Skocz do zawartości


Zdjęcie

Logi - Czy kbupdate.dll jest bezpiecznym plikiem ?

Rozpoczęty przez proquest , 22 04 2010 19:48

  • Zamknięty Temat jest zamknięty
7 odpowiedzi w tym temacie

#1 proquest

proquest

    Początkujący

  • 52 postów

Napisano 22 04 2010 - 19:48

Witam, co to jest kbupdate.dll, widziałem to w logu Hjackthis , przy skanowaniu na stronie hjackthis.de pokazało, że nieznane i znajduje się to w Windows/System32. Trojan? Keeylogerr czy co? pozdrawiam.

Dokładnie pisało tak:
O20 - Winlogon Notify: kbupdate - C:\WINDOWS\SYSTEM32\kbupdate.dll

Proszę o pomoc, boję się że znów złapałem keylogera, kiedyś już miałem i poniosłem spore straty, a teraz boje się gdzie kolwiek logować, aby nie stracić. Dam jeszcze log z OTL:
OTL logfile created on: 2010-04-22 19:19:09 - Run 2OTL by OldTimer - Version 3.2.2.0     Folder = C:\Documents and Settings\Raaf\PulpitWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 21,49 Gb Total Space | 10,05 Gb Free Space | 46,75% Space Free | Partition Type: NTFSDrive D: | 58,59 Gb Total Space | 4,78 Gb Free Space | 8,15% Space Free | Partition Type: NTFSDrive E: | 152,79 Gb Total Space | 3,85 Gb Free Space | 2,52% Space Free | Partition Type: NTFSF: Drive not present or media not loadedDrive G: | 7,89 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDFH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: Z-5FAD1ACBAA5C4Current User Name: RaafLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-04-22 19:18:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exePRC - [2010-04-14 14:47:38 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exePRC - [2010-04-02 23:07:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010-01-29 22:28:11 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exePRC - [2010-01-28 13:37:02 | 002,366,416 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Toolbar\CToolbar.exePRC - [2010-01-20 14:05:04 | 012,067,432 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exePRC - [2009-07-01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exePRC - [2009-01-30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exePRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe  ========== Modules (SafeList) ========== MOD - [2010-04-22 19:18:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exeMOD - [2004-08-04 00:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll  ========== Win32 Services (SafeList) ========== SRV - [2010-04-14 14:47:38 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)SRV - [2010-03-24 22:48:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)  ========== Driver Services (SafeList) ========== DRV - [2010-03-26 15:59:10 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)DRV - [2010-03-26 15:59:10 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)DRV - [2010-01-29 22:28:09 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)DRV - [2010-01-29 22:06:59 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)DRV - [2010-01-12 12:03:34 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)DRV - [2009-02-17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)DRV - [2006-11-27 17:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)DRV - [2006-11-27 17:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)DRV - [2006-10-18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)DRV - [2006-07-05 14:50:52 | 000,683,791 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)DRV - [2005-01-07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004-08-03 22:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)DRV - [2004-03-12 23:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)DRV - [2004-03-12 23:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)DRV - [2003-08-12 13:51:00 | 000,060,255 | R--- | M] (STMicroelectronics              ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15161&l=disIE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com"FF - prefs.js..browser.search.defaultenginename: "Winamp Search"FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="FF - prefs.js..browser.search.order.1: "Ask.com"FF - prefs.js..browser.search.selectedEngine: "Allegro"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "google.pl"FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100314FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010-01-29 22:28:37 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-02 23:07:51 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-02 23:07:51 | 000,000,000 | ---D | M] [2010-01-29 22:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Extensions[2010-04-21 19:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions[2010-04-11 00:18:01 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}[2010-04-04 14:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\nasanightlaunch@example.com[2010-03-20 21:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\toolbar@ask.com[2010-03-20 21:11:52 | 000,002,426 | ---- | M] () -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\searchplugins\askcom.xml[2010-04-11 00:24:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\searchplugins\winamp-search.xml[2010-01-29 22:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2007-07-26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 15:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O3 - HKLM\..\Toolbar: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O3 - HKCU\..\Toolbar\WebBrowser: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics              )O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)O4 - HKCU..\Run: [Steam] D:\Gry\Steam\Steam.exe (Valve Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010-01-29 21:50:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2008-07-23 23:55:50 | 000,000,141 | R--- | M] () - G:\autorun.inf -- [ UDF ]O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-04-22 19:18:45 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe[2010-04-22 18:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\scripts[2010-04-22 15:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\BioWare[2010-04-22 14:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare[2010-04-16 12:44:29 | 000,000,000 | ---D | C] -- C:\Python24[2010-04-11 00:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar[2010-04-11 00:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar[2010-04-11 00:17:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages[2010-04-11 00:16:22 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll[2010-04-11 00:16:22 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll[2010-04-11 00:16:22 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll[2010-04-11 00:16:22 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll[2010-04-11 00:16:22 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll[2010-04-11 00:16:22 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll[2010-04-11 00:16:22 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe[2010-04-11 00:16:22 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe[2010-04-11 00:16:22 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe[2010-04-11 00:16:22 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys[2010-04-11 00:16:22 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys[2010-04-11 00:16:21 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll[2010-04-11 00:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp[2010-04-11 00:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Winamp[2010-04-08 00:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity[2010-04-08 00:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files[2010-04-08 00:19:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\Moje wideo[2010-04-08 00:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Video mp3 Extractor[2010-04-04 20:18:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL[2010-04-04 20:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild[2010-04-04 20:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer[2010-04-04 20:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies[2010-04-04 20:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us[2010-04-04 20:17:46 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll[2010-04-04 20:17:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly[2010-04-04 20:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET[2010-04-04 20:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0[2010-04-04 19:51:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache[2010-04-04 19:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft[2010-04-04 19:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\THQ[2010-04-04 11:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound[2010-04-04 11:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software[2010-04-04 11:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound[2010-03-29 17:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP[2010-03-28 14:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Simon_Schwab_-_Gothic_to_Risen[2010-03-26 16:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\The Witcher[2010-03-26 16:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\The Witcher[2010-03-26 16:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\The Witcher[2010-03-26 16:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Damian Pasternak[2010-03-26 04:40:36 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll[2010-03-24 22:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour[2010-03-24 22:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared[2010-03-23 22:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Spolszczenie Final Fantasy 9[2010-03-08 17:07:54 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys[2010-03-08 17:07:54 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-04-22 19:18:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe[2010-04-22 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job[2010-04-22 14:29:54 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mass Effect.lnk[2010-04-22 14:07:27 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml[2010-04-22 14:07:26 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\crt.dat[2010-04-22 14:07:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-04-22 14:07:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-04-22 14:06:42 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Raaf\NTUSER.DAT[2010-04-21 20:04:33 | 000,282,133 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\beton_pekniecie.jpg[2010-04-21 20:01:49 | 000,781,566 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\al-pacino-prostitute-1.jpg[2010-04-21 18:52:13 | 000,027,029 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\844630_swiss_grass.jpg[2010-04-20 21:01:07 | 000,162,010 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 1.jpg[2010-04-20 20:50:57 | 000,170,676 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\202.3.jpg[2010-04-20 20:00:30 | 000,016,224 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Steinberg_Hypersonic_v.2_VST_-_DELiRiUM___H2O.4067857.TPB.torrent[2010-04-20 16:50:50 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Zakon joannitów..doc[2010-04-20 16:10:56 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Zakon Joannitów - foliogram..doc[2010-04-18 20:52:45 | 000,482,505 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 3.psd[2010-04-18 20:52:28 | 000,092,118 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 3 kopia.png[2010-04-15 18:44:18 | 000,001,736 | ---- | M] () -- C:\WINDOWS\System32\kboem32.dat[2010-04-11 00:17:57 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx[2010-04-08 19:31:56 | 000,042,168 | ---- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2010-04-08 00:27:45 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-04-07 19:34:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job[2010-04-06 22:45:16 | 000,074,417 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\46772307_640.jpg[2010-04-05 09:27:25 | 001,482,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010-04-04 20:18:19 | 001,092,544 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-04-04 20:18:19 | 000,494,368 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-04-04 20:18:19 | 000,435,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-04-04 20:18:19 | 000,085,464 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-04-04 20:18:19 | 000,068,540 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-04-04 20:16:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010-04-04 19:36:52 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib[2010-04-04 11:08:29 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\expressburnSevenDaysInit.job[2010-04-04 00:08:05 | 000,025,912 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\eb7ae69f75.jpeg[2010-04-03 19:21:59 | 000,363,717 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\eflcpc2.jpg[2010-04-03 19:21:50 | 000,378,639 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\eflcpc1.jpg[2010-04-01 23:51:10 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\drivers\nd.sys[2010-04-01 23:51:02 | 000,197,120 | ---- | M] () -- C:\WINDOWS\System32\crt4.dll[2010-04-01 23:51:02 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\kbsnd32.dll[2010-04-01 23:51:02 | 000,111,104 | ---- | M] () -- C:\WINDOWS\System32\kbddta.dll[2010-04-01 23:51:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\kbdatat4.dll[2010-04-01 23:51:02 | 000,046,592 | ---- | M] () -- C:\WINDOWS\System32\kbupdate.dll[2010-03-30 12:55:43 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Systemy liczbowe - zamiana..xls[2010-03-28 17:32:49 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\WAGARY.doc[2010-03-28 10:20:56 | 000,023,211 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\item.JPG[2010-03-26 15:59:10 | 000,278,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys[2010-03-26 15:59:10 | 000,025,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys[2010-03-26 04:40:36 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll[2010-03-25 16:52:22 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Raaf\ntuser.ini[2010-03-25 10:51:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-04-22 14:29:54 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mass Effect.lnk[2010-04-21 20:04:32 | 000,282,133 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\beton_pekniecie.jpg[2010-04-21 20:01:49 | 000,781,566 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\al-pacino-prostitute-1.jpg[2010-04-21 18:52:13 | 000,027,029 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\844630_swiss_grass.jpg[2010-04-20 21:01:03 | 000,162,010 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 1.jpg[2010-04-20 20:50:57 | 000,170,676 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\202.3.jpg[2010-04-20 20:00:30 | 000,016,224 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Steinberg_Hypersonic_v.2_VST_-_DELiRiUM___H2O.4067857.TPB.torrent[2010-04-20 16:18:56 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Zakon joannitów..doc[2010-04-20 16:05:39 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Zakon Joannitów - foliogram..doc[2010-04-18 20:52:26 | 000,092,118 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 3 kopia.png[2010-04-18 20:29:28 | 000,482,505 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 3.psd[2010-04-06 22:45:16 | 000,074,417 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\46772307_640.jpg[2010-04-04 20:18:17 | 000,207,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat[2010-04-04 19:36:52 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib[2010-04-04 19:34:25 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job[2010-04-04 11:08:29 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\expressburnSevenDaysInit.job[2010-04-04 00:08:05 | 000,025,912 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\eb7ae69f75.jpeg[2010-04-03 19:21:58 | 000,363,717 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\eflcpc2.jpg[2010-04-03 19:21:49 | 000,378,639 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\eflcpc1.jpg[2010-04-01 23:51:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\nd.sys[2010-04-01 23:51:03 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\crt.dat[2010-04-01 23:51:02 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\crt4.dll[2010-04-01 23:51:02 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\kbsnd32.dll[2010-04-01 23:51:02 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\kbddta.dll[2010-04-01 23:51:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\kbdatat4.dll[2010-04-01 23:51:02 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\kbupdate.dll[2010-04-01 23:51:02 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\kboem32.dat[2010-03-30 12:55:43 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Systemy liczbowe - zamiana..xls[2010-03-28 11:31:47 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\WAGARY.doc[2010-03-28 10:20:56 | 000,023,211 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\item.JPG[2010-03-26 15:59:10 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys[2010-03-26 15:59:10 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys[2010-03-08 21:16:09 | 000,683,791 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys[2010-03-08 21:16:09 | 000,000,915 | R--- | C] () -- C:\WINDOWS\System32\setup.ini[2010-03-08 21:16:09 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini[2010-03-08 19:55:03 | 000,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI[2010-02-28 14:21:59 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2010-02-02 18:41:53 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2010-02-02 18:41:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2010-02-02 18:41:52 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010-02-02 18:41:52 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2010-02-02 18:41:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2010-02-02 18:41:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2010-02-02 18:41:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2010-01-29 22:28:09 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys[2004-08-04 00:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2004-08-03 22:59:44 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys[2004-07-17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys[2004-03-15 20:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\WINDOWS:9065B470F15EA765@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF


Użytkownik Katarina edytował ten post 24 04 2010 - 19:28

  • 0

#2 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 22 04 2010 - 20:27

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:9065B470F15EA765
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
[2010-03-20 21:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\toolbar@ask.com
[2010-03-20 21:11:52 | 000,002,426 | ---- | M] () -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\searchplugins\askcom.xml
[2010-04-22 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-04-15 18:44:18 | 000,001,736 | ---- | M] () -- C:\WINDOWS\System32\kboem32.dat
[2010-04-01 23:51:10 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\drivers\nd.sys
[2010-04-01 23:51:02 | 000,197,120 | ---- | M] () -- C:\WINDOWS\System32\crt4.dll
[2010-04-01 23:51:02 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\kbsnd32.dll
[2010-04-01 23:51:02 | 000,111,104 | ---- | M] () -- C:\WINDOWS\System32\kbddta.dll
[2010-04-01 23:51:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\kbdatat4.dll
[2010-04-01 23:51:02 | 000,046,592 | ---- | M] () -- C:\WINDOWS\System32\kbupdate.dll
[2010-04-01 23:51:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\nd.sys
[2010-04-01 23:51:03 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2010-04-01 23:51:02 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\crt4.dll
[2010-04-01 23:51:02 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\kbsnd32.dll
[2010-04-01 23:51:02 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\kbddta.dll
[2010-04-01 23:51:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\kbdatat4.dll
[2010-04-01 23:51:02 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\kbupdate.dll
[2010-04-01 23:51:02 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\kboem32.dat

:Commands
[emptytemp]
[resethosts]
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".
Pokaż nowy log OTL.txt oraz raport z usuwania.
.

  • 0

#3 proquest

proquest

    Początkujący

  • 52 postów

Napisano 22 04 2010 - 20:43

Nowy log:
OTL logfile created on: 2010-04-22 20:41:00 - Run 3OTL by OldTimer - Version 3.2.2.0     Folder = C:\Documents and Settings\Raaf\PulpitWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 21,49 Gb Total Space | 10,38 Gb Free Space | 48,32% Space Free | Partition Type: NTFSDrive D: | 58,59 Gb Total Space | 4,78 Gb Free Space | 8,15% Space Free | Partition Type: NTFSDrive E: | 152,79 Gb Total Space | 3,85 Gb Free Space | 2,52% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: Z-5FAD1ACBAA5C4Current User Name: RaafLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-04-22 19:18:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exePRC - [2010-04-14 14:47:38 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exePRC - [2010-04-04 19:11:09 | 001,217,872 | ---- | M] (Valve Corporation) -- D:\Gry\Steam\steam.exePRC - [2010-04-02 23:07:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010-01-29 22:28:11 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exePRC - [2010-01-28 13:37:02 | 002,366,416 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Toolbar\CToolbar.exePRC - [2009-07-01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exePRC - [2009-01-30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exePRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2004-03-12 23:43:18 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe  ========== Modules (SafeList) ========== MOD - [2010-04-22 19:18:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exeMOD - [2004-08-04 00:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll  ========== Win32 Services (SafeList) ========== SRV - [2010-04-14 14:47:38 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)SRV - [2010-03-24 22:48:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)  ========== Driver Services (SafeList) ========== DRV - [2010-03-26 15:59:10 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)DRV - [2010-03-26 15:59:10 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)DRV - [2010-01-29 22:28:09 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)DRV - [2010-01-29 22:06:59 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)DRV - [2010-01-12 12:03:34 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)DRV - [2009-02-17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)DRV - [2006-11-27 17:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)DRV - [2006-11-27 17:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)DRV - [2006-10-18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)DRV - [2006-07-05 14:50:52 | 000,683,791 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)DRV - [2005-01-07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004-08-03 22:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)DRV - [2004-03-12 23:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)DRV - [2004-03-12 23:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)DRV - [2003-08-12 13:51:00 | 000,060,255 | R--- | M] (STMicroelectronics              ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15161&l=disIE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: ""FF - prefs.js..browser.search.defaultenginename: "Winamp Search"FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="FF - prefs.js..browser.search.order.1: ""FF - prefs.js..browser.search.selectedEngine: "Allegro"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "google.pl"FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100314 FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010-01-29 22:28:37 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-02 23:07:51 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-02 23:07:51 | 000,000,000 | ---D | M] [2010-01-29 22:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Extensions[2010-04-22 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions[2010-04-11 00:18:01 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}[2010-04-04 14:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\nasanightlaunch@example.com[2010-04-11 00:24:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\searchplugins\winamp-search.xml[2010-01-29 22:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2007-07-26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-04-22 20:38:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HostsO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: ::1       localhostO2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O3 - HKLM\..\Toolbar: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O3 - HKCU\..\Toolbar\WebBrowser: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics              )O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)O4 - HKCU..\Run: [Steam] D:\Gry\Steam\Steam.exe (Valve Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll -  File not foundO24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010-01-29 21:50:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-04-22 20:37:51 | 000,000,000 | ---D | C] -- C:\_OTL[2010-04-22 19:18:45 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe[2010-04-22 18:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\scripts[2010-04-22 15:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\BioWare[2010-04-22 14:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare[2010-04-16 12:44:29 | 000,000,000 | ---D | C] -- C:\Python24[2010-04-11 00:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar[2010-04-11 00:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar[2010-04-11 00:17:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages[2010-04-11 00:16:22 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll[2010-04-11 00:16:22 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll[2010-04-11 00:16:22 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll[2010-04-11 00:16:22 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll[2010-04-11 00:16:22 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll[2010-04-11 00:16:22 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll[2010-04-11 00:16:22 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe[2010-04-11 00:16:22 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe[2010-04-11 00:16:22 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe[2010-04-11 00:16:22 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys[2010-04-11 00:16:22 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys[2010-04-11 00:16:21 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll[2010-04-11 00:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp[2010-04-11 00:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Winamp[2010-04-08 00:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity[2010-04-08 00:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files[2010-04-08 00:19:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\Moje wideo[2010-04-08 00:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Video mp3 Extractor[2010-04-04 20:18:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL[2010-04-04 20:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild[2010-04-04 20:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer[2010-04-04 20:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies[2010-04-04 20:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us[2010-04-04 20:17:46 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll[2010-04-04 20:17:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly[2010-04-04 20:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET[2010-04-04 20:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0[2010-04-04 19:51:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache[2010-04-04 19:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft[2010-04-04 19:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\THQ[2010-04-04 11:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound[2010-04-04 11:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software[2010-04-04 11:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound[2010-03-29 17:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP[2010-03-28 14:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Simon_Schwab_-_Gothic_to_Risen[2010-03-26 16:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\The Witcher[2010-03-26 16:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\The Witcher[2010-03-26 16:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\The Witcher[2010-03-26 16:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Damian Pasternak[2010-03-26 04:40:36 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll[2010-03-24 22:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour[2010-03-24 22:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared[2010-03-23 22:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Spolszczenie Final Fantasy 9[2010-03-08 17:07:54 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys[2010-03-08 17:07:54 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys ========== Files - Modified Within 30 Days ========== [2010-04-22 20:39:39 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml[2010-04-22 20:39:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-04-22 20:39:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-04-22 20:38:16 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Raaf\NTUSER.DAT[2010-04-22 20:38:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts[2010-04-22 19:18:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe[2010-04-22 14:29:54 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mass Effect.lnk[2010-04-21 20:04:33 | 000,282,133 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\beton_pekniecie.jpg[2010-04-21 20:01:49 | 000,781,566 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\al-pacino-prostitute-1.jpg[2010-04-21 18:52:13 | 000,027,029 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\844630_swiss_grass.jpg[2010-04-20 21:01:07 | 000,162,010 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 1.jpg[2010-04-20 20:50:57 | 000,170,676 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\202.3.jpg[2010-04-20 20:00:30 | 000,016,224 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Steinberg_Hypersonic_v.2_VST_-_DELiRiUM___H2O.4067857.TPB.torrent[2010-04-20 16:50:50 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Zakon joannitów..doc[2010-04-20 16:10:56 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Zakon Joannitów - foliogram..doc[2010-04-18 20:52:45 | 000,482,505 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 3.psd[2010-04-18 20:52:28 | 000,092,118 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 3 kopia.png[2010-04-11 00:17:57 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx[2010-04-08 19:31:56 | 000,042,168 | ---- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2010-04-08 00:27:45 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-04-07 19:34:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job[2010-04-06 22:45:16 | 000,074,417 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\46772307_640.jpg[2010-04-05 09:27:25 | 001,482,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010-04-04 20:18:19 | 001,092,544 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-04-04 20:18:19 | 000,494,368 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-04-04 20:18:19 | 000,435,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-04-04 20:18:19 | 000,085,464 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-04-04 20:18:19 | 000,068,540 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-04-04 20:16:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010-04-04 19:36:52 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib[2010-04-04 11:08:29 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\expressburnSevenDaysInit.job[2010-04-04 00:08:05 | 000,025,912 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\eb7ae69f75.jpeg[2010-04-03 19:21:59 | 000,363,717 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\eflcpc2.jpg[2010-04-03 19:21:50 | 000,378,639 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\eflcpc1.jpg[2010-03-30 12:55:43 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Systemy liczbowe - zamiana..xls[2010-03-28 17:32:49 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\WAGARY.doc[2010-03-28 10:20:56 | 000,023,211 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\item.JPG[2010-03-26 15:59:10 | 000,278,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys[2010-03-26 15:59:10 | 000,025,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys[2010-03-26 04:40:36 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll[2010-03-25 16:52:22 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Raaf\ntuser.ini[2010-03-25 10:51:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl ========== Files Created - No Company Name ========== [2010-04-22 14:29:54 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mass Effect.lnk[2010-04-21 20:04:32 | 000,282,133 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\beton_pekniecie.jpg[2010-04-21 20:01:49 | 000,781,566 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\al-pacino-prostitute-1.jpg[2010-04-21 18:52:13 | 000,027,029 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\844630_swiss_grass.jpg[2010-04-20 21:01:03 | 000,162,010 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 1.jpg[2010-04-20 20:50:57 | 000,170,676 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\202.3.jpg[2010-04-20 20:00:30 | 000,016,224 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Steinberg_Hypersonic_v.2_VST_-_DELiRiUM___H2O.4067857.TPB.torrent[2010-04-20 16:18:56 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Zakon joannitów..doc[2010-04-20 16:05:39 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Zakon Joannitów - foliogram..doc[2010-04-18 20:52:26 | 000,092,118 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 3 kopia.png[2010-04-18 20:29:28 | 000,482,505 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 3.psd[2010-04-06 22:45:16 | 000,074,417 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\46772307_640.jpg[2010-04-04 20:18:17 | 000,207,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat[2010-04-04 19:36:52 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib[2010-04-04 19:34:25 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job[2010-04-04 11:08:29 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\expressburnSevenDaysInit.job[2010-04-04 00:08:05 | 000,025,912 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\eb7ae69f75.jpeg[2010-04-03 19:21:58 | 000,363,717 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\eflcpc2.jpg[2010-04-03 19:21:49 | 000,378,639 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\eflcpc1.jpg[2010-03-30 12:55:43 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Systemy liczbowe - zamiana..xls[2010-03-28 11:31:47 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\WAGARY.doc[2010-03-28 10:20:56 | 000,023,211 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\item.JPG[2010-03-26 15:59:10 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys[2010-03-26 15:59:10 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys[2010-03-08 21:16:09 | 000,683,791 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys[2010-03-08 21:16:09 | 000,000,915 | R--- | C] () -- C:\WINDOWS\System32\setup.ini[2010-03-08 21:16:09 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini[2010-03-08 19:55:03 | 000,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI[2010-02-28 14:21:59 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2010-02-02 18:41:53 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2010-02-02 18:41:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2010-02-02 18:41:52 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010-02-02 18:41:52 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2010-02-02 18:41:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2010-02-02 18:41:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2010-02-02 18:41:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2010-01-29 22:28:09 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys[2004-08-04 00:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2004-08-03 22:59:44 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys[2004-07-17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys[2004-03-15 20:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF< End of report >

A ten raport niechcący zamknąłem ;/ sorry.

A czy to jakiś keyloger? Czy jakiś zwykły syf?

Użytkownik Katarina edytował ten post 24 04 2010 - 19:29
proponuję codebox

  • 0

#4 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 22 04 2010 - 20:52

Nic mi nie wiadomo, by był tu jakiś Keylogger - to były Trojany/ Backdory, czyli takie Trojany, które miały za zadanie ułatwić wejście innym szkodnikom na komputer.

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15161&l=dis

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbupdate]

:Commands
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.
Logu już nie musisz pokazywać.
Ale chyba przydałoby się przeskanować komputer przy pomocy >MBAM
Jeśli coś wykryje, to pokażesz tu jego raport.
.
  • 0

#5 proquest

proquest

    Początkujący

  • 52 postów

Napisano 22 04 2010 - 21:04

Log z Malbera:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Wersja bazy: 4023

Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

2010-04-22 21:02:26
mbam-log-2010-04-22 (21-02-26).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 102889
Upłynęło: 2 minut(y), 22 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 1
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 1
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbupdate (Trojan.Agent) -> No action taken.

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
(Nie znaleziono zagrożeń)

Już to usunąłem.
  • 0

#6 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 22 04 2010 - 21:20

Już to usunąłem.


To dobrzez zrobiłeś.
Powinno już być OK.

.

Użytkownik ordynat edytował ten post 22 04 2010 - 21:20

  • 0

#7 proquest

proquest

    Początkujący

  • 52 postów

Napisano 22 04 2010 - 21:41

Zrobiłem jeszcze pełne skanowanie:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Wersja bazy: 4023

Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

2010-04-22 21:42:01
mbam-log-2010-04-22 (21-42-01).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Przeskanowano obiektów: 223147
Upłynęło: 28 minut(y), 46 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 8

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
C:\Program Files\Common Files\eBay\eBayLauncher.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files\ElfBot NG\loader.exe (PWS.Tibia) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04222010_203751\C_WINDOWS\system32\crt4.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04222010_203751\C_WINDOWS\system32\kbdatat4.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04222010_203751\C_WINDOWS\system32\kbddta.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04222010_203751\C_WINDOWS\system32\kbsnd32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04222010_203751\C_WINDOWS\system32\kbupdate.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\04222010_203751\C_WINDOWS\system32\drivers\nd.sys (Trojan.Ndiswrap) -> Quarantined and deleted successfully.
I znowu.
  • 0

#8 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 22 04 2010 - 21:46

To, co zostało wykryte w C:\_OTL, to tylko pliki usunięte przez OTL, bo to jego Kwarantanna.

W OTL kliknij na przycisk "CleanUp" - to go usunie razem z jego Kwarantanną.


C:\Program Files\Common Files\eBay\eBayLauncher.exe

To tylko Adware, czyli Reklama, którą sam sobie zainstalowałeś, przy instalacji programu VDownloader, bo zgodziłeś się by zostało wszystko zainstalowane, w tym także ta niepotrzebna Reklama.

Podejrzewam, że z C:\Program Files\ElfBot NG\loader.exe było dość podobnie, choć nie pamiętam, do którego programu to jest dołączone.

Ale dobrze, że MBAM to usunął.
.
.

Użytkownik ordynat edytował ten post 22 04 2010 - 21:52

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·