Keylogger HijackThis i OTL logi

jarko2 · 9 Luty 2012 12:31

Witam,

jestem przekonanym o tym ze mam keyloggera. 2x mam gole chary w grze online. Passy nie zostaly zmienione wiec nie ma mozliwosci ktos musi miec wglad do tego co robie na komputerze.

Logi z Hijacka

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:28:22, on 2012-02-09

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16912)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\nvvtray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Ventrilo\Ventrilo.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\user\AppData\Local\Temp\Rar$EX17.328\HijackThis.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [APSDaemon] “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

O4 - HKCU…\Run: [Gadu-Gadu 10] “C:\Program Files\Gadu-Gadu 10\gg.exe”

O4 - HKCU…\Run: [sony Ericsson PC Companion] “C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe” /Background

O4 - HKCU…\Run: [steam] “C:\Program Files\Steam\steam.exe” -silent

O4 - HKCU…\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized

O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep”

O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘USŁUGA SIECIOWA’)

O4 - Startup: Nettalk.lnk = C:\Program Files\Nettalk6\Nettalk.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: nvvtray.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra ‘Tools’ menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre … dl.sun.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

–

End of file - 7155 bytes

– Dodane 09.02.2012 (Cz) 14:17 –

Dolaczam jeszcze logi z OTL

OTL logfile created on: 2012-02-09 14:10:23 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop

Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 37,16% Memory free

4,00 Gb Paging File | 1,93 Gb Available in Paging File | 48,18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,29 Gb Total Space | 12,61 Gb Free Space | 4,36% Space Free | Partition Type: NTFS

Computer Name: USER-REJCZEL | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-02-09 14:10:18 | 000,584,192 | ---- | M] (OldTimer Tools) – C:\Users\user\Desktop\OTL.exe

PRC - [2011-02-26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe

PRC - [2010-01-15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) – C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\taskhost.exe

PRC - [2008-02-22 05:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012-01-26 04:06:57 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Steam\SteamService.exe – (Steam Client Service)

SRV - [2011-10-31 02:20:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] – C:\Windows\System32\Wat\WatAdminSvc.exe – (WatAdminSvc)

SRV - [2011-06-29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] – C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe – (Sony Ericsson PCCompanion)

SRV - [2011-03-28 20:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] – C:\Windows\System32\GameMon.des – (npggsvc)

SRV - [2010-01-15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] – C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe – (McComponentHostService)

SRV - [2009-07-14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\StorSvc.dll – (StorSvc)

SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)

SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\PeerDistSvc.dll – (PeerDistSvc)

SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2012-01-26 21:45:31 | 000,137,544 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\PnkBstrK.sys – (PnkBstrK)

DRV - [2011-11-16 19:37:27 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] – C:\Windows\System32\drivers\atksgt.sys – (atksgt)

DRV - [2011-11-16 19:37:27 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] – C:\Windows\System32\drivers\lirsgt.sys – (lirsgt)

DRV - [2011-03-18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] – C:\Windows\system32\speedfan.sys – (speedfan)

DRV - [2009-12-03 17:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\ATSwpWDF.sys – (ATSwpWDF)

DRV - [2009-10-03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\nvlddmkm.sys – (nvlddmkm)

DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\vmbus.sys – (vmbus)

DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\system32\DRIVERS\vmstorfl.sys – (storflt)

DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\storvsc.sys – (storvsc)

DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\winusb.sys – (WinUsb)

DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\vms3cap.sys – (s3cap)

DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\VMBusHID.sys – (VMBusHID)

DRV - [2009-07-13 23:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\smserial.sys – (smserial)

DRV - [2009-07-13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\netw5v32.sys – (netw5v32) Sterownik karty Intel®

DRV - [2009-02-10 16:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | On_Demand | Stopped] – C:\Users\user\Desktop\UltraISO\drivers\ISODrive.sys – (ISODrive)

DRV - [2007-07-11 03:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\HpqRemHid.sys – (HpqRemHid)

DRV - [2006-11-14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] – C:\Windows\System32\drivers\rixdptsk.sys – (rismxdp)

DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] – C:\Windows\system32\giveio.sys – (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)

IE - HKCU…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

[2011-12-15 21:11:43 | 000,000,000 | —D | M] (No name found) – C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions

[2011-12-15 21:11:43 | 000,000,000 | —D | M] (uTorrentBar Community Toolbar) – C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: uTorrentBar = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0\

CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\

CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)

O3 - HKLM…\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)

O3 - HKCU…\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)

O4 - HKLM…\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM…\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU…\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKCU…\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)

O4 - HKCU…\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe (NCSoft)

O4 - HKCU…\Run: [PlayNC Launcher] File not found

O4 - HKCU…\Run: [sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)

O4 - HKCU…\Run: [steam] C:\Program Files\Steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = C:\Program Files\Nettalk6\Nettalk.exe (Nicolas Kruse)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra ‘Tools’ menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc … tor/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD40/JSCDL/jre … dl.sun.com (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.34.50 212.76.34.49

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{1267806B-2D5C-43E6-8C79-06FFB8B1C5F9}: DhcpNameServer = 212.76.34.50 212.76.34.49

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat – [NTFS]

O33 - MountPoints2{38525853-190c-11e1-ad99-002186088ce9}\Shell - “” = AutoRun

O33 - MountPoints2{38525853-190c-11e1-ad99-002186088ce9}\Shell\AutoRun\command - “” = E:\AutoRun.exe

O33 - MountPoints2{38525859-190c-11e1-ad99-002186088ce9}\Shell - “” = AutoRun

O33 - MountPoints2{38525859-190c-11e1-ad99-002186088ce9}\Shell\AutoRun\command - “” = E:\AutoRun.exe

O33 - MountPoints2{6f779a81-190d-11e1-9e92-806e6f6e6963}\Shell - “” = AutoRun

O33 - MountPoints2{6f779a81-190d-11e1-9e92-806e6f6e6963}\Shell\AutoRun\command - “” = E:\AutoRun.exe

O33 - MountPoints2{e422d77d-487f-11e1-a68f-001e685f3395}\Shell - “” = AutoRun

O33 - MountPoints2{e422d77d-487f-11e1-a68f-001e685f3395}\Shell\AutoRun\command - “” = E:\AutoRun.exe

O33 - MountPoints2{e422d79c-487f-11e1-a68f-001e685f3395}\Shell - “” = AutoRun

O33 - MountPoints2{e422d79c-487f-11e1-a68f-001e685f3395}\Shell\AutoRun\command - “” = E:\AutoRun.exe

O33 - MountPoints2{e8c772b5-1619-11e1-a20d-002186088ce9}\Shell - “” = AutoRun

O33 - MountPoints2{e8c772b5-1619-11e1-a20d-002186088ce9}\Shell\AutoRun\command - “” = E:\Startme.exe

O33 - MountPoints2\D\Shell - “” = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - “” = D:\setup.exe

O33 - MountPoints2\E\Shell - “” = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - “” = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2012-02-09 14:10:13 | 000,584,192 | ---- | C] (OldTimer Tools) – C:\Users\user\Desktop\OTL.exe

[2012-02-09 14:01:35 | 000,000,000 | —D | C] – C:\Windows\ERDNT

[2012-02-09 14:01:30 | 000,000,000 | —D | C] – C:\Qoobox

[2012-02-09 08:03:40 | 000,000,000 | —D | C] – C:\Users\user\Desktop\telefon

[2012-02-08 16:15:42 | 000,000,000 | —D | C] – C:\Users\user\AppData\Local\Winamp Toolbar

[2012-02-08 16:10:08 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

[2012-02-08 16:10:07 | 001,892,184 | ---- | C] (Microsoft Corporation) – C:\Windows\System32\D3DX9_42.dll

[2012-02-08 16:09:22 | 000,000,000 | —D | C] – C:\Program Files\Winamp Detect

[2012-02-08 16:09:22 | 000,000,000 | —D | C] – C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa

[2012-02-08 16:09:16 | 000,000,000 | —D | C] – C:\ProgramData\Winamp Toolbar

[2012-02-08 16:09:16 | 000,000,000 | —D | C] – C:\Program Files\Winamp Toolbar

[2012-02-08 16:09:13 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Software Update Utility

[2012-02-08 16:08:44 | 000,000,000 | —D | C] – C:\Program Files\Common Files\PX Storage Engine

[2012-02-08 16:08:43 | 000,000,000 | —D | C] – C:\Users\user\AppData\Roaming\Winamp

[2012-02-08 16:08:43 | 000,000,000 | —D | C] – C:\Program Files\Winamp

[2012-02-08 16:07:40 | 012,497,336 | ---- | C] (Nullsoft, Inc.) – C:\Users\user\Desktop\winamp561_full_emusic-7plus_pl-pl.exe

[2012-02-08 08:07:23 | 000,000,000 | —D | C] – C:\Program Files\Adobe

[2012-02-08 07:39:58 | 000,000,000 | —D | C] – C:\Users\user\AppData\Roaming\Tibia

[2012-02-08 07:39:21 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia

[2012-02-08 07:38:47 | 031,015,180 | ---- | C] (CipSoft GmbH ) – C:\Users\user\Desktop\tibia944.exe

[2012-02-07 14:14:45 | 000,114,232 | ---- | C] (ArcaBit) – C:\Users\user\Desktop\ArcaClean_(programs.pl).exe

[2012-02-07 14:13:28 | 000,373,552 | ---- | C] (SweetIM Technologies, Ltd.) – C:\Users\user\Desktop\SweetImSetup.exe

[2012-02-05 09:06:14 | 000,000,000 | —D | C] – C:\Users\user\AppData\Roaming\NapiProjekt

[2012-02-04 17:38:21 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt

[2012-02-04 17:38:11 | 000,000,000 | —D | C] – C:\Program Files\NapiProjekt

[2012-02-04 17:38:11 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLConverter PRO

[2012-02-04 17:38:11 | 000,000,000 | —D | C] – C:\Users\user\AppData\Local\ALLConverter

[2012-02-04 17:38:10 | 000,000,000 | —D | C] – C:\Program Files\ALLConverter PRO

[2012-02-04 17:38:06 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer

[2012-02-04 17:37:57 | 000,000,000 | —D | C] – C:\Users\user\AppData\Local\ALLPlayer

[2012-02-04 17:37:56 | 000,000,000 | —D | C] – C:\Program Files\ALLPlayer

[2012-02-04 16:47:39 | 000,000,000 | —D | C] – C:\Users\user\Desktop\HellGround

[2012-02-04 14:54:28 | 000,000,000 | —D | C] – C:\Users\user\Desktop\jakiesZIPY

[2012-02-03 03:38:51 | 004,323,256 | ---- | C] (INCA Internet Co., Ltd.) – C:\Windows\System32\GameMon.des

[2012-02-03 03:38:37 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) – C:\Windows\System32\npptNT2.sys

[2012-02-03 03:38:10 | 000,000,000 | —D | C] – C:\Program Files\Common Files\INCA Shared

[2012-02-02 14:29:14 | 000,000,000 | —D | C] – C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft

[2012-02-02 14:28:05 | 000,000,000 | —D | C] – C:\Users\user\AppData\Local\assembly

[2012-02-02 14:27:36 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft

[2012-02-02 14:27:33 | 000,000,000 | —D | C] – C:\Program Files\NCSoft

[2012-02-02 14:26:54 | 000,000,000 | —D | C] – C:\Users\user\AppData\Roaming\InstallShield

[2012-02-02 14:26:42 | 006,523,640 | ---- | C] (Macrovision Corporation) – C:\Users\user\Desktop\NCsoftLauncherSetup.exe

[2012-02-01 04:08:25 | 000,000,000 | —D | C] – C:\Users\user\AppData\Roaming\foobar2000

[2012-02-01 04:08:20 | 000,000,000 | —D | C] – C:\Program Files\foobar2000

[2012-02-01 04:07:53 | 003,316,640 | ---- | C] (foobar2000.org) – C:\Users\user\Desktop\foobar2000_v1.1.10.exe

[2012-01-29 17:31:49 | 000,000,000 | —D | C] – C:\Users\user\Desktop\ZDJECIA

[2012-01-27 06:29:48 | 000,000,000 | —D | C] – C:\Program Files\XtremeZone

[2012-01-27 06:26:55 | 256,112,821 | ---- | C] (XtremeZone ) – C:\Users\user\Desktop\Setup_Counter_Strike_1.6_v2.exe

[2012-01-26 05:29:23 | 000,000,000 | —D | C] – C:\Users\user\Documents\America’s Army 3

[2012-01-26 04:51:15 | 000,000,000 | —D | C] – C:\Users\user\AppData\Local\PunkBuster

[2012-01-26 04:15:59 | 000,000,000 | —D | C] – C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012-01-26 04:06:24 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Steam

[2012-01-26 04:06:21 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012-01-26 04:06:21 | 000,000,000 | —D | C] – C:\Program Files\Steam

[2012-01-25 09:58:05 | 000,000,000 | —D | C] – C:\Users\user\AppData\Roaming\Nettalk

[2012-01-25 09:57:56 | 000,000,000 | —D | C] – C:\Program Files\Nettalk6

[2012-01-25 09:57:33 | 002,387,297 | ---- | C] (Nicolas Kruse ) – C:\Users\user\Desktop\setup.exe

[2012-01-24 09:19:30 | 000,000,000 | —D | C] – C:\Users\user\Desktop\Updates

[2012-01-24 08:12:51 | 000,000,000 | —D | C] – C:\Users\user\Desktop\JAREK - SMIECIE

[2012-01-24 05:28:49 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2012-01-24 04:22:00 | 000,000,000 | —D | C] – C:\Program Files\wow

[2012-01-24 04:15:13 | 000,000,000 | —D | C] – C:\Users\user\Desktop\original wow NIE WYWYALAC!