Włamanie na kompa daje logi

**Posty:** 6 · przez **Masterslp** 28 Lut 2011, 01:49

Mój system to win 2003 serwer - systam stoi na dysku usb
Witam problem jest taki ktoś mi się na komputer włamuje .
Stworzył konto supprot.. zassał film i zaczął go udostepniać w sieci (nie wiem po co ?)
Usunąłem mu to konto po chwili powstało nowe więc usunołęm kolejne i zmieniłem hasło admina ale dalej wchodzi.
Pewnie ma to jakiś związek z tym =remote packet capture protocol = jak ktoś zna tą usługę prosze o informacje w jaki sposób z niej się korzysta.

Nie chcę sie tylko pozbyć intruza lecz chce wiedzieć jak on to robi by w przyszłości zapobiec takim sytuacją.

Jak już stworzy nowego użytkownika to przez zdalny pulpit się łączy tylko wlasnie pytanie jak on tworzy te konta u mnie ???.

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:48:02, on 2011-02-28 Platform: Windows 2003 Dodatek SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\xampp\apache\bin\httpd.exe D:\WINDOWS\System32\svchost.exe D:\xampp\FileZillaFTP\FileZilla Server.exe D:\WINDOWS\system32\inetsrv\inetinfo.exe D:\xampp\mysql\bin\mysqld.exe D:\xampp\apache\bin\httpd.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE D:\WINDOWS\system32\taskmgr.exe D:\WINDOWS\RTHDCPL.EXE D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe D:\xampp\FileZillaFTP\FileZilla Server Interface.exe D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe D:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\DAEMON Tools Lite\DTLite.exe D:\WINDOWS\system32\oobechk.exe D:\WINDOWS\system32\mshta.exe D:\WINDOWS\system32\mmc.exe D:\WINDOWS\system32\mmc.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\rdpclip.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE D:\WINDOWS\RTHDCPL.EXE D:\xampp\FileZillaFTP\FileZilla Server Interface.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\DAEMON Tools Lite\DTLite.exe D:\WINDOWS\system32\taskmgr.exe D:\WINDOWS\system32\scrnsave.scr D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Mozilla Firefox\plugin-container.exe D:\WINDOWS\system32\mmc.exe D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe D:\WINDOWS\system32\mmc.exe D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: (te dane kasuje ;) ) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngine.dll O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AzMixerSel] D:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [snp2uvc] D:\WINDOWS\vsnp2uvc.exe O4 - HKLM\..\Run: [PLFSetL] D:\WINDOWS\PLFSetL.exe O4 - HKLM\..\Run: [FileZilla Server Interface] "D:\xampp\FileZillaFTP\FileZilla Server Interface.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AQQ] D:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij &do programu OneNote - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O15 - ESC Trusted Zone: http://ftp.ankara.edu.tr O15 - ESC Trusted Zone: http://mozilla.mirror.atratoip.net O15 - ESC Trusted Zone: http://www.intel.com O15 - ESC Trusted Zone: *.intel.pl O15 - ESC Trusted Zone: http://mirrors.isu.net.sa O15 - ESC Trusted Zone: http://ftp.jaist.ac.jp O15 - ESC Trusted Zone: http://www.mirrorservice.org O15 - ESC Trusted Zone: http://runonce.msn.com O15 - ESC Trusted Zone: http://tutankhamon.acc.umu.se O15 - ESC Trusted Zone: http://*.windowsupdate.com O15 - ESC Trusted Zone: http://mirrors.xmission.com O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267641532296 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{18281C98-0A1F-4360-B416-F70FC80780DC}: NameServer = 192.168.0.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{A164EAD6-9AB6-4EC7-ACA3-34AE1424933A}: NameServer = 192.168.0.100 O17 - HKLM\System\CS1\Services\Tcpip\..\{18281C98-0A1F-4360-B416-F70FC80780DC}: NameServer = 192.168.0.100 O17 - HKLM\System\CS2\Services\Tcpip\..\{18281C98-0A1F-4360-B416-F70FC80780DC}: NameServer = 192.168.0.100 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\httpd.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\xampp\FileZillaFTP\FileZilla Server.exe O23 - Service: MySQL - MySQL AB - D:\xampp\mysql\bin\mysqld.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Program Files\WinPcap\rpcapd.exe O23 - Service: XAMPP Service (XAMPP) - Unknown owner - D:\xampp\service.exe -- End of file - 10328 bytes

AAA i prosiłbym o informacje jeśli ktoś dopatrzy się czegoś typu Remote Packet Capture Protocol v.0 (experimental) (rpcapd) by poza informacją jak to usunąć napisał również do czego np dany proces służy .

Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - szukam na googlu informacji o tej usłudze ale wszedzie pisze jak to wywalić a mnie bardziej interesuje jak to się u mnie znalazło , jak ktoś z tego korzysta, jakie możliwości mu daje ta usługa .... itp..

A właśnie komp który mnie odwiedza nazywa sie yuki - może ktoś miał do czynienia z tym Panem ;>

Otwarte porty

TCP port 21 open
Warning! TCP port 25 open
Warning! TCP port 80 open
Warning! TCP port 110 open
Warning! TCP port 135 open
Warning! TCP port 443 open
Warning! TCP port 445 open
Warning! TCP port 1025 open
Warning! TCP port 1026 open
Warning! TCP port 1027 open
Warning! TCP port 1028 open
Warning! TCP port 1029 open
Warning! TCP port 3306 open
Warning! TCP port 3389 open

Czy któryś z nich może świadczyć o zdalnym dostępie do komputera 3389 z tego co pamietam to zdalny pulpit (musi być)
Oczywiście nie ide na łatwiznę wszystko sprawdzam na googlu ale jeszcze masa lektury przede mną więc pisze tu wszystko bo na pewno ktoś potrafi zaoszczędzić masę czasu

GMER

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-28 22:49:33 Windows 5.2.3790 Dodatek Service Pack 2 Harddisk1\DR1 -> \Device\00000072 FUJITSU_ rev.0050 Running: 0f4gvc5t.exe; Driver: D:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\1\uwtyipog.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x6D 0x92 0xED ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability@LastAliveUptime 446 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1 ---- EOF - GMER 1.0.15 ----

Ostatnio najczęściej do tych włamań dochodzi z Ip 80.50.54.254

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2011-02-28 23:23:04 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = D:\Documents and Settings\Administrator\Pulpit Windows Server 2003 Enterprise Edition Dodatek Service Pack 2 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): c:\pagefile.sys 60 500f:\pagefile.sys 200 600 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 137,48 Gb Total Space | 69,64 Gb Free Space | 50,65% Space Free | Partition Type: NTFS Drive D: | 48,82 Gb Total Space | 25,14 Gb Free Space | 51,49% Space Free | Partition Type: NTFS Drive F: | 26,60 Gb Total Space | 0,10 Gb Free Space | 0,39% Space Free | Partition Type: NTFS Drive G: | 29,29 Gb Total Space | 23,22 Gb Free Space | 79,30% Space Free | Partition Type: NTFS Computer Name: TURBOACER | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-28 23:21:51 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Pulpit\OTL.exe PRC - [2011-02-28 21:34:08 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\1\RtkBtMnt.exe PRC - [2011-01-07 23:46:06 | 000,271,408 | ---- | M] () -- D:\Program Files\Hotspot Shield\bin\openvpnas.exe PRC - [2011-01-05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2010-12-15 10:43:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-10-15 19:42:14 | 000,326,704 | ---- | M] () -- D:\Program Files\Hotspot Shield\bin\hsswd.exe PRC - [2009-12-20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- D:\xampp\mysql\bin\mysqld.exe PRC - [2009-12-20 00:00:00 | 001,234,576 | ---- | M] (FileZilla Project) -- D:\xampp\FileZillaFTP\FileZilla Server Interface.exe PRC - [2009-12-20 00:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- D:\xampp\FileZillaFTP\FileZilla Server.exe PRC - [2009-12-20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- D:\xampp\apache\bin\httpd.exe PRC - [2009-12-09 09:48:44 | 000,821,768 | ---- | M] (Dritek System Inc.) -- D:\Program Files\Launch Manager\QtZgAcer.EXE PRC - [2007-02-17 10:07:16 | 001,054,720 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe PRC - [2007-02-17 09:53:50 | 000,069,632 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\rdpclip.exe PRC - [2007-02-17 09:53:06 | 000,037,888 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\pop3server\POP3Svc.exe PRC - [2007-02-17 09:02:04 | 000,014,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\inetsrv\inetinfo.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-28 23:21:51 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Pulpit\OTL.exe MOD - [2010-09-07 13:13:32 | 001,051,648 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll MOD - [2007-02-17 09:08:10 | 000,056,320 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\winsta.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (XAMPP) SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011-01-07 23:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2011-01-07 23:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- D:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - [2011-01-05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2010-10-15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- D:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2010-06-25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- D:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010-05-02 22:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- D:\Program Files\wLite\wService.exe -- (wxpSvc) SRV - [2010-03-25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009-12-20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- D:\xampp\mysql\bin\mysqld.exe -- (MySQL) SRV - [2009-12-20 00:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- D:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server) SRV - [2009-12-20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2007-02-18 01:24:50 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\llssrv.exe -- (LicenseService) SRV - [2007-02-17 09:54:18 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\rsopprov.exe -- (RSoPProv) SRV - [2007-02-17 09:53:06 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\pop3server\POP3Svc.exe -- (Pop3Svc) SRV - [2007-02-17 09:51:24 | 000,792,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\ntfrs.exe -- (NtFrs) SRV - [2007-02-17 09:47:14 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\tssdis.exe -- (Tssdis) SRV - [2007-02-17 09:02:10 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\ismserv.exe -- (IsmServ) SRV - [2007-02-17 09:02:04 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Protokół SMTP (Simple Mail Transfer Protocol) SRV - [2007-02-17 09:02:04 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2007-02-17 09:00:54 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\dfssvc.exe -- (Dfs) SRV - [2003-12-05 17:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\trksvr.dll -- (TrkSvr) SRV - [2003-12-05 17:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\sacsvr.dll -- (sacsvr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-09-22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv) DRV - [2010-09-22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\taphss.sys -- (taphss) DRV - [2010-06-25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2009-12-18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009-12-03 13:21:28 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-12-03 13:01:43 | 000,108,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-05-20 17:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2007-10-01 14:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007-02-17 09:49:16 | 000,179,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS) DRV - [2007-02-17 09:03:44 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2007-02-17 09:00:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver) DRV - [2007-02-17 09:00:28 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- D:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2726969911-3005677987-1162752049-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm IE - HKU\S-1-5-21-2726969911-3005677987-1162752049-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h IE - HKU\S-1-5-21-2726969911-3005677987-1162752049-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5 FF - prefs.js..extensions.enabledItems: {b66bc4c3-8888-4a10-8c59-01daa9063051}:0.78c.34 (SA Build) FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-12-15 10:43:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011-02-23 00:00:28 | 000,000,000 | ---D | M] [2010-03-04 17:05:48 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2011-02-28 23:20:59 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2du4lss9.default\extensions [2011-02-23 00:32:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2du4lss9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-03-06 00:27:21 | 000,000,000 | ---D | M] ("FoxGame (SA Build)") -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2du4lss9.default\extensions\{b66bc4c3-8888-4a10-8c59-01daa9063051} [2011-02-05 15:59:18 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2du4lss9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011-02-05 15:59:21 | 000,000,000 | ---D | M] ("Xmarks") -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\2du4lss9.default\extensions\foxmarks@kei.com [2011-02-28 01:16:34 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\xqnaljvn.dodatkowy\extensions [2011-02-28 01:16:34 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\xqnaljvn.dodatkowy\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-28 01:16:34 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\xqnaljvn.dodatkowy\extensions\staged-xpis [2011-02-28 14:15:57 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions [2010-08-09 09:11:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- D:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-02-28 14:15:57 | 000,000,000 | ---D | M] (afurladvisor) -- D:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2010-11-15 22:38:06 | 000,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-11-15 22:38:06 | 000,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-11-15 22:38:06 | 000,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-21 20:56:38 | 000,001,847 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\privatesearch.xml [2010-11-15 22:38:06 | 000,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-11-15 22:38:06 | 000,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-11-15 22:38:06 | 000,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-07-01 09:08:02 | 000,000,777 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] D:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [FileZilla Server Interface] D:\xampp\FileZillaFTP\FileZilla Server Interface.exe (FileZilla Project) O4 - HKLM..\Run: [LManager] D:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [PLFSetL] D:\WINDOWS\PLFSetL.exe (sonix) O4 - HKLM..\Run: [Resume copy] D:\WINDOWS\COPYFSTQ.EXE () O4 - HKLM..\Run: [snp2uvc] File not found O4 - HKU\S-1-5-21-2726969911-3005677987-1162752049-500..\Run: [AQQ] D:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.) O4 - HKU\S-1-5-21-2726969911-3005677987-1162752049-500..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] D:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] D:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] D:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] D:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2726969911-3005677987-1162752049-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267641532296 (WUWebControl Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-12-09 09:32:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0af75872-c05f-11df-b29e-002268ac8951}\Shell\AutoRun\command - "" = H:\ba.exe O33 - MountPoints2\{0af75872-c05f-11df-b29e-002268ac8951}\Shell\open\Command - "" = H:\ba.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-28 23:21:51 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Pulpit\OTL.exe [2011-02-28 14:24:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\webcamXP 5 [2011-02-28 14:24:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\webcamXP 5 [2011-02-28 14:24:25 | 000,000,000 | ---D | C] -- D:\Program Files\wLite [2011-02-28 14:23:57 | 006,677,331 | ---- | C] (Moonware Studios) -- D:\Documents and Settings\Administrator\Pulpit\wlite550.exe [2011-02-28 14:15:59 | 000,000,000 | ---D | C] -- D:\Hotspot Shield [2011-02-28 14:15:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\Hotspot Shield [2011-02-28 14:15:54 | 000,000,000 | ---D | C] -- D:\Program Files\Hotspot Shield [2011-02-28 13:46:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\AirPcap [2011-02-28 13:45:57 | 000,000,000 | ---D | C] -- D:\Program Files\CACE Technologies [2011-02-28 13:44:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\WinPcap [2011-02-28 13:43:21 | 000,000,000 | ---D | C] -- D:\Program Files\WinPcap [2011-02-28 13:42:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\arcai.com [2011-02-28 13:42:29 | 000,000,000 | ---D | C] -- D:\Program Files\netcut [2011-02-28 10:41:40 | 000,000,000 | ---D | C] -- D:\Program Files\LPS [2011-02-28 10:41:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\Local Port Scanner [2011-02-27 21:04:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Pulpit\hello youki give me some contact to you ;) password too admin is 123 [2011-02-26 23:53:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\MoorHunt [2011-02-26 19:27:06 | 000,000,000 | ---D | C] -- D:\WINDOWS\pss [2011-02-26 19:25:42 | 000,000,000 | ---D | C] -- D:\Inetpub [2011-02-26 13:23:37 | 000,000,000 | ---D | C] -- D:\hmmm [2011-02-24 10:20:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Menu Start\Programy\FileZilla Server [2011-02-24 09:56:40 | 000,561,837 | ---- | C] (Indigo Rose Corporation http://www.indigorose.com) -- D:\Documents and Settings\Administrator\Pulpit\totalcopy12xp_setup_[www.programosy.pl].exe [2011-02-24 09:44:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Menu Start\Programy\Apache Friends [2011-02-24 09:41:26 | 000,000,000 | ---D | C] -- D:\xampp2 [2011-02-23 17:56:56 | 000,000,000 | ---D | C] -- D:\Program Files\ESET [2011-02-23 17:31:54 | 000,000,000 | ---D | C] -- D:\xampp [2011-02-23 17:03:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller [2011-02-23 12:34:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2011-02-23 12:34:06 | 000,000,000 | ---D | C] -- D:\Program Files\Odkurzacz [2011-02-23 12:26:56 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro [2011-02-23 12:26:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Menu Start\Programy\HiJackThis [2011-02-23 11:20:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\Spybot - Search & Destroy [2011-02-23 11:19:55 | 000,000,000 | ---D | C] -- D:\Program Files\Spybot - Search & Destroy [2011-02-23 11:19:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2011-02-23 10:58:46 | 000,000,000 | ---D | C] -- D:\Program Files\SkanerOnline [2011-02-23 10:56:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files [2011-02-23 02:30:37 | 000,000,000 | ---D | C] -- D:\Program Files\Conduit [2011-02-23 02:27:11 | 000,000,000 | ---D | C] -- D:\Program Files\ConduitEngine [2011-02-23 02:26:44 | 000,000,000 | ---D | C] -- D:\Program Files\uTorrentBar [2011-02-23 00:56:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\RAR Password Recovery Magic [2011-02-23 00:56:42 | 000,000,000 | ---D | C] -- D:\Program Files\RAR Password Recovery Magic [2011-02-16 16:31:36 | 000,000,000 | ---D | C] -- D:\Program Files\FERRO Software [2011-02-16 16:31:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Menu Start\Programy\FERRO Software [2011-02-16 16:31:31 | 000,796,672 | ---- | C] (Qsc) -- D:\WINDOWS\GPInstall.exe [2011-02-16 16:31:00 | 001,124,658 | ---- | C] (Qsc) -- D:\Documents and Settings\Administrator\Pulpit\FerroInst.exe [2011-02-16 15:12:51 | 000,000,000 | ---D | C] -- D:\Program Files\SecureCam [2011-02-16 15:12:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\SecureCam [2011-02-16 15:11:56 | 000,000,000 | ---D | C] -- D:\Program Files\CameraWindow [2011-02-16 15:11:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\CameraWindow [2011-02-16 15:07:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\Webcamspy [2011-02-16 15:07:39 | 000,000,000 | ---D | C] -- D:\Program Files\Webcamspy [2011-02-14 03:05:51 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\XPSViewer [2011-02-14 03:05:45 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\en-US [2011-02-14 03:05:40 | 000,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies [2011-02-14 03:05:16 | 000,117,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\prntvpt.dll [2011-02-14 03:05:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2011-02-14 03:05:15 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xpssvcs.dll [2011-02-14 03:05:15 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpssvcs.dll [2011-02-14 03:05:15 | 000,597,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2011-02-14 03:05:15 | 000,575,488 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpsshhdr.dll [2011-02-13 10:53:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\CamUniversal [2011-02-13 10:53:07 | 000,000,000 | ---D | C] -- D:\Program Files\CrazyPixels [2011-02-13 10:44:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\RegisteredPackages [2011-02-13 10:27:27 | 023,510,720 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Administrator\Pulpit\dotnetfx.exe [2011-02-13 10:26:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\capture_me [2011-02-11 21:52:35 | 000,602,112 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msfeeds.dll [2011-02-11 21:52:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msfeedsbs.dll [2011-02-11 21:52:32 | 005,961,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mshtml.dll [2011-02-11 21:52:32 | 000,916,480 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wininet.dll [2011-02-11 21:52:31 | 001,210,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\urlmon.dll [2011-02-11 21:52:14 | 002,492,928 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2011-02-11 21:52:14 | 002,454,016 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntoskrnl.exe [2011-02-11 21:52:13 | 002,305,024 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2011-02-07 18:25:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\EurekaLog [2010-07-06 09:57:39 | 000,053,248 | ---- | C] ( ) -- D:\WINDOWS\System32\csnp2uvc.dll [2010-07-06 09:57:36 | 000,172,032 | ---- | C] ( ) -- D:\WINDOWS\System32\rsnp2uvc.dll [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-28 23:21:51 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Pulpit\OTL.exe [2011-02-28 23:17:58 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2011-02-28 23:17:56 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2011-02-28 21:31:33 | 005,767,168 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT [2011-02-28 21:31:33 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini [2011-02-28 21:31:32 | 002,277,882 | -H-- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-02-28 21:08:43 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2011-02-28 20:00:14 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat [2011-02-28 19:58:17 | 000,296,448 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\0f4gvc5t.exe [2011-02-28 16:48:30 | 000,001,729 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2011-02-28 14:24:09 | 006,677,331 | ---- | M] (Moonware Studios) -- D:\Documents and Settings\Administrator\Pulpit\wlite550.exe [2011-02-28 14:15:06 | 005,809,200 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\HSS-1.57-install-anchorfree-76-conduit(dobreprogramy.pl).exe [2011-02-28 13:58:10 | 000,000,127 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Riverbed Technology - Free Downloads.url [2011-02-28 13:44:17 | 000,000,065 | ---- | M] () -- D:\WINDOWS\System32\-1 [2011-02-28 13:42:30 | 000,000,654 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\netcut.lnk [2011-02-28 13:42:30 | 000,000,158 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\netcut support.lnk [2011-02-28 13:42:13 | 001,885,845 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\NetCut_2008_by_masterbajt.rar [2011-02-28 01:27:48 | 000,002,459 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\HiJackThis.lnk [2011-02-28 00:17:05 | 000,000,044 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Settings\Statistics.dat [2011-02-28 00:17:04 | 000,000,486 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Settings\Settings.dat [2011-02-27 21:31:10 | 002,097,152 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Temp\do_not_delete.147.97C2DBF2 [2011-02-27 20:42:22 | 000,142,619 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\plugins.cache [2011-02-27 20:41:49 | 000,019,720 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Languages\spanish.ini [2011-02-27 18:45:43 | 000,044,544 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-27 00:28:18 | 000,001,995 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Uploads Informations\Miasto złodziei 2010 Lektor PL_Yuki_for_UFS_pl.avi\Miasto złodziei 2010 Lektor PL_Yuki_for_UFS_pl.avi.mui [2011-02-27 00:28:18 | 000,000,054 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Accounts.xml [2011-02-27 00:24:53 | 007,340,032 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Temp\do_not_delete.100.FE3FF324 [2011-02-27 00:11:02 | 000,000,355 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MediaINFO\Plugin\MediaInfo.cfg [2011-02-27 00:10:30 | 000,000,058 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MediaINFO\MediaInfo.url [2011-02-27 00:02:39 | 000,001,352 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Settings\HttpServers.dat [2011-02-27 00:02:39 | 000,000,159 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Settings\ProxySchemes.xml [2011-02-27 00:02:39 | 000,000,148 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Settings\AccountSchemes.xml [2011-02-27 00:02:39 | 000,000,004 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Settings\SmptServers.dat [2011-02-27 00:02:39 | 000,000,004 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Settings\DisabledServers.dat [2011-02-26 23:56:30 | 000,000,010 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\Settings\LimitSettings.dat [2011-02-26 23:56:01 | 000,041,984 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\ZohoClient.dll [2011-02-26 23:56:00 | 000,066,560 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\YahooClient.dll [2011-02-26 23:56:00 | 000,034,816 | ---- | M] (Sesef) -- D:\WINDOWS\System32\drivers\disdn\MH\components\YandexClient.dll [2011-02-26 23:55:59 | 000,070,144 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\WallaClient.dll [2011-02-26 23:55:57 | 000,060,928 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\VivaClient.dll [2011-02-26 23:55:56 | 000,022,016 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\TomClient.dll [2011-02-26 23:55:55 | 000,065,024 | ---- | M] (Ares) -- D:\WINDOWS\System32\drivers\disdn\MH\components\TiscaliItClient.dll [2011-02-26 23:55:55 | 000,034,816 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\SolClient.dll [2011-02-26 23:55:55 | 000,028,672 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\TerraClient.dll [2011-02-26 23:55:54 | 000,181,760 | ---- | M] (Norbi) -- D:\WINDOWS\System32\drivers\disdn\MH\components\PlzKissMeClient.dll [2011-02-26 23:55:54 | 000,059,904 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\RediffClient.dll [2011-02-26 23:55:54 | 000,031,232 | ---- | M] (Norbi) -- D:\WINDOWS\System32\drivers\disdn\MH\components\SinaCnClient.dll [2011-02-26 23:55:54 | 000,024,576 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\PochtamtClient.dll [2011-02-26 23:55:52 | 000,049,152 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\OnetEuClient.dll [2011-02-26 23:55:52 | 000,039,424 | ---- | M] (Moorhunt.pl) -- D:\WINDOWS\System32\drivers\disdn\MH\components\OviClient.dll [2011-02-26 23:55:50 | 000,049,152 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\OnetClient.dll [2011-02-26 23:55:49 | 000,327,680 | ---- | M] (Norbi) -- D:\WINDOWS\System32\drivers\disdn\MH\components\ObozClient.dll [2011-02-26 23:55:44 | 000,214,016 | ---- | M] (Sesef) -- D:\WINDOWS\System32\drivers\disdn\MH\components\KatamailClient.dll [2011-02-26 23:55:44 | 000,125,440 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\MailRuClient.dll [2011-02-26 23:55:44 | 000,052,224 | ---- | M] (Norbi) -- D:\WINDOWS\System32\drivers\disdn\MH\components\Nana10Client.dll [2011-02-26 23:55:44 | 000,031,232 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\O2Client.dll [2011-02-26 23:55:43 | 000,031,232 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\InteriaClient.dll [2011-02-26 23:55:43 | 000,024,576 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\IolClient.dll [2011-02-26 23:55:42 | 000,095,232 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\IndiatimesClient.dll [2011-02-26 23:55:42 | 000,023,552 | ---- | M] (Moorhunt.pl) -- D:\WINDOWS\System32\drivers\disdn\MH\components\InClient.dll [2011-02-26 23:55:41 | 000,075,264 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\HotmailClient.dll [2011-02-26 23:55:41 | 000,022,016 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\HexunClient.dll [2011-02-26 23:55:40 | 000,050,688 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\GmxComClient.dll [2011-02-26 23:55:40 | 000,048,128 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\GMailClient.dll [2011-02-26 23:55:39 | 000,034,816 | ---- | M] (Kamilbyq dla mail2you.pl) -- D:\WINDOWS\System32\drivers\disdn\MH\components\CiudadClient.dll [2011-02-26 23:55:39 | 000,022,528 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\EpfClient.dll [2011-02-26 23:55:38 | 000,067,072 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\CaramailClient.dll [2011-02-26 23:55:37 | 000,033,280 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\AolDeClient.dll [2011-02-26 23:55:37 | 000,032,768 | ---- | M] (ads) -- D:\WINDOWS\System32\drivers\disdn\MH\components\BigstringClient.dll [2011-02-26 23:55:37 | 000,027,136 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\BolClient.dll [2011-02-26 23:55:36 | 000,029,696 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\components\AolComClient.dll [2011-02-26 23:53:25 | 000,015,264 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\unins000.dat [2011-02-26 23:53:24 | 000,000,044 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\MoorHunt.url [2011-02-26 23:50:39 | 001,282,061 | ---- | M] () -- D:\WINDOWS\System32\drivers\disdn\MH\unins000.exe [2011-02-24 11:18:21 | 001,169,344 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI [2011-02-24 11:18:21 | 000,522,558 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat [2011-02-24 11:18:21 | 000,460,382 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2011-02-24 11:18:21 | 000,099,166 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat [2011-02-24 11:18:21 | 000,078,620 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2011-02-24 10:20:50 | 000,001,618 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\FileZilla Server Interface.lnk [2011-02-24 10:15:55 | 001,685,569 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\FileZilla_Server-0_9_37.exe [2011-02-24 09:58:48 | 000,018,028 | ---- | M] () -- D:\WINDOWS\irunin.ini [2011-02-24 09:57:05 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- D:\WINDOWS\iun6002.exe [2011-02-24 09:57:05 | 000,015,938 | ---- | M] () -- D:\WINDOWS\irunin.lng [2011-02-24 09:57:05 | 000,009,694 | ---- | M] () -- D:\WINDOWS\irunin.dat [2011-02-24 09:57:05 | 000,008,134 | ---- | M] () -- D:\WINDOWS\irunin.bmp [2011-02-24 09:56:40 | 000,561,837 | ---- | M] (Indigo Rose Corporation http://www.indigorose.com) -- D:\Documents and Settings\Administrator\Pulpit\totalcopy12xp_setup_[www.programosy.pl].exe [2011-02-24 09:44:42 | 000,000,522 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\XAMPP Control Panel.lnk [2011-02-23 17:16:32 | 066,303,148 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\xampp-win32-1.7.4-VC6-installer.exe [2011-02-23 12:34:23 | 000,000,856 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Szybkie Czyszczenie Dysku.lnk [2011-02-23 12:34:23 | 000,000,760 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Odkurzacz.lnk [2011-02-23 11:20:06 | 000,000,933 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Spybot - Search & Destroy.lnk [2011-02-23 11:10:14 | 001,402,880 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\HiJackThis.msi [2011-02-23 11:08:54 | 000,879,047 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\SecurityCheck.exe [2011-02-23 04:25:34 | 003,911,040 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\ComboFix[www.instalki.pl].exe [2011-02-23 00:56:43 | 000,000,735 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\RAR Password Recovery Magic.lnk [2011-02-22 21:53:32 | 005,198,076 | ---- | M] () -- D:\Documents and Settings\Administrator\Moje dokumenty\support do kasacji.evt [2011-02-18 15:22:27 | 000,000,037 | ---- | M] () -- D:\WINDOWS\Grappler.ini [2011-02-16 16:31:37 | 000,001,693 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Ferro - Cyfrowy Magnetowid.lnk [2011-02-16 16:31:31 | 000,796,672 | ---- | M] (Qsc) -- D:\WINDOWS\GPInstall.exe [2011-02-16 16:31:00 | 001,124,658 | ---- | M] (Qsc) -- D:\Documents and Settings\Administrator\Pulpit\FerroInst.exe [2011-02-16 15:12:51 | 000,000,729 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\SecureCam Viewer.lnk [2011-02-16 15:12:51 | 000,000,694 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\SecureCam.lnk [2011-02-16 15:07:40 | 000,000,674 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Webcam Spy.lnk [2011-02-16 15:07:18 | 002,153,332 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\webcamspy.exe [2011-02-16 03:33:55 | 000,004,142 | ---- | M] () -- D:\WINDOWS\imsins.BAK [2011-02-14 08:42:43 | 000,069,984 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-02-14 03:28:28 | 000,271,784 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2011-02-13 10:53:08 | 000,000,860 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\CamUniversal.lnk [2011-02-13 10:38:27 | 023,510,720 | ---- | M] (Microsoft Corporation) -- D:\Documents and Settings\Administrator\Pulpit\dotnetfx.exe [2011-02-13 10:18:22 | 000,002,267 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Skype.lnk [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-28 19:58:16 | 000,296,448 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\0f4gvc5t.exe [2011-02-28 14:15:05 | 005,809,200 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\HSS-1.57-install-anchorfree-76-conduit(dobreprogramy.pl).exe [2011-02-28 13:58:10 | 000,000,127 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Riverbed Technology - Free Downloads.url [2011-02-28 13:42:30 | 000,000,654 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\netcut.lnk [2011-02-28 13:42:30 | 000,000,158 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\netcut support.lnk [2011-02-28 13:42:13 | 001,885,845 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\NetCut_2008_by_masterbajt.rar [2011-02-28 10:41:30 | 000,604,303 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\lps.exe [2011-02-24 10:20:50 | 000,001,618 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\FileZilla Server Interface.lnk [2011-02-24 10:15:54 | 001,685,569 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\FileZilla_Server-0_9_37.exe [2011-02-24 09:44:42 | 000,000,522 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\XAMPP Control Panel.lnk [2011-02-23 17:07:00 | 066,303,148 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\xampp-win32-1.7.4-VC6-installer.exe [2011-02-23 12:34:23 | 000,000,856 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Szybkie Czyszczenie Dysku.lnk [2011-02-23 12:34:22 | 000,000,760 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Odkurzacz.lnk [2011-02-23 12:26:56 | 000,002,459 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\HiJackThis.lnk [2011-02-23 11:20:06 | 000,000,933 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Spybot - Search & Destroy.lnk [2011-02-23 11:10:14 | 001,402,880 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\HiJackThis.msi [2011-02-23 11:08:54 | 000,879,047 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\SecurityCheck.exe [2011-02-23 04:25:34 | 003,911,040 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\ComboFix[www.instalki.pl].exe [2011-02-23 00:56:43 | 000,000,735 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\RAR Password Recovery Magic.lnk [2011-02-22 21:53:32 | 005,198,076 | ---- | C] () -- D:\Documents and Settings\Administrator\Moje dokumenty\support do kasacji.evt [2011-02-16 16:32:37 | 000,000,037 | ---- | C] () -- D:\WINDOWS\Grappler.ini [2011-02-16 16:31:37 | 000,001,693 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Ferro - Cyfrowy Magnetowid.lnk [2011-02-16 16:31:36 | 000,012,800 | ---- | C] () -- D:\WINDOWS\ioctrl.dll [2011-02-16 16:31:32 | 000,007,758 | ---- | C] () -- D:\WINDOWS\Polish_PL.gpl [2011-02-16 15:12:51 | 000,000,729 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\SecureCam Viewer.lnk [2011-02-16 15:12:51 | 000,000,694 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\SecureCam.lnk [2011-02-16 15:07:40 | 000,000,674 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Webcam Spy.lnk [2011-02-16 15:07:18 | 002,153,332 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\webcamspy.exe [2011-02-15 07:24:00 | 001,107,405 | ---- | C] () -- D:\WINDOWS\System32\dllcache\ntprint.cat [2011-02-13 10:53:08 | 000,000,860 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\CamUniversal.lnk [2010-12-07 17:42:56 | 000,069,984 | ---- | C] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-12-07 17:27:53 | 000,165,376 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll [2010-12-07 17:27:52 | 000,000,038 | ---- | C] () -- D:\WINDOWS\avisplitter.ini [2010-12-07 17:27:50 | 000,790,528 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2010-12-07 17:27:50 | 000,134,144 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll [2010-12-07 17:27:50 | 000,108,032 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll [2010-12-07 17:27:50 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest [2010-10-15 02:08:42 | 000,000,118 | ---- | C] () -- D:\WINDOWS\System32\MRT.INI [2010-08-27 16:47:33 | 000,044,805 | ---- | C] () -- D:\WINDOWS\System32\smtpctrs.ini [2010-08-27 16:47:33 | 000,002,153 | ---- | C] () -- D:\WINDOWS\System32\ntfsdrct.ini [2010-08-27 16:47:32 | 000,018,222 | ---- | C] () -- D:\WINDOWS\System32\infoctrs.ini [2010-08-09 09:18:50 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat [2010-07-06 09:57:39 | 001,769,984 | ---- | C] () -- D:\WINDOWS\System32\drivers\snp2uvc.sys [2010-07-06 09:57:39 | 000,028,160 | ---- | C] () -- D:\WINDOWS\System32\drivers\sncduvc.sys [2010-07-06 09:57:39 | 000,000,036 | ---- | C] () -- D:\WINDOWS\PidList.ini [2010-06-26 07:56:24 | 000,018,028 | ---- | C] () -- D:\WINDOWS\irunin.ini [2010-06-26 07:56:24 | 000,009,694 | ---- | C] () -- D:\WINDOWS\irunin.dat [2010-06-25 18:03:12 | 000,053,299 | ---- | C] () -- D:\WINDOWS\System32\pthreadVC.dll [2010-03-17 23:15:22 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\ChCfg.exe [2010-03-08 23:16:25 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat [2010-03-08 23:16:25 | 000,000,552 | ---- | C] () -- D:\WINDOWS\System32\d3d8caps.dat [2010-03-06 01:09:33 | 000,044,544 | ---- | C] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-06 00:04:46 | 000,231,056 | ---- | C] () -- D:\WINDOWS\System32\drivers\RTConvEQ.dat [2010-03-06 00:04:46 | 000,001,352 | ---- | C] () -- D:\WINDOWS\System32\drivers\RtHdatEx.dat [2010-03-06 00:04:46 | 000,000,520 | ---- | C] () -- D:\WINDOWS\System32\drivers\RTEQEX2.dat [2010-03-06 00:04:46 | 000,000,520 | ---- | C] () -- D:\WINDOWS\System32\drivers\RTEQEX1.dat [2010-03-06 00:04:46 | 000,000,520 | ---- | C] () -- D:\WINDOWS\System32\drivers\RTEQEX0.dat [2010-03-06 00:04:46 | 000,000,164 | ---- | C] () -- D:\WINDOWS\System32\drivers\SamSfPa.dat [2010-03-06 00:04:46 | 000,000,008 | ---- | C] () -- D:\WINDOWS\System32\drivers\rtkhdaud.dat [2010-03-04 17:05:38 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat [2010-03-03 13:49:38 | 001,169,344 | ---- | C] () -- D:\WINDOWS\System32\PerfStringBackup.INI [2010-03-03 13:49:37 | 000,004,293 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI [2010-03-03 13:48:37 | 000,271,784 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2010-03-03 13:26:11 | 002,277,882 | -H-- | C] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-03 13:07:42 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat [2010-03-03 13:03:02 | 000,000,000 | ---- | C] () -- D:\WINDOWS\control.ini [2010-03-03 13:01:04 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\cdplayer.exe.manifest [2010-03-03 12:58:23 | 000,021,372 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat [2010-03-03 12:58:20 | 000,000,037 | ---- | C] () -- D:\WINDOWS\vbaddin.ini [2010-03-03 12:58:20 | 000,000,036 | ---- | C] () -- D:\WINDOWS\vb.ini [2010-03-03 12:57:23 | 000,027,416 | ---- | C] () -- D:\WINDOWS\System32\tslabels.ini [2010-03-03 12:57:23 | 000,003,848 | ---- | C] () -- D:\WINDOWS\System32\msdtcprf.ini [2007-02-18 01:32:42 | 000,179,577 | ---- | C] () -- D:\WINDOWS\System32\schema.ini [2007-02-17 09:07:46 | 000,055,436 | ---- | C] () -- D:\WINDOWS\System32\tcpmon.ini [2007-02-17 09:05:34 | 000,004,725 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat [2007-02-17 09:05:12 | 000,733,696 | ---- | C] () -- D:\WINDOWS\System32\qedwipes.dll [2007-02-17 09:03:10 | 000,355,112 | ---- | C] () -- D:\WINDOWS\System32\msjetoledb40.dll [2007-02-17 09:02:54 | 000,014,336 | ---- | C] () -- D:\WINDOWS\System32\msdmo.dll [2007-02-17 08:59:56 | 000,072,704 | ---- | C] () -- D:\WINDOWS\System32\amstream.dll [2003-12-05 17:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin [2003-12-05 17:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat [2003-12-05 17:00:00 | 000,522,558 | ---- | C] () -- D:\WINDOWS\System32\perfh015.dat [2003-12-05 17:00:00 | 000,460,382 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat [2003-12-05 17:00:00 | 000,316,494 | ---- | C] () -- D:\WINDOWS\System32\perfi015.dat [2003-12-05 17:00:00 | 000,275,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat [2003-12-05 17:00:00 | 000,216,006 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat [2003-12-05 17:00:00 | 000,168,911 | ---- | C] () -- D:\WINDOWS\System32\esentprf.ini [2003-12-05 17:00:00 | 000,114,688 | ---- | C] () -- D:\WINDOWS\System32\msencode.dll [2003-12-05 17:00:00 | 000,099,166 | ---- | C] () -- D:\WINDOWS\System32\perfc015.dat [2003-12-05 17:00:00 | 000,078,620 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat [2003-12-05 17:00:00 | 000,070,622 | ---- | C] () -- D:\WINDOWS\System32\edit.com [2003-12-05 17:00:00 | 000,053,920 | ---- | C] () -- D:\WINDOWS\System32\dosx.exe [2003-12-05 17:00:00 | 000,051,823 | ---- | C] () -- D:\WINDOWS\System32\command.com [2003-12-05 17:00:00 | 000,051,737 | ---- | C] () -- D:\WINDOWS\System32\ntdsctrs.ini [2003-12-05 17:00:00 | 000,046,907 | ---- | C] () -- D:\WINDOWS\mib.bin [2003-12-05 17:00:00 | 000,042,809 | ---- | C] () -- D:\WINDOWS\System32\key01.sys [2003-12-05 17:00:00 | 000,042,537 | ---- | C] () -- D:\WINDOWS\System32\keyboard.sys [2003-12-05 17:00:00 | 000,041,400 | ---- | C] () -- D:\WINDOWS\System32\ntfrsrep.ini [2003-12-05 17:00:00 | 000,039,434 | ---- | C] () -- D:\WINDOWS\System32\mem.exe [2003-12-05 17:00:00 | 000,036,076 | ---- | C] () -- D:\WINDOWS\System32\perfd015.dat [2003-12-05 17:00:00 | 000,035,648 | ---- | C] () -- D:\WINDOWS\System32\ntio411.sys [2003-12-05 17:00:00 | 000,035,424 | ---- | C] () -- D:\WINDOWS\System32\ntio412.sys [2003-12-05 17:00:00 | 000,034,560 | ---- | C] () -- D:\WINDOWS\System32\ntio804.sys [2003-12-05 17:00:00 | 000,034,560 | ---- | C] () -- D:\WINDOWS\System32\ntio404.sys [2003-12-05 17:00:00 | 000,033,936 | ---- | C] () -- D:\WINDOWS\System32\ntio.sys [2003-12-05 17:00:00 | 000,029,710 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat [2003-12-05 17:00:00 | 000,029,370 | ---- | C] () -- D:\WINDOWS\System32\ntdos411.sys [2003-12-05 17:00:00 | 000,029,274 | ---- | C] () -- D:\WINDOWS\System32\ntdos412.sys [2003-12-05 17:00:00 | 000,029,146 | ---- | C] () -- D:\WINDOWS\System32\ntdos804.sys [2003-12-05 17:00:00 | 000,029,146 | ---- | C] () -- D:\WINDOWS\System32\ntdos404.sys [2003-12-05 17:00:00 | 000,027,898 | ---- | C] () -- D:\WINDOWS\System32\ntdos.sys [2003-12-05 17:00:00 | 000,027,097 | ---- | C] () -- D:\WINDOWS\System32\country.sys [2003-12-05 17:00:00 | 000,023,348 | ---- | C] () -- D:\WINDOWS\System32\iasperf.ini [2003-12-05 17:00:00 | 000,023,192 | ---- | C] () -- D:\WINDOWS\System32\ipsecprf.ini [2003-12-05 17:00:00 | 000,020,986 | ---- | C] () -- D:\WINDOWS\System32\debug.exe [2003-12-05 17:00:00 | 000,020,816 | ---- | C] () -- D:\WINDOWS\System32\mqperf.ini [2003-12-05 17:00:00 | 000,019,806 | ---- | C] () -- D:\WINDOWS\System32\graphics.com [2003-12-05 17:00:00 | 000,016,896 | ---- | C] () -- D:\WINDOWS\System32\tsd32.dll [2003-12-05 17:00:00 | 000,014,913 | ---- | C] () -- D:\WINDOWS\System32\kb16.com [2003-12-05 17:00:00 | 000,013,797 | ---- | C] () -- D:\WINDOWS\System32\pschdprf.ini [2003-12-05 17:00:00 | 000,013,312 | ---- | C] () -- D:\WINDOWS\System32\win87em.dll [2003-12-05 17:00:00 | 000,012,866 | ---- | C] () -- D:\WINDOWS\System32\edlin.exe [2003-12-05 17:00:00 | 000,012,594 | ---- | C] () -- D:\WINDOWS\System32\append.exe [2003-12-05 17:00:00 | 000,011,859 | ---- | C] () -- D:\WINDOWS\System32\setver.exe [2003-12-05 17:00:00 | 000,010,621 | ---- | C] () -- D:\WINDOWS\System32\ntfrscon.ini [2003-12-05 17:00:00 | 000,009,043 | ---- | C] () -- D:\WINDOWS\System32\ansi.sys [2003-12-05 17:00:00 | 000,008,520 | ---- | C] () -- D:\WINDOWS\System32\exe2bin.exe [2003-12-05 17:00:00 | 000,007,116 | ---- | C] () -- D:\WINDOWS\System32\nlsfunc.exe [2003-12-05 17:00:00 | 000,006,574 | ---- | C] () -- D:\WINDOWS\System32\rasctrs.ini [2003-12-05 17:00:00 | 000,005,676 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin [2003-12-05 17:00:00 | 000,004,976 | ---- | C] () -- D:\WINDOWS\System32\himem.sys [2003-12-05 17:00:00 | 000,004,459 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat [2003-12-05 17:00:00 | 000,003,346 | ---- | C] () -- D:\WINDOWS\System32\redir.exe [2003-12-05 17:00:00 | 000,003,260 | ---- | C] () -- D:\WINDOWS\System32\nw16.exe [2003-12-05 17:00:00 | 000,002,992 | ---- | C] () -- D:\WINDOWS\System32\perfci.ini [2003-12-05 17:00:00 | 000,002,890 | ---- | C] () -- D:\WINDOWS\System32\perfwci.ini [2003-12-05 17:00:00 | 000,002,656 | ---- | C] () -- D:\WINDOWS\System32\netware.drv [2003-12-05 17:00:00 | 000,001,405 | ---- | C] () -- D:\WINDOWS\msdfmap.ini [2003-12-05 17:00:00 | 000,001,295 | ---- | C] () -- D:\WINDOWS\System32\perffilt.ini [2003-12-05 17:00:00 | 000,001,168 | ---- | C] () -- D:\WINDOWS\System32\loadfix.com [2003-12-05 17:00:00 | 000,001,148 | ---- | C] () -- D:\WINDOWS\System32\vwipxspx.exe [2003-12-05 17:00:00 | 000,000,882 | ---- | C] () -- D:\WINDOWS\System32\share.exe [2003-12-05 17:00:00 | 000,000,882 | ---- | C] () -- D:\WINDOWS\System32\fastopen.exe [2003-12-05 17:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat [2003-12-05 17:00:00 | 000,000,718 | ---- | C] () -- D:\WINDOWS\System32\mscdexnt.exe [2003-12-05 17:00:00 | 000,000,610 | ---- | C] () -- D:\WINDOWS\win.ini [2003-12-05 17:00:00 | 000,000,375 | ---- | C] () -- D:\WINDOWS\System32\prodspec.ini [2003-12-05 17:00:00 | 000,000,231 | ---- | C] () -- D:\WINDOWS\system.ini [2003-12-05 17:00:00 | 000,000,041 | ---- | C] () -- D:\WINDOWS\System32\mqtgsvc.exe.cfg [2003-05-12 16:59:38 | 000,058,368 | ---- | C] () -- D:\WINDOWS\System32\dvdplay.exe [2002-05-04 12:08:40 | 000,000,549 | -H-- | C] () -- D:\WINDOWS\COPYFSTQ.EXE.manifest [2002-05-04 12:04:46 | 000,046,080 | ---- | C] () -- D:\WINDOWS\COPYFSTQ.EXE [2002-05-04 12:04:45 | 000,094,636 | ---- | C] () -- D:\WINDOWS\dropcpyr.dll [color=#E56717]========== LOP Check ==========[/color] [2010-10-07 10:53:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite [2011-02-14 03:27:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\EurekaLog [2010-12-07 17:44:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Key Metric Software [2011-02-22 18:08:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\TeamViewer [2011-02-27 20:41:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\uTorrent [2010-06-30 19:10:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Wireshark [2010-03-18 11:32:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011-02-28 14:24:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\webcamXP 5 [2011-02-23 16:58:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\drivers\Dane aplikacji\uTorrent [2011-02-23 15:04:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\support700\Dane aplikacji\uTorrent [2011-02-24 23:15:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\xampp\Dane aplikacji\uTorrent [2011-02-28 21:31:37 | 000,032,610 | ---- | M] () -- D:\WINDOWS\Tasks\SchedLgU.Txt [color=#E56717]========== Purity Check ==========[/color] < End of report >

Extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-02-28 23:23:04 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = D:\Documents and Settings\Administrator\Pulpit Windows Server 2003 Enterprise Edition Dodatek Service Pack 2 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): c:\pagefile.sys 60 500f:\pagefile.sys 200 600 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 137,48 Gb Total Space | 69,64 Gb Free Space | 50,65% Space Free | Partition Type: NTFS Drive D: | 48,82 Gb Total Space | 25,14 Gb Free Space | 51,49% Space Free | Partition Type: NTFS Drive F: | 26,60 Gb Total Space | 0,10 Gb Free Space | 0,39% Space Free | Partition Type: NTFS Drive G: | 29,29 Gb Total Space | 23,22 Gb Free Space | 79,30% Space Free | Partition Type: NTFS Computer Name: TURBOACER | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-2726969911-3005677987-1162752049-500\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) jsfile [edit] -- "D:\Program Files\kED\kED2.exe" "%1" (FreeZone) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "110:TCP" = 110:TCP:*:Enabled:110 "14509:TCP" = 14509:TCP:*:Enabled:14509 "3333:TCP" = 3333:TCP:*:Enabled:Windows Media Format SDK (camw.exe) [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\WINDOWS\system32\cys.exe" = D:\WINDOWS\system32\cys.exe:*:Enabled:Kreator konfigurowania serwera -- (Microsoft Corporation) "D:\xampp\FileZillaFTP\FileZilla Server.exe" = D:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server -- (FileZilla Project) "D:\xampp\apache\bin\httpd.exe" = D:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "D:\xampp\mysql\bin\mysqld.exe" = D:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB) "D:\xampp\MercuryMail\mercury.exe" = D:\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.72 -- (David Harris) "D:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "D:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "D:\Program Files\CrazyPixels\CamUniversal\CamUniversal.exe" = D:\Program Files\CrazyPixels\CamUniversal\CamUniversal.exe:*:Enabled:CamUniversal -- (CrazyPixels - www.crazypixels.com) "D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "D:\Program Files\WinPcap\rpcapd.exe" = D:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon -- (CACE Technologies, Inc.) "D:\Program Files\wLite\wLite.exe" = D:\Program Files\wLite\wLite.exe:*:Enabled:webcamXP -- (Moonware Studios) "D:\Program Files\wLite\wService.exe" = D:\Program Files\wLite\wService.exe:*:Enabled:webcamXP Service -- (Moonware Studios) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{807130E2-347B-4BE8-9D31-07076F40A6E2}_is1" = CamUniversal Trial wersja 4.1 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90140000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 14 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7952CA2-A925-4CA1-A934-A46E8EC9CA18}" = Acer Crystal Eye Webcam 1.0.1.3 "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "airpcapinst" = AirPcap software 4.1.1 "AQQ" = WapSter AQQ "AutoItv3" = AutoIt v3.3.6.1 "CameraWindow_is1" = CameraWindow 1.0 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "conduitEngine" = Conduit Engine "ESET Online Scanner" = ESET Online Scanner v3 "FERRO Cyfrowy Magnetowid" = FERRO Cyfrowy Magnetowid "FileZilla Server" = FileZilla Server (remove only) "HD Tune_is1" = HD Tune 2.55 "HotspotShield" = Hotspot Shield 1.57 "ie8" = Windows Internet Explorer 8 "kED_is1" = kED 2.1.4.0 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Full) "LManager" = Launch Manager "Local Port Scanner_is1" = Local Port Scanner v1.2.2 "MediaInfo" = MediaInfo 0.7.41 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MoorHunt_is1" = MoorHunt 0.6.7.2 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "NetCut_is1" = NetCut 2.08 "Odkurzacz 12.5_is1" = Odkurzacz 12.5 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "QuicktimeAlt_is1" = QuickTime Alternative 3.1.0 "RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.95 "RealAlt_is1" = Real Alternative 2.0.2 "SciTE4AutoIt3" = SciTE4AutoIt3 2/28/2010 "SecureCam" = SecureCam "SkanerOnline" = Skaner on-line mks_vir "SynTPDeinstKey" = Synaptics Pointing Device Driver "TotalCopy_1.2_(Luki_Edition)_English" = TotalCopy 1.2 (Luki Edition) "uTorrentBar Toolbar" = uTorrentBar Toolbar "Webcam Spy_is1" = Webcam Spy v2.1 "WIC" = Windows Imaging Component "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = Archiwizator WinRAR "Wireshark" = Wireshark 1.2.9 "wLite" = webcamXP Lite "xampp" = XAMPP 1.7.4 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-02-23 05:59:11 | Computer Name = TURBOACER | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x77e544ce. Error - 2011-02-23 07:19:46 | Computer Name = TURBOACER | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca SpybotSD.exe, wersja 1.6.2.46, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-02-23 13:18:05 | Computer Name = TURBOACER | Source = MsiInstaller | ID = 1013 Description = Produkt: Kaspersky Anti-Virus 6.0 for Windows Workstations -- Aplikacja nie może zostać zainstalowana. Bieżący system operacyjny nie jest obsługiwany. Error - 2011-02-24 03:49:14 | Computer Name = TURBOACER | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> (OS 10048)Tylko jedno użycie każdego adresu gniazda (protokół/adres sieciowy/port) jest normalnie dozwolone. : make_sock: could not bind to address 0.0.0.0:80 . Error - 2011-02-24 03:49:14 | Computer Name = TURBOACER | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> no listening sockets available, shutting down . Error - 2011-02-24 03:49:14 | Computer Name = TURBOACER | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> Unable to open logs . Error - 2011-02-24 03:49:33 | Computer Name = TURBOACER | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> (OS 10048)Tylko jedno użycie każdego adresu gniazda (protokół/adres sieciowy/port) jest normalnie dozwolone. : make_sock: could not bind to address 0.0.0.0:80 . Error - 2011-02-24 03:49:33 | Computer Name = TURBOACER | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> no listening sockets available, shutting down . Error - 2011-02-24 03:49:33 | Computer Name = TURBOACER | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> Unable to open logs . Error - 2011-02-27 16:02:10 | Computer Name = TURBOACER | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Nie można wbudować łańcucha certyfikatów do zaufanego urzędu głównego. [ System Events ] Error - 2011-02-28 18:17:57 | Computer Name = TURBOACER | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 22:51:41 na 2011-02-28 było nieoczekiwane. Error - 2011-02-28 18:18:16 | Computer Name = TURBOACER | Source = NetBT | ID = 4307 Description = Zainicjowanie nie powiodło się, ponieważ transport odmówił otwarcia adresów początkowych. Error - 2011-02-28 18:18:29 | Computer Name = TURBOACER | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień właściwe dla aplikacji nie jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem klasy {BA126AD1-2166-11D1-B1D0-00805FC1270E} użytkownikowi ZARZĄDZANIE NT\USŁUGA SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2011-02-28 18:18:58 | Computer Name = TURBOACER | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień właściwe dla aplikacji nie jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem klasy {BA126AD1-2166-11D1-B1D0-00805FC1270E} użytkownikowi ZARZĄDZANIE NT\USŁUGA SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2011-02-28 18:18:58 | Computer Name = TURBOACER | Source = ipnathlp | ID = 30013 Description = Program przydzielania DHCP sam wyłączył się dla adresu IP 192.168.137.1, gdyż adres ten jest spoza zakresu 192.168.0.0/255.255.255.0, z którego są przydzielane adresy klientom DHCP. Aby włączyć program przydzielania DHCP dla tego adresu IP, zmień zakres, tak aby zawierał adres IP, albo zmień adres IP, tak aby mieścił się w zakresie. Error - 2011-02-28 18:19:29 | Computer Name = TURBOACER | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi XAMPP Service z powodu następującego błędu: %%2 Error - 2011-02-28 18:19:31 | Computer Name = TURBOACER | Source = TermServDevices | ID = 1111 Description = Sterownik KONICA MINOLTA C352/C300 VXL wymagany dla drukarki KONICA MINOLTA C352/C300 VXL jest nieznany. Przed ponownym zalogowaniem skontaktuj się z administratorem w celu zainstalowania sterownika. Error - 2011-02-28 18:19:34 | Computer Name = TURBOACER | Source = TermServDevices | ID = 1111 Description = Sterownik Send To Microsoft OneNote 2010 Driver wymagany dla drukarki Wyślij do programu OneNote 2010 jest nieznany. Przed ponownym zalogowaniem skontaktuj się z administratorem w celu zainstalowania sterownika. Error - 2011-02-28 18:19:34 | Computer Name = TURBOACER | Source = TermServDevices | ID = 1111 Description = Sterownik Microsoft Shared Fax Driver wymagany dla drukarki Fax jest nieznany. Przed ponownym zalogowaniem skontaktuj się z administratorem w celu zainstalowania sterownika. Error - 2011-02-28 18:23:56 | Computer Name = TURBOACER | Source = TermServDevices | ID = 1111 Description = Sterownik Microsoft Shared Fax Driver wymagany dla drukarki Fax jest nieznany. Przed ponownym zalogowaniem skontaktuj się z administratorem w celu zainstalowania sterownika. < End of report >

**Posty:** 18165 · przez **wojtas** 28 Lut 2011, 17:45

Proszę zastosować się do obowiązkowych zasad w dziale bezpieczeństwo
- wstaw wymagane logi

**Posty:** 6 · przez **Masterslp** 01 Mar 2011, 00:36

Wydaje mi się że już wszystko jest tak jak powinno

**Posty:** 18165 · przez **wojtas** 02 Mar 2011, 17:40

odinstaluj w dodaj usuń;
ConduitEngine, uTorrentBar

* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) , pokaż z niego raport i po nim nowy log z OTL

**Posty:** 6 · przez **Masterslp** 03 Mar 2011, 02:01

Dziękuje za odpowiedź już wchodze sprawdzam do czego one służą ale pewnie ciężko będzie sie doszukać.

Dlatego też jeśli ktoś wie jak się z tego korzysta to prosiłbym o informacje... Ogólnie zanim usunę chciałbym jakoś się z tym skomunikować zobaczyć co tam poustawiane co można tym zmienić itp .

Nie wiem czy to moje zboczenie ale nie lubie tylko usuwać

wolę poznać wroga i jego broń

Zastanawiam się jeszcze czy tego jakiegoś Mavericka nie mam na 1025 porcie bo jest otwarty ... już ściągam jakieś programy do wyszukiwania tego ustrojstwa ...

**Posty:** 18165 · przez **wojtas** 03 Mar 2011, 19:20

zbędne zamulatory, instalowane niepotrzebnie wraz z np. uttorentem

**Posty:** 6 · przez **Masterslp** 04 Mar 2011, 11:08

A co może dawać władze nad moim kompem ?. No bo ktoś napewno niema hasła do mojego konta zmieniłem je ... A mimo to tworzy u mnie konta na komputerze. Mam tylko 1 konto Admina pozostałe powyłączane a mimo to jakoś ktoś wchodzi mi na komputer zakłada sobie konto i wchodzi na komputer prze zdalny pulpit . zastanawia mnie otwarty port 1025 i nie chodzi o to bym np zamknął ten port a dowiedział się jak ktoś z niego korzysta itp.
Jak sprawdzić jaki program korzysta z danego portu ?

**Posty:** 1235 · przez **Sh@m@N** 04 Mar 2011, 20:41

Dobrym firewallem. Na przykład Comodo Internet Security.
Pytanie - mieszkasz w okolicy Krzeszowic? Korzystasz z WIFI? Korzystasz z VPN?

A takie coś

D:\Documents and Settings\All Users\Pulpit\hello youki give me some contact to you password too admin is 123

- rozwali każdego.

**Posty:** 6 · przez **Masterslp** 05 Mar 2011, 12:56

Sh@m@N napisał(a):Dobrym firewallem. Na przykład Comodo Internet Security.
Pytanie - mieszkasz w okolicy Krzeszowic? Korzystasz z WIFI? Korzystasz z VPN?

A takie coś
D:\Documents and Settings\All Users\Pulpit\hello youki give me some contact to you password too admin is 123

- rozwali każdego.

hehe

nie to nie moje okolice, zostawiłem mu hasło po to bym mógł wejsc i sprawdzic co robi, a nie co chwile nowe konta . Skorzystał i wchodzil

. Chwilowo cisza nastała hehe

. Choć nadal nie wiem w jaki sposób zakładał nowych userów.

I tak jak pisałem te krzeszowice to nie koniecznie jego ip wchodził do mnie na kompa z ip (Irlandii i warszawy).

**Posty:** 1235 · przez **Sh@m@N** 05 Mar 2011, 20:43

Nie do końca ustawione zasady bezpieczeństwa.

Wyłączyłeś wszystkich użytkowników poza swoim kontem? Ograniczyłeś dostęp anonimowy? Wyłączyłeś pomoc zdalną,udostępnianie plików i drukarek itp?

Norton to w tej chwili raczej przeciętny wybór. Sugeruję lepszą zaporę - jak wyżej, Comodo Internet Security. Jedyne, co będzie mógł zrobić bez podania hasła to "grzebanie w rejestrze" - tyle, że wirtualnym, i w piaskownicy (o, tu będzie sobie szalał...)

**Posty:** 6 · przez **Masterslp** 17 Mar 2011, 20:04

Comodo bardzo fajny programik niestety nie mam czasu by jakoś głębiej się z nim zapoznać.

Mam z nim problem - filezilla nie działa na wszelkie sposoby dodaje go do regół ale filezilla ciągle ma problem z działaniem ftp widać że loguje się do programu ale nie można otworzyć katalogu. "The operation time out"

Jak się wyłączy firewalla w comodo wszystko jest ok.

P,S zastosowanie Comodo nie zapobiegło włamaniom nadal mam gościa

Kto jest na forum