x-kom hosting

Przegladarka nie zamyka sie do konca, komputer czesto lapie spowolnienie pracy i inne

JoneQ
utworzono
utworzono

Witam ! Przez okragly miesiac korzystalem z mojego komputera bez anty wirusa, jak powiedzial moj kolega: "ja nie korzystam z anty wirusa i mi mam 0 wirow". Tak do tego czasu bylem pewien ze nie bede mial zadnych wirusow jezeli nic nie bede pobierac. Tak wiec pobieralem tylko gry z Steamu (cos niby chat, z opcja kupna i pobierania po zakupie tych gier w oryginale).

Teraz wlasnie zauwazylem ze moj komputer lapie czeste tzw. lagi, na poczatku myslalem ze to Spyware Terminator robi skany, ale mialem ochrone przed spyware wylaczona. Potem zauwazylem ze firefox.exe ciagle dziala i zabiera coraz wiecej ramu mimo iz nie widnial na pasku zadan. Zauwazylem takze dziwne procesy ktorych wczesniej nie widzialem i nie bylem w stanie opisac czym one sa, gdyz na komputerze mam tylko GG, Steam, Firefox, Skype i Spyware terminatora ktorym skanowalem ostatnio system i nic nie wykryl.

Moze napisalem to niezrozumiale (za co przepraszam), ale sam sie juz w tym mieszam.

Napiszcie co potrzebujecie aby ustalic co z moim komputerem, a ja dostarcze wszelkie informacje !

Gość
komentarz
komentarz

Log z OTL'a na początek: http://www.forumpc.pl/index.php?showtopic=104338

JoneQ
komentarz
komentarz

[quote name='KamilJB' date='15 luty 2010 - 19:21' timestamp='1266258067' post='975446']
Log z OTL'a na początek: http://www.forumpc.pl/index.php?showtopic=104338
[/quote]
A nie moze byc z HJthis ?

Gość
komentarz
komentarz

[quote name='Netheous' date='15 luty 2010 - 21:00' timestamp='1266264008' post='975543']
A nie moze byc z HJthis ?
[/quote]
Nie.

JoneQ
komentarz
komentarz

Troche późno ale...

[log]OTL logfile created on: 2010-02-15 21:49:59 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Neth\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 366,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 10,55 Gb Free Space | 18,00% Space Free | Partition Type: NTFS
Drive D: | 127,71 Gb Total Space | 24,67 Gb Free Space | 19,32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NETH-DOM
Current User Name: Neth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-02-15 21:49:13 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neth\Pulpit\OTL.exe
PRC - [2010-02-10 00:31:55 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Temp\Iqr.exe
PRC - [2010-02-10 00:31:53 | 000,138,240 | ---- | M] () -- C:\WINDOWS\msa.exe
PRC - [2010-01-22 20:36:00 | 000,621,320 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010-01-06 15:53:38 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-26 09:59:52 | 001,217,808 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2009-11-15 15:25:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-11-15 15:25:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-10-28 13:44:08 | 011,539,048 | ---- | M] (GG Network S.A.) -- D:\Nowe Gadu-Gadu\gg.exe
PRC - [2009-10-28 12:43:06 | 000,077,824 | ---- | M] () -- D:\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-10-09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009-10-09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009-08-03 20:05:02 | 000,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 18:21:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 18:21:44 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2008-04-14 18:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 18:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 18:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 18:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 18:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2008-01-14 13:18:20 | 003,182,248 | ---- | M] (Beepa P/L) -- D:\Fraps\fraps.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-02-15 21:49:13 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neth\Pulpit\OTL.exe
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 18:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 18:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 18:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 18:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 18:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 18:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 18:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 18:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 18:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 18:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 18:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 18:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 18:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 18:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 18:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 17:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-01-14 13:15:34 | 000,159,744 | ---- | M] (Beepa P/L) -- D:\Fraps\fraps.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (spmd)
SRV - File not found [Disabled | Stopped] -- -- (NMSAccessU)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - [2010-02-10 00:31:48 | 000,178,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2009-11-19 19:30:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-11-15 15:25:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-11-13 21:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-10-08 01:11:00 | 003,323,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008-08-05 12:19:58 | 000,069,632 | ---- | M] () [Auto | Stopped] -- D:\Softimage\XSI_7.0\Application\bin\raysat3_6_53_22server.exe -- (RaySat3_6_53_22Server)
SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-12-02 21:56:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-12-02 21:56:15 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-11-21 22:51:45 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-09-28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-09-27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008-04-13 17:39:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-09-19 20:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006-03-02 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005-10-05 17:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005-08-11 13:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005-03-04 20:53:00 | 000,127,872 | R--- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)
DRV - [2004-10-27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-725345543-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKU\S-1-5-21-299502267-725345543-682003330-1004\S-1-5-21-299502267-725345543-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.0.0283
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.5.7.5
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.2
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.0
FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q="


FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-22 16:28:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-06 15:53:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009-11-15 14:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Extensions
[2010-02-15 10:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions
[2009-11-25 16:01:00 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-11-15 17:01:36 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009-11-15 17:01:36 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009-11-15 17:02:17 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009-11-15 16:48:26 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2009-11-15 16:50:03 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2009-11-15 16:48:12 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010-02-15 10:59:55 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010-01-24 12:45:25 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009-11-21 22:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\DTToolbar@toolbarnet.com
[2009-12-03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\BearShareWebSearch.xml
[2010-01-24 13:10:28 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\conduit.xml
[2009-11-21 22:51:47 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\daemon-search.xml
[2010-01-04 06:54:38 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\mywebsearch.xml
[2009-11-25 16:01:06 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\searchplugins\winamp-search.xml
[2010-02-15 21:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-03 02:54:10 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2009-11-03 02:54:10 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-11-03 02:54:10 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-11-03 02:54:10 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-11-03 02:54:10 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-11-03 02:54:10 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-12-28 16:15:18 | 000,000,775 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKU\S-1-5-21-299502267-725345543-682003330-1004\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-725345543-682003330-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-299502267-725345543-682003330-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-299502267-725345543-682003330-1004..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-299502267-725345543-682003330-1004..\Run: [F5JMWNZTHI] C:\Documents and Settings\Neth\Ustawienia lokalne\Temp\Iqr.exe ()
O4 - HKU\S-1-5-21-299502267-725345543-682003330-1004..\Run: [ROUA3O12PW] C:\WINDOWS\msa.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-725345543-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll File not found
O9 - Extra Button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-15 13:28:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-15 13:27:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll ()

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-02-15 21:49:11 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neth\Pulpit\OTL.exe
[2010-02-15 18:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2010-02-15 11:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\3ACB
[2010-02-14 16:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2010-02-11 11:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\TortoiseSVN
[2010-02-11 10:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\Subversion
[2010-02-11 10:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\TSVNCache
[2010-02-11 10:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010-02-11 10:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010-02-10 01:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-02-10 00:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\Avnex
[2010-02-10 00:31:08 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2010-02-01 22:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\WINDOWS
[2010-02-01 15:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\danny_kay1710
[2010-02-01 00:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010-01-28 21:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\.minecraft
[2010-01-28 21:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Pulpit\GRAP
[2010-01-27 18:42:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010-01-24 12:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
[2010-01-24 12:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010-01-24 12:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\Conduit
[2010-01-24 12:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\DVDVideoSoft
[2010-01-22 21:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\licensecb
[2010-01-22 21:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\licensecb
[2010-01-22 21:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CrazyBump
[2010-01-22 21:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Crazybump
[2010-01-22 21:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\CrazyBump
[2010-01-22 19:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-01-22 17:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Pulpit\PSP Games
[2010-01-22 15:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Moje dokumenty\My Received Files
[2010-01-22 15:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Dane aplikacji\bearsharemediabartb
[2010-01-22 15:41:08 | 000,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx
[2010-01-22 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010-01-21 23:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Moje dokumenty\RPGXP
[2010-01-18 08:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Enterbrain
[2010-01-17 17:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neth\Moje dokumenty\EA Games
[2010-01-17 16:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2009-12-17 18:14:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-12-11 07:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-11-15 13:30:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-11-15 13:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-02-15 21:49:13 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neth\Pulpit\OTL.exe
[2010-02-15 21:28:21 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010-02-15 21:21:14 | 000,000,238 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-02-15 20:39:36 | 039,094,288 | ---- | M] () -- C:\Documents and Settings\Neth\Pulpit\FCKNLAGGINPIECEOFSHIT.wmv
[2010-02-15 20:32:54 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-15 19:06:30 | 000,686,034 | ---- | M] () -- C:\Documents and Settings\Neth\Pulpit\ss1.bmp
[2010-02-15 18:34:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2010-02-15 18:34:49 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegPowerClean.job
[2010-02-15 18:34:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-15 18:34:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-15 17:10:50 | 001,201,186 | ---- | M] () -- C:\Documents and Settings\Neth\Pulpit\vbct_10k.rar
[2010-02-15 15:50:42 | 005,609,600 | ---- | M] () -- C:\Documents and Settings\Neth\Pulpit\Justin Timberlake Feat Andy - Dick In The Box (Uncensored) Best Quality!.mp3
[2010-02-15 06:55:31 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Neth\NTUSER.DAT
[2010-02-15 06:55:31 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Neth\ntuser.ini
[2010-02-14 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan.job
[2010-02-14 16:57:59 | 000,018,304 | ---- | M] () -- C:\Documents and Settings\Neth\.recently-used.xbel
[2010-02-10 13:30:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-02-10 00:31:53 | 000,138,240 | ---- | M] () -- C:\WINDOWS\msa.exe
[2010-02-10 00:31:48 | 000,178,176 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll
[2010-02-08 12:24:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-01 23:58:43 | 002,106,628 | -H-- | M] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-01 23:45:13 | 000,000,740 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-02-01 22:45:14 | 000,047,104 | ---- | M] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2010-02-01 19:04:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\videomach-5.2.0.exe
[2010-02-01 18:58:08 | 007,651,110 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\^^.mpg
[2010-02-01 18:53:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\^^.mpg
[2010-02-01 16:06:57 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010-02-01 00:32:29 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\0B96A44C31.sys
[2010-01-31 22:02:02 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RPCReminder.job
[2010-01-26 22:11:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202(2).JPG
[2010-01-26 22:11:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202(1).JPG
[2010-01-26 22:10:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202.JPG
[2010-01-23 11:13:00 | 003,631,806 | ---- | M] () -- C:\Documents and Settings\Neth\Moje dokumenty\Leszek.zip
[2010-01-23 11:10:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Leszek.zip
[2010-01-23 11:03:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neth\Leszek.rar
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-02-15 20:34:15 | 039,094,288 | ---- | C] () -- C:\Documents and Settings\Neth\Pulpit\FCKNLAGGINPIECEOFSHIT.wmv
[2010-02-15 19:06:30 | 000,686,034 | ---- | C] () -- C:\Documents and Settings\Neth\Pulpit\ss1.bmp
[2010-02-15 15:50:27 | 005,609,600 | ---- | C] () -- C:\Documents and Settings\Neth\Pulpit\Justin Timberlake Feat Andy - Dick In The Box (Uncensored) Best Quality!.mp3
[2010-02-14 16:57:59 | 000,018,304 | ---- | C] () -- C:\Documents and Settings\Neth\.recently-used.xbel
[2010-02-10 00:32:10 | 000,138,240 | ---- | C] () -- C:\WINDOWS\msa.exe
[2010-02-10 00:31:59 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010-02-10 00:31:56 | 000,000,238 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-02-10 00:31:48 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\sshnas21.dll
[2010-02-07 14:17:34 | 001,201,186 | ---- | C] () -- C:\Documents and Settings\Neth\Pulpit\vbct_10k.rar
[2010-02-01 22:28:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2010-02-01 19:04:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\videomach-5.2.0.exe
[2010-02-01 18:54:01 | 007,651,110 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\^^.mpg
[2010-02-01 18:53:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\^^.mpg
[2010-01-26 22:11:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202(2).JPG
[2010-01-26 22:11:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202(1).JPG
[2010-01-26 22:10:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\SDC10202.JPG
[2010-01-23 11:10:45 | 003,631,806 | ---- | C] () -- C:\Documents and Settings\Neth\Moje dokumenty\Leszek.zip
[2010-01-23 11:10:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Leszek.zip
[2010-01-23 11:03:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neth\Leszek.rar
[2010-01-22 15:41:19 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Neth\Dane aplikacji\Smiley.ico
[2010-01-21 23:16:01 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0B96A44C31.sys
[2010-01-18 08:10:27 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010-01-14 19:16:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009-12-16 15:25:01 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-12-10 22:10:35 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-12-10 22:10:35 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-12-10 22:10:35 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-12-08 08:45:15 | 000,000,735 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2009-12-02 21:56:15 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-12-02 21:56:15 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-12-02 21:39:25 | 000,000,204 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009-11-21 22:51:45 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-11-20 08:01:22 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-11-16 20:51:25 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Neth\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-15 14:00:01 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005-08-30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005-08-30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005-08-30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-11-15 13:28:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-11-15 13:24:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006-03-02 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-11-15 13:28:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-11-15 13:28:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-15 13:28:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-03-02 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-12-11 07:06:07 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-02-15 18:34:30 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
< End of report >[/log]

Gość
komentarz
komentarz

[quote]
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll ()[/quote]
Log z ComboFixa daj.

JoneQ
komentarz
komentarz

[log]ComboFix 10-02-12.01 - Neth 2010-02-16 16:19:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1023.765 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Neth\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Neth\videomach-5.2.0.exe
c:\program files\Smart-Shopper
c:\program files\Smart-Shopper\Uninst.exe
c:\windows\msa.exe
c:\windows\system32\ieuinit.inf
c:\windows\system32\SIntf16.dll
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Pliki utworzone od 2010-01-16 do 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-15 10:00 . 2010-02-15 10:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3ACB
2010-02-14 15:40 . 2010-02-14 20:26 -------- d-----w- c:\program files\Valve
2010-02-11 10:07 . 2010-02-11 10:07 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\TortoiseSVN
2010-02-11 09:59 . 2010-02-11 09:59 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Subversion
2010-02-11 09:58 . 2010-02-16 20:22 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\TSVNCache
2010-02-11 09:58 . 2010-02-11 09:58 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-02-11 09:58 . 2010-02-11 09:58 -------- d-----w- c:\program files\TortoiseSVN
2010-02-10 00:33 . 2010-02-10 00:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET
2010-02-09 23:31 . 2010-02-09 23:31 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Avnex
2010-02-09 23:31 . 2010-02-09 23:31 -------- d-----w- C:\AV_LOGS
2010-02-01 21:28 . 1997-08-26 11:06 315904 ----a-w- c:\windows\IsUninst.exe
2010-02-01 21:28 . 2010-02-01 21:28 -------- d-----w- c:\documents and settings\Neth\WINDOWS
2010-02-01 21:28 . 2010-02-01 21:45 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2010-02-01 14:37 . 2010-02-01 14:37 -------- d-----w- c:\program files\danny_kay1710
2010-01-31 23:39 . 2010-02-15 05:55 -------- d-----w- c:\program files\Spyware Terminator
2010-01-28 20:51 . 2010-01-28 21:03 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\.minecraft
2010-01-24 11:49 . 2010-02-15 19:55 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
2010-01-24 11:45 . 2010-01-24 11:45 -------- d-----w- c:\program files\Conduit
2010-01-24 11:45 . 2010-01-24 11:45 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\Conduit
2010-01-24 11:45 . 2010-01-25 08:21 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\DVDVideoSoft
2010-01-24 11:45 . 2010-01-24 11:45 52224 ----a-w- c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-01-24 11:45 . 2010-01-24 11:45 101376 ----a-w- c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2010-01-23 10:10 . 2010-01-23 10:10 0 ----a-w- c:\documents and settings\Neth\Leszek.zip
2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\licensecb
2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\licensecb
2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\CrazyBump
2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\program files\Crazybump
2010-01-22 20:50 . 2010-01-22 20:50 -------- d-----w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\CrazyBump
2010-01-22 18:41 . 2010-01-22 18:41 -------- d-----w- c:\program files\Trend Micro
2010-01-22 14:41 . 2010-02-15 11:26 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\bearsharemediabartb
2010-01-22 14:41 . 2010-02-15 16:48 -------- d-----w- c:\program files\BearShare Applications
2010-01-21 22:16 . 2010-01-31 23:32 56 --sh--r- c:\windows\system32\0B96A44C31.sys
2010-01-20 15:53 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-18 07:10 . 2010-02-01 15:06 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-18 07:09 . 2010-01-18 07:09 -------- d-----w- c:\program files\Common Files\Enterbrain

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 20:22 . 2009-11-17 18:56 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Skype
2010-02-15 19:26 . 2009-11-20 19:24 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-02-15 18:19 . 2009-11-17 18:58 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\skypePM
2010-02-15 09:09 . 2009-11-15 13:33 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Nowe Gadu-Gadu
2010-02-14 15:40 . 2009-11-15 13:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 17:38 . 2009-11-25 14:56 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Winamp
2010-02-10 16:52 . 2009-11-22 20:25 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\gtk-2.0
2010-02-09 20:38 . 2009-11-16 19:41 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\BitTorrent
2010-01-31 23:42 . 2010-01-03 20:57 -------- d-----w- c:\program files\Winferno
2010-01-25 12:30 . 2009-11-19 15:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-25 12:29 . 2009-11-19 15:23 -------- d-----w- c:\program files\DVDVideoSoft
2010-01-21 18:25 . 2010-01-03 20:57 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\Smart-Shopper
2010-01-17 15:42 . 2010-01-17 15:42 -------- d-----w- c:\program files\EA GAMES
2010-01-14 18:15 . 2010-01-14 18:15 -------- d-----w- c:\program files\TechSmith
2010-01-06 22:05 . 2010-01-06 22:05 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2010-01-06 22:05 . 2010-01-06 22:05 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-01-06 22:05 . 2010-01-06 22:05 -------- d-----w- c:\program files\Illustrate
2010-01-06 20:33 . 2010-01-06 20:32 26286 ----a-w- c:\windows\scunin.dat
2010-01-06 20:33 . 2010-01-06 20:32 967 ----a-w- c:\windows\ScUnin.pif
2010-01-06 20:33 . 2010-01-06 20:32 94208 ----a-w- c:\windows\ScUnin.exe
2010-01-04 14:27 . 2009-11-15 13:25 23528 ----a-w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-01-03 21:02 . 2010-01-03 21:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Winferno
2010-01-01 18:37 . 2009-11-15 14:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-01 18:36 . 2009-12-02 20:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-01 18:35 . 2010-01-01 18:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-01 18:35 . 2010-01-01 18:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-01 18:35 . 2010-01-01 18:35 -------- d-----w- c:\program files\OpenAL
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 18:23 . 2009-12-28 18:23 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-28 15:02 . 2009-11-19 18:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-26 11:09 . 2009-12-26 11:09 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{0134E361-C5BE-40C9-8408-DE27B2801AC8}
2009-12-24 17:24 . 2009-12-24 17:24 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\runic games
2009-12-24 17:16 . 2009-12-24 17:16 -------- d-----w- c:\program files\Runic Games
2009-12-24 08:35 . 2009-12-24 08:34 1669040 ----a-w- c:\documents and settings\All Users\Dane aplikacji\WildTangent\Game Console - WildGames\Downloads\en-us\Installers\SetupGamesClient.exe
2009-12-23 22:51 . 2009-12-23 22:51 -------- d-----w- c:\documents and settings\Neth\Dane aplikacji\WildTangent
2009-12-23 22:51 . 2009-12-23 22:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\WildTangent
2009-12-23 22:51 . 2009-12-23 22:49 -------- d-----w- c:\program files\WildGames
2009-12-22 05:10 . 2006-03-02 12:00 669696 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:10 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 11:58 . 2009-12-26 11:09 2822139 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{0134E361-C5BE-40C9-8408-DE27B2801AC8}\Templar Flyff Launcher.exe
2009-12-17 07:42 . 2009-11-15 12:24 345088 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 14:25 . 2009-12-16 14:25 129 ----a-w- c:\documents and settings\Neth\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-12-16 07:07 . 2006-03-02 12:00 88816 ----a-w- c:\windows\system32\perfc015.dat
2009-12-16 07:07 . 2006-03-02 12:00 499510 ----a-w- c:\windows\system32\perfh015.dat
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 06:10 . 2009-11-15 12:27 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-10 21:10 . 2009-12-10 21:10 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-12-10 21:10 . 2009-12-10 21:10 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-12-09 10:11 . 2004-08-04 00:38 2067328 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:11 . 2006-03-02 12:00 2190464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 06:42 . 2009-12-03 06:42 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-02 20:56 . 2009-12-02 20:56 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-12-02 20:56 . 2009-12-02 20:56 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-27 17:14 . 2006-03-02 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-04 00:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-04 00:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2001-10-26 17:29 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 21:51 . 2009-11-21 21:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-12-27 13:30 504248 ----a-w- c:\program files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-15 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"DataMngr"="c:\program files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe" [2009-12-27 184760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"d:\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\Steam\\steamapps\\darmonius\\team fortress 2\\hl2.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Steam\\steamapps\\darmonius\\counter-strike source\\hl2.exe"=
"d:\\Steam\\Steam.exe"=
"d:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Steam\\steamapps\\darmonius\\garrysmod\\hl2.exe"=
"d:\\Steam\\steamapps\\darmonius\\source sdk base\\hl2.exe"=
"d:\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"d:\\CoD 4\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Steam\\steamapps\\darmonius\\source 2007 dedicated server\\srcds.exe"=
"d:\\Steam\\steamapps\\darmonius\\dedicated server\\hlds.exe"=
"d:\\Steam\\steamapps\\darmonius\\counter-strike\\hl.exe"=
"d:\\Steam\\steamapps\\darmonius\\source dedicated server\\srcds.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Steam\\steamapps\\darmonius\\deathmatch classic\\hl.exe"=
"d:\\Worms 4 Mayhem\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"d:\\Steam\\steamapps\\darmonius\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Crazybump\\CB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-21 691696]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 RaySat3_6_53_22Server;RaySat3_6_53_22 Server;d:\softimage\XSI_7.0\Application\bin\raysat3_6_53_22server.exe [2009-11-26 69632]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Zawartość folderu 'Zaplanowane zadania'

2009-11-16 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-11-15 22:37]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/
FF - ProfilePath - c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - component: c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Neth\Dane aplikacji\Mozilla\Firefox\Profiles\8unkeloa.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Neth\Dane aplikacji\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\Neth\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-ROUA3O12PW - c:\windows\msa.exe
AddRemove-Adobe Photoshop CS3 PL - c:\documents and settings\Neth\Pulpit\Uninstal.exe
AddRemove-File Deleter_is1 - c:\program files\FileDeleter\unins000.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-RegPowerClean_is1 - c:\program files\Winferno\RegistryPowerCleaner\unins000.exe
AddRemove-Smart-Shopper - c:\program files\Smart-Shopper\Uninst.exe
AddRemove-Worms2 - c:\team17\Worms2\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 21:22
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys splc.sys >>UNKNOWN [0x8678E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf761ff28
\Driver\ACPI -> ACPI.sys @ 0xf73a6cb8
\Driver\atapi -> atapi.sys @ 0xf7361b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf726abb0
PacketIndicateHandler -> NDIS.sys @ 0xf7277a21
SendHandler -> NDIS.sys @ 0xf725587b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(164)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Illustrate\dBpowerAMP\dBShell.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Czas ukończenia: 2010-02-16 21:26:45 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-16 20:26

Przed: 11 922 935 808 bajtów wolnych
Po: 12 382 187 520 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5BA65A3ACDC981FCD5EC034950C448A1[/log]

I ? BUMP

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.