Chesus Napisano Lipiec 15, 2009 Zgłoś Share Napisano Lipiec 15, 2009 Nie wiem czy to dobry dział ale cóż trzeba zaryzykować. Tak jak w temacie coś się do mnie wprosiło i nie mogę się tego pozbyć. Mam NOD32 i co chwila wyskakuje mi komunikat, że wykryto wirusa. Gdy skanuje folder, gdzie niby to coś wykryto nic nie znajduje, i tak cały czas. Dołączam screen tego potworka http://img196.imageshack.us/img196/3030/virusj.png Help!! jak się tego czegoś pozbyć bo jest strasznie denerwujące Dołączam jeszcze logi z HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:37, on 2009-07-15 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Admin\aatsn.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\TBPanel.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray .exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\DNA\btdna.exe C:\Program Files\CursorXP\CursorXP .exe C:\Program Files\AutoConnect\AutoConnect .exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Admin\aatsn.exe \s O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [GroupManager] C:\Program Files\Kudos Rock Legend\groupmanager.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [kykr] C:\WINDOWS\system32\kykr.exe \u O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S4.tmp" /EF "HKCU" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B7AB01A9-939E-49B3-B4EA-4DE212DFD248}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 7961 bytes Link do komentarza Udostępnij na innych stronach More sharing options...
TaxMan Napisano Lipiec 15, 2009 Zgłoś Share Napisano Lipiec 15, 2009 Ja mam troszkę odbiegające od tematu pytanie. Gdzieś dorwał Prototype jak wszędzie jeszcze tylko w przedsprzedaży ?? Link do komentarza Udostępnij na innych stronach More sharing options...
Chesus Napisano Lipiec 15, 2009 Autor Zgłoś Share Napisano Lipiec 15, 2009 Nie "spiraciłem" jeśli o to Ci chodzi Premiera światowa była 9 czerwca więc co za problem kupić za granicą a po drugie nie lubię spolszczonych gier Chyba opanowałem sytuacje. Usunąłem F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Admin\aatsn.exe \s O4 - HKLM\..\Run: [kykr] C:\WINDOWS\system32\kykr.exe \u i jak na razie jest wszystko ok. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Lipiec 16, 2009 Zgłoś Share Napisano Lipiec 16, 2009 Dla pewności możesz jeszcze zamieścić log z ComboFix-a, bo jednak HJT nie wszystko skanuje. Link do komentarza Udostępnij na innych stronach More sharing options...
Chesus Napisano Lipiec 16, 2009 Autor Zgłoś Share Napisano Lipiec 16, 2009 Coś jest jeszcze nie tak jak powinno. Zassałem dzisiaj avire i przeskanowałem dysk C i wykryło mi 7 wirusów TR/Crypt... oto screen http://img187.imageshack.us/img187/7161/avira.png Proszę bardzo logi z combofixa: ComboFix 09-07-14.08 - Admin 2009-07-16 13:33.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1366 [GMT 2:00] Uruchomiony z: E:\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Admin\Dane aplikacji\.# c:\documents and settings\Admin\Dane aplikacji\BITS c:\documents and settings\Admin\Dane aplikacji\BITS\BITS.ini c:\documents and settings\Admin\Dane aplikacji\BITS\DHTTable.dat c:\documents and settings\Admin\Dane aplikacji\BITS\ProxyList.ini c:\documents and settings\Admin\Dane aplikacji\BITS\UPnP.ini c:\program files\FlashGet Network c:\program files\FlashGet Network\FlashGet universal\btcore.dll c:\program files\FlashGet Network\FlashGet universal\btwrap.dll c:\program files\FlashGet Network\FlashGet universal\BugReport.dll c:\program files\FlashGet Network\FlashGet universal\BugReport.exe c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll c:\program files\FlashGet Network\FlashGet universal\fgoption.ini c:\program files\FlashGet Network\FlashGet universal\FGVer.dll c:\program files\FlashGet Network\FlashGet universal\flashget.exe c:\program files\FlashGet Network\FlashGet universal\gt.exe c:\program files\FlashGet Network\FlashGet universal\hashgen.dll c:\program files\FlashGet Network\FlashGet universal\Help\license.txt c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini c:\program files\FlashGet Network\FlashGet universal\libupnp.dll c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db c:\program files\FlashGet Network\FlashGet universal\storage.dll c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe c:\program files\FlashGet Network\FlashGet universal\transaction.log c:\program files\FlashGet Network\FlashGet universal\uninst.exe c:\program files\FlashGet Network\FlashGet universal\zlib.dll c:\windows\system32\setup.ini . ((((((((((((((((((((((((( Pliki utworzone od 2009-06-16 do 2009-07-16 ))))))))))))))))))))))))))))))) . 2009-07-16 10:51 . 2009-07-16 10:51 -------- d-----w- c:\windows\LastGood 2009-07-16 10:51 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-07-16 10:51 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-16 10:51 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-07-16 10:51 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-07-16 10:51 . 2009-07-16 10:51 -------- d-----w- c:\program files\Avira 2009-07-16 10:51 . 2009-07-16 10:51 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2009-07-15 15:16 . 2009-07-15 15:16 -------- d-----w- c:\program files\Game Cam V2 2009-07-15 11:14 . 2009-07-15 11:14 -------- d-----w- C:\games 2009-07-14 21:09 . 2009-07-16 10:06 -------- d-----w- c:\program files\AutoConnect 2009-07-14 15:30 . 2009-07-14 15:30 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\CDRoller 2009-07-14 15:30 . 2009-07-14 15:30 -------- d-----w- c:\program files\CDRoller 2009-07-13 15:37 . 2009-07-13 15:37 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\World in Conflict 2009-07-13 15:35 . 2009-07-13 15:35 -------- d--h--r- c:\documents and settings\Admin\Dane aplikacji\SecuROM 2009-07-13 15:24 . 2009-07-13 15:24 -------- d-----w- c:\program files\Sierra Entertainment 2009-07-12 17:18 . 2009-07-13 12:43 -------- d-----w- c:\program files\DBME2k8 2009-07-12 15:10 . 2009-07-12 15:39 -------- d-----w- c:\program files\Psychotoxic 2009-07-09 19:36 . 2009-07-09 20:31 -------- d-----w- c:\program files\emote 2009-07-09 18:50 . 2009-07-09 18:50 -------- d-----w- c:\program files\Microsoft.NET 2009-07-09 10:54 . 2009-07-09 18:55 -------- d-----w- c:\program files\PopCap Games 2009-07-06 18:13 . 2009-07-06 20:50 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Hamachi 2009-07-06 18:13 . 2009-07-06 18:13 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-07-06 18:13 . 2009-07-06 18:13 -------- d-----w- c:\program files\Hamachi 2009-07-06 11:19 . 2009-07-06 11:23 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Tlen.pl 2009-07-06 11:19 . 2009-07-06 11:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Tlen.pl 2009-07-06 11:19 . 2009-07-06 11:19 -------- d-----w- c:\program files\Tlen.pl 2009-07-01 09:14 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll 2009-07-01 09:14 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll 2009-07-01 09:14 . 2001-08-18 04:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2009-07-01 09:14 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\kbdkor.dll 2009-07-01 09:14 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll 2009-07-01 09:14 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll 2009-07-01 09:14 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll 2009-07-01 09:14 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll 2009-07-01 09:14 . 2001-08-17 20:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll 2009-07-01 09:14 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll 2009-07-01 09:14 . 2008-04-14 20:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2009-07-01 09:14 . 2008-04-14 20:39 6144 ----a-w- c:\windows\system32\kbd106.dll 2009-06-29 16:34 . 2009-06-29 16:34 167376 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\n7da2wct.default\FlashGot.exe 2009-06-29 16:25 . 2009-06-29 16:25 -------- d-----w- C:\profiles 2009-06-26 20:52 . 2009-06-26 20:52 -------- d-----w- c:\program files\Common Files\DirectX 2009-06-26 20:46 . 2009-06-26 20:46 -------- d-----w- c:\program files\Codemasters 2009-06-24 20:52 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2009-06-24 20:52 . 2004-07-26 15:16 476320 ------w- c:\windows\system32\ImagXpr7.dll 2009-06-24 20:52 . 2004-07-26 15:16 471040 ------w- c:\windows\system32\ImagXRA7.dll 2009-06-24 20:52 . 2004-07-26 15:16 262144 ------w- c:\windows\system32\ImagXR7.dll 2009-06-24 20:52 . 2004-07-26 15:16 1568768 ------w- c:\windows\system32\ImagX7.dll 2009-06-24 20:52 . 2009-07-16 10:06 27660 ----a-w- c:\windows\system32\nerocheck.exe 2009-06-24 20:52 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\nerocheck .exe 2009-06-24 20:51 . 2009-06-24 20:51 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-24 20:51 . 2009-06-24 20:52 -------- d-----w- c:\program files\Ahead 2009-06-24 20:49 . 2008-06-24 12:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll 2009-06-23 22:54 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-06-23 22:54 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-06-23 22:54 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-06-23 22:54 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-06-23 22:54 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-06-23 22:54 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-06-23 22:54 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-06-23 22:53 . 2009-06-23 22:53 -------- d--h--w- c:\windows\msdownld.tmp 2009-06-23 22:16 . 2009-06-23 22:16 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Activision 2009-06-22 11:06 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-22 11:05 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-21 16:46 . 2009-06-21 16:46 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Ubisoft 2009-06-21 15:04 . 2009-06-21 15:04 -------- d-----w- c:\program files\Ubisoft 2009-06-21 14:16 . 2009-06-26 17:55 -------- d-----w- C:\asasin krid 2009-06-20 14:38 . 2009-06-20 14:38 -------- d-----w- c:\program files\foobar2000 2009-06-17 14:33 . 2009-07-09 13:47 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\The Witcher 2009-06-17 14:26 . 2009-06-17 14:26 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-06-17 14:26 . 2009-06-17 14:26 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-06-17 14:17 . 2009-07-09 13:41 -------- d-----w- c:\program files\Wiedźmin . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-16 11:36 . 2009-06-10 10:04 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\DNA 2009-07-16 11:33 . 2009-03-17 21:52 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\foobar2000 2009-07-16 10:06 . 2009-02-21 18:26 -------- d-----w- c:\program files\neostrada tp 2009-07-16 10:06 . 2009-06-10 10:04 -------- d-----w- c:\program files\DNA 2009-07-16 10:06 . 2009-03-22 17:22 -------- d-----w- c:\program files\CursorXP 2009-07-15 21:15 . 2009-03-04 19:30 -------- d-----w- c:\program files\English Translator 3 2009-07-15 17:17 . 2009-02-22 19:21 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-07-13 15:24 . 2009-02-21 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-12 11:47 . 2009-03-17 22:08 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\VSO 2009-07-11 18:03 . 2009-06-14 18:35 -------- d-----w- c:\program files\Half-Life 2 2009-07-11 13:46 . 2009-06-20 13:13 25440 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-07-11 13:46 . 2009-06-20 13:13 1630560 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Resources.dll 2009-07-11 13:46 . 2009-06-20 13:13 2353480 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-07-09 15:36 . 2001-10-26 16:15 84208 ----a-w- c:\windows\system32\perfc015.dat 2009-07-09 15:36 . 2001-10-26 16:15 491152 ----a-w- c:\windows\system32\perfh015.dat 2009-07-04 13:13 . 2009-06-06 13:15 84832 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-07-04 13:13 . 2009-06-06 13:14 40288 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-07-04 13:13 . 2009-06-20 13:13 566632 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-29 13:31 . 2009-06-20 13:13 314712 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-06-29 13:31 . 2009-06-20 13:13 169312 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-06-29 13:30 . 2009-06-20 13:13 348496 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-06-29 13:30 . 2009-06-20 13:13 298336 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-06-29 13:28 . 2009-06-06 13:14 246128 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-06-29 13:26 . 2009-06-20 13:13 85352 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe 2009-06-29 13:26 . 2009-06-20 13:13 664424 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-06-29 13:24 . 2009-06-20 13:13 563064 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-06-29 13:16 . 2009-06-20 13:13 629072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-29 13:15 . 2009-06-20 13:13 520024 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-29 13:15 . 2009-06-20 13:13 1029456 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-06-27 11:26 . 2009-02-21 18:18 61400 ----a-w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-06-25 09:36 . 2009-04-02 13:38 -------- d-----w- c:\program files\Bethesda Softworks 2009-06-24 20:53 . 2009-03-22 13:13 -------- d-----w- c:\program files\Common Files\Nero 2009-06-24 20:50 . 2009-03-22 13:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero 2009-06-22 11:07 . 2009-02-21 18:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-22 11:06 . 2009-02-21 18:20 -------- d-----w- c:\program files\AGEIA Technologies 2009-06-21 15:15 . 2009-04-26 13:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ubisoft 2009-06-17 17:11 . 2009-02-26 18:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\2DBoy 2009-06-15 11:41 . 2009-06-15 11:41 -------- d-----w- c:\program files\Activision 2009-06-14 17:50 . 2006-09-18 05:57 2560 ----a-w- c:\windows\system32\BitCometRes.dll 2009-06-14 17:49 . 2009-06-13 10:48 -------- d-----w- c:\program files\BitComet 2009-06-14 17:23 . 2009-06-13 16:17 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-06-14 17:22 . 2009-06-13 16:17 189640 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-06-14 16:20 . 2009-06-14 16:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\InstallShield 2009-06-14 16:12 . 2009-06-14 16:12 -------- d-----w- c:\program files\GALA-NET 2009-06-13 16:17 . 2009-06-13 16:17 139152 ----a-w- c:\documents and settings\Admin\Dane aplikacji\PnkBstrK.sys 2009-06-13 16:17 . 2009-06-13 16:17 139152 ----a-w- c:\documents and settings\Admin\Dane aplikacji\PnkBstrK.sys 2009-06-13 16:17 . 2009-06-13 16:17 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-06-13 16:17 . 2009-06-13 16:17 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-06-13 15:31 . 2009-06-13 15:31 -------- d-----w- c:\program files\EA Games 2009-06-13 13:55 . 2009-06-13 13:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NexonEU 2009-06-13 13:00 . 2009-06-13 13:00 98304 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\nxgameeu.dll 2009-06-13 13:00 . 2009-06-13 13:00 81920 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll 2009-06-13 13:00 . 2009-06-13 13:00 532480 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGMDll.dll 2009-06-13 13:00 . 2009-06-13 13:00 331776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGMResource.dll 2009-06-13 13:00 . 2009-06-13 13:00 258352 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\unicows.dll 2009-06-13 13:00 . 2009-06-13 13:00 155648 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe 2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll 2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll 2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll 2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-06-10 16:33 . 2002-09-20 17:04 5908608 ----a-w- c:\windows\system32\nv4_disp.dll 2009-06-10 16:33 . 2002-08-28 22:16 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll 2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll 2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll 2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll 2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-06-06 13:15 . 2009-06-06 13:15 15688 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-06-06 13:15 . 2009-03-21 14:22 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-03 20:31 . 2009-03-14 14:21 -------- d-----w- c:\program files\Guild Wars 2009-06-01 16:06 . 2009-06-01 14:49 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Mount&Blade 2009-05-31 19:07 . 2009-05-31 19:07 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-05-31 10:22 . 2009-05-31 10:22 4096 ----a-w- c:\windows\d3dx.dat 2009-05-25 08:42 . 2009-04-22 21:11 -------- d-----w- c:\program files\Google 2009-05-23 18:48 . 2009-04-06 22:14 -------- d-----w- c:\program files\Jasc Software Inc 2009-05-21 20:20 . 2009-05-21 20:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TVU Networks 2009-05-21 19:58 . 2009-05-21 19:58 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\HTML Executable 2009-05-21 19:57 . 2009-05-21 19:57 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Desktopicon 2009-05-18 19:58 . 2009-05-18 19:58 -------- d-----w- c:\program files\Lionhead Studios 2009-05-17 19:16 . 2009-05-17 19:16 -------- d-----w- c:\program files\Hasbro 2009-05-17 11:12 . 2009-05-17 11:12 409600 ----a-w- c:\windows\system32\wrap_oal.dll 2009-05-17 11:12 . 2009-05-17 11:12 114688 ----a-w- c:\windows\system32\OpenAL32.dll 2009-05-15 13:32 . 2009-06-13 15:31 1283448 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\n7da2wct.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe 2009-05-15 13:32 . 2009-06-13 15:31 729088 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\n7da2wct.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll 2009-05-09 12:59 . 2009-02-21 18:06 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-05-07 15:34 . 2001-10-26 17:29 347648 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:35 . 2009-02-21 18:14 81920 ------w- c:\windows\system32\ieencode.dll 2009-04-29 04:35 . 2009-02-21 18:06 669184 ----a-w- c:\windows\system32\wininet.dll 2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-04-25 13:14 . 2009-04-25 13:14 64160 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-04-25 13:14 . 2009-03-21 14:13 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-04-24 15:20 . 2009-04-24 15:20 135168 ----a-w- c:\windows\system32\UAService7.exe 2009-04-19 19:51 . 2001-10-26 16:59 1847424 ----a-w- c:\windows\system32\win32k.sys 2009-06-24 17:58 . 2009-07-09 19:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2009-07-16 27660] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-10 342336] "AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2009-07-16 27660] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-22 949376] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-16 27660] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2009-07-15 27660] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "Gainward"="c:\windows\TBPanel.exe" [2007-11-01 2185768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2009-07-16 27660] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416] "AdslTaskBar"="stmctrl.dll" - c:\windows\system32\stmctrl.dll [2006-06-02 151552] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "e:\\Dawn\\Dawn Of War\\W40k.exe"= "e:\\Dawn\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "d:\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\neostrada tp\\neostradatp.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Prototype\\prototypef.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"= "c:\\Documents and Settings\\Admin\\Moje dokumenty\\Pobieranie\\Worms Armageddon\\WA.exe"= "c:\\Program Files\\Tlen.pl\\tlen.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"= "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"= "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18229:TCP"= 18229:TCP:BitComet 18229 TCP "18229:UDP"= 18229:UDP:BitComet 18229 UDP R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-21 64160] R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520] R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-22 15424] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-16 108289] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1029456] R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2009-02-21 60255] R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-02-21 684265] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - ANTIVIRSCHEDULERSERVICE *NewlyCreated* - ANTIVIRSERVICE *NewlyCreated* - AVGIO *NewlyCreated* - AVGNTFLT *NewlyCreated* - AVIPBB . Zawartość folderu 'Zaplanowane zadania' 2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:13] 2009-07-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: { - c:\program files\Messenger\msmsgs.exe LSP: c:\windows\system32\imon.dll TCP: {B7AB01A9-939E-49B3-B4EA-4DE212DFD248} = 194.204.159.1 217.98.63.164 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\n7da2wct.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\n7da2wct.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-16 13:37 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\c:\docume~1\Admin\USTAWI~1\Temp\ASFWHide" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-839522115-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(892) c:\windows\system32\imon.dll . Czas ukończenia: 2009-07-16 13:39 ComboFix-quarantined-files.txt 2009-07-16 11:39 Przed: 34 709 299 200 bajtów wolnych Po: 39 683 862 528 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 629 --- E O F --- 2009-06-10 21:16 Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Lipiec 16, 2009 Zgłoś Share Napisano Lipiec 16, 2009 Po pierwsze nigdy nie używaj dwóch antywirusów naraz! Przeskanuj poniższe pliki na http://www.virustotal.com/pl/ i podaj wyniki. c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT c:\windows\system32\ShellManager310E2D762.dll Poza tym nic podejrzanego w logu nie zauważyłem, więc lepiej od razu zrób co następuje: 1. Wyłącz przywracanie systemu. 2. Ściągnij LiveCD jakiegoś antywirusa polecam Dr.Web lub Avirę, jako, że ich obrazy są często uaktualniane, a same antywirusy są całkiem niezłe. 3. Wypal płytę, zbootuj ją i zrób skan. Wszystkie wirusy powinny być usunięte. 4. Zresetuj kompa i sprawdź efekt. 5. Jeśli wszystko jest ok, to możesz włączyć przywracanie systemu. Link do komentarza Udostępnij na innych stronach More sharing options...
Chesus Napisano Lipiec 16, 2009 Autor Zgłoś Share Napisano Lipiec 16, 2009 Pierwszy plik jest czysty 0/40 Plik GDIPFONTCACHEV1.DAT otrzymany 2009.07.16 18:11:51 (UTC) Antywirus Wersja Ostatnia aktualizacja Wynik a-squared 4.5.0.24 2009.07.16 - AhnLab-V3 5.0.0.2 2009.07.16 - AntiVir 7.9.0.220 2009.07.16 - Antiy-AVL 2.0.3.7 2009.07.16 - Authentium 5.1.2.4 2009.07.16 - Avast 4.8.1335.0 2009.07.16 - AVG 8.5.0.387 2009.07.16 - BitDefender 7.2 2009.07.16 - CAT-QuickHeal 10.00 2009.07.16 - ClamAV 0.94.1 2009.07.16 - Comodo 1673 2009.07.16 - DrWeb 5.0.0.12182 2009.07.16 - eSafe 7.0.17.0 2009.07.16 - eTrust-Vet 31.6.6617 2009.07.15 - F-Prot 4.4.4.56 2009.07.16 - Fortinet 3.120.0.0 2009.07.16 - GData 19 2009.07.16 - Ikarus T3.1.1.64.0 2009.07.16 - Jiangmin 11.0.800 2009.07.16 - K7AntiVirus 7.10.794 2009.07.16 - Kaspersky 7.0.0.125 2009.07.16 - McAfee 5678 2009.07.16 - McAfee+Artemis 5678 2009.07.16 - McAfee-GW-Edition 6.8.5 2009.07.16 - Microsoft 1.4803 2009.07.16 - NOD32 4250 2009.07.16 - Norman 6.01.09 2009.07.16 - nProtect 2009.1.8.0 2009.07.16 - Panda 10.0.0.14 2009.07.16 - PCTools 4.4.2.0 2009.07.16 - Prevx 3.0 2009.07.16 - Rising 21.38.34.00 2009.07.16 - Sophos 4.43.0 2009.07.16 - Sunbelt 3.2.1858.2 2009.07.16 - Symantec 1.4.4.12 2009.07.16 - TheHacker 6.3.4.3.368 2009.07.15 - TrendMicro 8.950.0.1094 2009.07.16 - VBA32 3.12.10.8 2009.07.15 - ViRobot 2009.7.16.1839 2009.07.16 - VirusBuster 4.6.5.0 2009.07.16 - Dodatkowe informacje File size: 61400 bytes MD5...: 97db2fb4d426eec14a09d16d10baaee7 SHA1..: 17efca8ae18fe647846c189df0ace39df32201a2 SHA256: fa6cbdaedc7ecaa1276d60647634c506baa72a902dec73925f189941bacc6b77 ssdeep: 1536:XULRSAP3II8a87GIP1ofWuc4r/C8ChNycN8bb:XnA<br> PEiD..: - TrID..: File type identification<br>Corel Photo Paint (100.0%) PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set<br>- 2 plik również jest czysty 0/41 Antywirus Wersja Ostatnia aktualizacja Wynik a-squared 4.5.0.18 2009.06.19 - AhnLab-V3 5.0.0.2 2009.06.19 - AntiVir 7.9.0.193 2009.06.19 - Antiy-AVL 2.0.3.1 2009.06.19 - Authentium 5.1.2.4 2009.06.19 - Avast 4.8.1335.0 2009.06.18 - AVG 8.5.0.339 2009.06.19 - BitDefender 7.2 2009.06.19 - CAT-QuickHeal 10.00 2009.06.19 - ClamAV 0.94.1 2009.06.19 - Comodo 1374 2009.06.19 - DrWeb 5.0.0.12182 2009.06.19 - eSafe 7.0.17.0 2009.06.18 - eTrust-Vet 31.6.6569 2009.06.19 - F-Prot 4.4.4.56 2009.06.19 - F-Secure 8.0.14470.0 2009.06.19 - Fortinet 3.117.0.0 2009.06.19 - GData 19 2009.06.19 - Ikarus T3.1.1.59.0 2009.06.19 - Jiangmin 11.0.706 2009.06.19 - K7AntiVirus 7.10.768 2009.06.19 - Kaspersky 7.0.0.125 2009.06.19 - McAfee 5651 2009.06.19 - McAfee+Artemis 5651 2009.06.19 - McAfee-GW-Edition 6.7.6 2009.06.19 - Microsoft 1.4803 2009.06.19 - NOD32 4172 2009.06.19 - Norman 6.01.09 2009.06.19 - nProtect 2009.1.8.0 2009.06.19 - Panda 10.0.0.16 2009.06.19 - PCTools 4.4.2.0 2009.06.19 - Prevx 3.0 2009.06.19 - Rising 21.34.44.00 2009.06.19 - Sophos 4.42.0 2009.06.19 - Sunbelt 3.2.1858.2 2009.06.19 - Symantec 1.4.4.12 2009.06.19 - TheHacker 6.3.4.3.348 2009.06.19 - TrendMicro 8.950.0.1094 2009.06.19 - VBA32 3.12.10.7 2009.06.19 - ViRobot 2009.6.19.1796 2009.06.19 - VirusBuster 4.6.5.0 2009.06.19 - Dodatkowe informacje File size: 1414440 bytes MD5 : 33ab1d32c1e19660a3c2993a9c17d5aa SHA1 : 82d4a0c7124d2f66f2a14fef7579c06fb8bd3b2c SHA256: b9c0d055b49cbe0a2cb7e17a8e2b9ca21140c2d587b4f010678cf10df91c8762 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xBD930 timedatestamp.....: 0x485FC0D6 (Mon Jun 23 17:27:18 2008) machinetype.......: 0x14C (Intel I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xDE263 0xDF000 6.68 685080d0d6d7a6217a4c20234bd0b5f7 .rdata 0xE0000 0x4254C 0x43000 4.52 7a4eaa1e0a7fceb103a1b12358b0dadf .data 0x123000 0x7D80 0x6000 5.10 8f128a927eb586149470545c4a7e8294 .rsrc 0x12B000 0x1F9A0 0x20000 5.74 f88f5310f18457ccdb076d0303652c9f .reloc 0x14B000 0xE34A 0xF000 5.47 987bcce42258e5bd887745cb88ff143c ( 9 imports ) > advapi32.dll: RegQueryInfoKeyW, RegDeleteKeyW, RegQueryValueExW, RegDeleteValueW, RegEnumValueW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExW, RegEnumKeyExW, RegCloseKey, AllocateAndInitializeSid, CheckTokenMembership, FreeSid > kernel32.dll: FormatMessageW, SetFileAttributesW, GetFileAttributesExW, GetVersionExW, GetProcAddress, GetModuleHandleW, GetFileAttributesW, FreeLibrary, LoadLibraryW, GetLongPathNameW, CreateDirectoryW, GetTempPathW, InterlockedIncrement, InterlockedDecrement, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, lstrcmpiW, GetModuleFileNameW, LoadLibraryExW, SetThreadLocale, GetThreadLocale, RemoveDirectoryW, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, HeapFree, GetProcessHeap, Sleep, GetCurrentThreadId, GetFullPathNameW, CloseHandle, GetFullPathNameA, CreateFileA, GetCurrentProcessId, GetFileSize, GetTempPathA, SetFilePointer, GetSystemTime, SetEndOfFile, AreFileApisANSI, DeleteFileA, QueryPerformanceCounter, UnlockFile, LockFile, GetTickCount, GetSystemTimeAsFileTime, FormatMessageA, WriteFile, GetFileAttributesA, ReadFile, CreateFileW, FlushFileBuffers, LockFileEx, LoadLibraryA, CompareStringW, CompareStringA, GetStringTypeW, lstrlenA, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, GetLastError, SetEnvironmentVariableA, SetEnvironmentVariableW, WriteConsoleA, GetConsoleOutputCP, SetStdHandle, GetStartupInfoA, SetHandleCount, GetTimeFormatA, IsValidCodePage, GetOEMCP, GetCPInfo, ExitProcess, VirtualAlloc, GetStringTypeA, GetConsoleMode, GetConsoleCP, LCMapStringW, VirtualFree, HeapCreate, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleHandleA, GetStdHandle, GetFileType, WriteConsoleW, GetCommandLineA, LCMapStringA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetTimeZoneInformation, GetDateFormatA, LocalFree, GetModuleFileNameA, GetEnvironmentVariableW, IsBadReadPtr, HeapDestroy, HeapAlloc, HeapReAlloc, HeapSize, InterlockedExchange, GetACP, GetLocaleInfoA, GetVersionExA, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent > ole32.dll: CoTaskMemRealloc, CoTaskMemFree, StringFromGUID2, StringFromCLSID, CoCreateInstance, CoTaskMemAlloc > oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, - > shell32.dll: SHGetMalloc, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHChangeNotify, SHGetFileInfoW, SHGetSpecialFolderPathW > shlwapi.dll: PathFileExistsW, PathIsDirectoryW > user32.dll: wsprintfW, MessageBoxW, UnregisterClassA, CharNextW > version.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW > winmm.dll: timeBeginPeriod, timeEndPeriod, timeGetTime ( 1 exports ) > DllCanUnloadNow, DllGetClassObject, DllMain, DllRegisterServer, DllUnregisterServer TrID : File type identification DirectShow filter (48.3%) Windows OCX File (29.6%) Win32 EXE PECompact compressed (generic) (9.9%) Win32 Executable MS Visual C++ (generic) (9.0%) Win32 Executable Generic (2.0%) ssdeep: 24576:MxSLQqyd9bM3u559SWlaDorvFrmejeTRI6N0IgbI3ordMDLA:oV/T9SWluo7ZmejeTRI6NrgEqd+U PEiD : - RDS : NSRL Reference Data Set Wszystko już jest ok. Dziękuje bardzo za pomoc i jeszcze jedno pytanie, zawsze miałem NOD32 ale dzisiaj sciągnąłem Avire i jak się okazało jest ona o wiele lepsza. I teraz nie wiem co zostawić Avire czy NOD32?? Link do komentarza Udostępnij na innych stronach More sharing options...
Evunio Napisano Lipiec 16, 2009 Zgłoś Share Napisano Lipiec 16, 2009 Ja bym radził lepiej zostawić noda Link do komentarza Udostępnij na innych stronach More sharing options...
Chesus Napisano Lipiec 16, 2009 Autor Zgłoś Share Napisano Lipiec 16, 2009 Fakt lekki i przyjemny ale już się przekonałem, że coś słabo radzi sobie z trojanami. Link do komentarza Udostępnij na innych stronach More sharing options...
Evunio Napisano Lipiec 16, 2009 Zgłoś Share Napisano Lipiec 16, 2009 Można żec,iż jest za bardzo wyczulony(jednym się to podoba,innym nie) PS.Zostaw lepiej Noda PS.2:Nie ściągaj dziadostwa z wirusami Link do komentarza Udostępnij na innych stronach More sharing options...
Chesus Napisano Lipiec 16, 2009 Autor Zgłoś Share Napisano Lipiec 16, 2009 Dobra to zostawiam noda ale instalke aviry zostawie w razie w To dzięki sąsiadowi miałem tego potworka na dysku ale już dostał za swoje Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Lipiec 16, 2009 Zgłoś Share Napisano Lipiec 16, 2009 To zależy, raz jest lepsza Avira, a raz nod32, porównania antywirusów są bardzo niemiarodajne. Moim zdaniem te programy są na podobnym, wysokim poziomie, aczkolwiek na korzyść Aviry przemawia to, że jest darmowa. Link do komentarza Udostępnij na innych stronach More sharing options...
Evunio Napisano Lipiec 16, 2009 Zgłoś Share Napisano Lipiec 16, 2009 Jedni lubią rybkę,drudzy... Link do komentarza Udostępnij na innych stronach More sharing options...
Converse Napisano Lipiec 17, 2009 Zgłoś Share Napisano Lipiec 17, 2009 To zależy, raz jest lepsza Avira, a raz nod32, porównania antywirusów są bardzo niemiarodajne. Moim zdaniem te programy są na podobnym, wysokim poziomie, aczkolwiek na korzyść Aviry przemawia to, że jest darmowa. Avira jest o wiele lepszym antywirusem, NOD również jest dobry ale jest do tego płatny a wykrywalność ma zawsze gorszą we wszystkich testach. Testuje również wiele zagrożeń typu 0 day na wirtualnej maszynie i NOD zazwyczaj słabo sobie radzi. Np. ten test (strona 7 i : http://www.av-comparatives.org/images/stor...vc_report21.pdf Link do komentarza Udostępnij na innych stronach More sharing options...
