.exe AddRemove-Worms2 - c:\team17\Worms2\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-16 21:22 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys splc.sys >>UNKNOWN [0x8678E938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf761ff28 \Driver\ACPI -> ACPI.sys @ 0xf73a6cb8 \Driver\atapi -> atapi.sys @ 0xf7361b40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf726abb0 PacketIndicateHandler -> NDIS.sys @ 0xf7277a21 SendHandler -> NDIS.sys @ 0xf725587b user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(164) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\program files\Illustrate\dBpowerAMP\dBShell.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe . ************************************************************************** . Czas ukończenia: 2010-02-16 21:26:45 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-16 20:26 Przed: 11 922 935 808 bajtów wolnych Po: 12 382 187 520 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 5BA65A3ACDC981FCD5EC034950C448A1[/log]I ? BUMP
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.