Witam proszę sprawdzić moje logi strasznie mi muli kompa i plików ukrytych nie mogę odsłonić
ComboFix 10-01-01.05 - matroxGTX 2010-01-02 21:31:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1648 [GMT 1:00]
Uruchomiony z: c:\documents and settings\matroxGTX\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezydentny antywirus jest aktywny
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dane aplikacji\1pdfdec.dll
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Cheat Engine\dbk32.sys
c:\recycler\2009-08-29
c:\recycler\2009-08-30
c:\windows\system32\28463
c:\windows\system32\28463\AKV.exe
c:\windows\system32\28463\USPU.001
c:\windows\system32\28463\USPU.005
c:\windows\system32\28463\USPU.006
c:\windows\system32\28463\USPU.007
c:\windows\system32\28463\USPU.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hack.exe
c:\windows\system32\ieuinit.inf
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\winio.vxd
c:\windows\system32\wpcap.dll
D:\Autorun.inf
----- BITS: Możliwe zainfekowane strony -----
hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Pliki utworzone od 2009-12-02 do 2010-01-02 )))))))))))))))))))))))))))))))
.
2010-01-02 14:38 . 2010-01-02 14:38 -------- d-----w- c:\program files\SnadBoy’s Revelation v2
2009-12-28 20:44 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-12-28 20:30 . 2009-12-28 20:30 -------- d-sh–w- c:\windows\ftpcache
2009-12-21 19:36 . 2009-12-21 19:36 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Gadu-Gadu
2009-12-21 17:01 . 2009-12-31 08:25 -------- d-----w- c:\documents and settings\matroxGTX\Gadu-Gadu
2009-12-21 17:01 . 2009-12-21 17:01 -------- d-----w- c:\program files\Gadu-Gadu
2009-12-20 14:41 . 2009-12-20 14:41 -------- d-----w- c:\program files\Luxand
2009-12-19 22:27 . 2009-12-19 22:27 -------- d-----w- c:\program files\Pixelgame
2009-12-19 22:27 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-19 22:04 . 2009-12-19 22:07 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-19 22:03 . 2009-12-19 22:27 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\DAEMON Tools Lite
2009-12-19 22:03 . 2009-12-19 22:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-12-19 19:05 . 2009-12-19 19:05 -------- d-----w- C:\Window Hide Tool3
2009-12-19 18:39 . 2009-12-19 18:39 -------- d-----w- C:\Download
2009-12-18 10:55 . 2009-12-18 10:55 16384 ----a-w- c:\program files\uik.dat
2009-12-18 10:54 . 2009-12-20 11:16 4 ----a-w- c:\program files\is.dat
2009-12-18 10:53 . 2009-12-18 10:53 -------- d-----w- c:\program files\Casino
2009-12-16 16:26 . 2009-12-16 16:26 -------- d-----w- c:\documents and settings\matroxGTX.gstreamer-0.10
2009-12-15 15:19 . 2009-12-15 15:20 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\FreeCall
2009-12-14 17:25 . 2009-12-14 17:33 -------- d-----w- c:\program files\StarCraft Brood War by Monikon
2009-12-14 16:33 . 2009-12-14 16:33 -------- d-----w- c:\program files\Borland
2009-12-14 16:33 . 2009-12-14 16:33 -------- d-----w- c:\program files\Alpha-Net
2009-12-09 09:56 . 2009-12-09 09:56 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2009-12-09 09:53 . 2009-12-09 09:53 -------- d-----w- c:\program files\PDF to DOC
2009-12-09 09:52 . 2009-12-09 09:52 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\CTdeveloping
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 20:34 . 2009-09-05 13:44 -------- d-----w- c:\program files\Cheat Engine
2010-01-02 20:25 . 2009-10-13 17:12 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Free Download Manager
2010-01-02 15:14 . 2009-08-12 09:18 -------- d-----w- c:\program files\DC++
2009-12-28 20:42 . 2009-08-12 09:12 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-12-28 12:40 . 2009-10-13 12:06 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\iPlus
2009-12-21 16:58 . 2009-09-05 06:52 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Nowe Gadu-Gadu
2009-12-19 22:07 . 2009-08-18 13:33 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-19 22:04 . 2009-08-18 13:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-19 18:38 . 2009-11-11 15:49 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-12-12 20:23 . 2009-12-01 15:34 -------- d-----w- c:\program files\ABBYY FineReader 10
2009-12-07 18:59 . 2009-11-08 11:31 -------- d-----w- c:\program files\ABBYY PDF Transformer 1.0
2009-12-05 13:35 . 2009-10-06 07:19 249856 ------w- c:\windows\Setup1.exe
2009-12-03 10:59 . 2009-12-03 10:55 -------- d-----w- c:\program files\Canon
2009-12-03 10:56 . 2009-12-03 10:56 -------- d–h--w- c:\documents and settings\All Users\Dane aplikacji\CanonBJ
2009-12-03 10:56 . 2009-12-03 10:56 -------- d–h--w- c:\program files\CanonBJ
2009-12-02 11:42 . 2009-08-17 07:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-02 06:49 . 2009-12-01 11:33 -------- d-----w- c:\program files\ToniArts
2009-12-01 16:07 . 2007-08-02 12:00 85334 ----a-w- c:\windows\system32\perfc015.dat
2009-12-01 16:07 . 2007-08-02 12:00 494082 ----a-w- c:\windows\system32\perfh015.dat
2009-12-01 15:51 . 2009-12-01 15:51 -------- d-----w- c:\program files\Makayama
2009-12-01 15:45 . 2009-12-01 15:45 -------- d-----w- c:\program files\Makayama Interactive
2009-12-01 15:36 . 2009-12-01 15:36 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\ABBYY
2009-12-01 15:34 . 2009-12-01 15:34 -------- d-----w- c:\program files\Common Files\ABBYY
2009-12-01 15:34 . 2009-11-08 11:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ABBYY
2009-12-01 15:16 . 2009-12-01 15:16 -------- d-----w- c:\program files\Softi Software
2009-12-01 15:16 . 2009-12-01 15:16 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Softi Software
2009-12-01 11:30 . 2009-12-01 11:30 -------- d-----w- c:\program files\Ss-Tools
2009-12-01 11:28 . 2009-08-12 16:25 -------- d—a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-12-01 11:26 . 2009-11-08 11:38 -------- d-----w- c:\program files\ElcomSoft
2009-12-01 11:25 . 2009-11-08 08:19 -------- d-----w- c:\program files\FlashGet
2009-12-01 11:24 . 2009-12-01 11:24 2560 ----a-w- c:\windows_MSRSTRT.EXE
2009-11-30 09:00 . 2009-11-30 09:00 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 20:22 . 2009-11-29 18:23 -------- d-----w- c:\program files\Metin2_PL
2009-11-29 17:33 . 2009-11-27 15:50 -------- d-----w- c:\program files\Passware
2009-11-29 17:33 . 2009-11-29 14:22 -------- d-----w- c:\program files\eSkiMoS R2
2009-11-29 17:26 . 2009-11-29 10:49 -------- d-----w- c:\program files\BramaSMS.pl
2009-11-29 17:23 . 2009-11-29 17:23 -------- d-----w- c:\program files\Muxe Inc
2009-11-29 15:39 . 2009-11-11 14:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-11-29 14:42 . 2009-11-29 14:42 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Teleca
2009-11-29 14:27 . 2009-11-29 14:25 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-11-29 14:26 . 2009-11-29 14:26 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Sony Ericsson
2009-11-29 14:26 . 2009-11-29 14:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Teleca
2009-11-29 14:26 . 2009-11-29 14:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2009-11-29 14:25 . 2009-11-29 14:25 -------- d-----w- c:\program files\Common Files\Sony Ericsson Shared
2009-11-29 14:25 . 2009-11-29 14:25 -------- d-----w- c:\program files\Sony Ericsson
2009-11-29 14:23 . 2009-11-29 14:23 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\eSkiMoS R2
2009-11-29 13:03 . 2009-11-29 13:01 63 ----a-w- c:\documents and settings\matroxGTX\jagex_runescape_preferences2.dat
2009-11-29 13:01 . 2009-11-29 13:00 38 ----a-w- c:\documents and settings\matroxGTX\jagex_runescape_preferences.dat
2009-11-27 16:40 . 2009-11-27 16:40 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\Softland
2009-11-27 16:32 . 2009-11-27 16:32 -------- d-----w- c:\program files\PDF-Convert
2009-11-27 16:01 . 2009-11-27 16:01 -------- d-----w- c:\program files\Adultpdf
2009-11-26 17:14 . 2009-11-26 17:13 -------- d-----w- c:\program files\ivo
2009-11-26 17:14 . 2009-11-26 17:05 -------- d-----w- c:\program files\Spambot
2009-11-24 15:39 . 2009-11-24 15:39 1093064 ----a-w- c:\documents and settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-19 11:15 . 2009-11-19 11:15 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\gtk-2.0
2009-11-19 11:11 . 2009-11-19 11:11 -------- d-----w- c:\program files\GIMP-2.0
2009-11-11 14:10 . 2009-11-11 14:10 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\OpenFM
2009-11-08 18:59 . 2009-11-08 18:59 -------- d-----w- c:\program files\BitComet
2009-11-08 16:32 . 2009-08-12 17:58 46832 ----a-w- c:\documents and settings\matroxGTX\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-11-07 10:19 . 2009-11-07 10:19 -------- d-----w- c:\program files\MSECache
2009-10-29 05:26 . 2007-08-02 12:00 669696 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 20:46 . 2009-10-27 20:50 1110868 ----a-w- c:\windows\system32\ie5unit.exe
2009-10-21 05:40 . 2007-08-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2007-08-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-08-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 09:13 . 2009-10-14 09:13 205312 ----a-w- c:\windows\system32\Darkorbit Uridium Hacker.exe
2009-10-13 10:34 . 2007-08-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2007-08-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2007-08-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-06 07:19 . 2009-10-06 07:19 73216 ------w- c:\windows\ST6UNST.EXE
2009-08-12 10:49 . 2009-08-12 10:49 56 --sh–r- c:\windows\system32\1A9411245D.sys
2009-08-12 10:49 . 2009-08-12 10:49 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]
“Free Download Manager”=“c:\program files\Free Download Manager\fdm.exe” [2009-01-31 3399727]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\DTLite.exe” [2009-10-30 369200]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-03-17 135168]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-03-17 159744]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-03-17 131072]
“THotkey”=“c:\program files\Toshiba\Toshiba Applet\thotkey.exe” [2008-03-04 360448]
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2009-02-06 2021400]
“RTHDCPL”=“RTHDCPL.EXE” [2007-04-10 16126464]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-09-01 149280]
“ElcomSoft DPR Server”=“c:\program files\ElcomSoft\Distributed Password Recovery\esdprs.exe” [2009-10-22 356008]
“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-06-13 528384]
“Bonus.SSR.FR10”=“c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe” [2009-12-01 939272]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 35696]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]
“CanonSolutionMenu”=“c:\program files\Canon\SolutionMenu\CNSLMAIN.exe” [2008-03-11 689488]
“CanonMyPrinter”=“c:\program files\Canon\MyPrinter\BJMyPrt.exe” [2008-03-04 1848648]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-06-04 20:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager]
2009-05-06 07:39 438272 ----a-w- c:\program files\iPlus\iPlusChecker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2009-10-05 11:38 1435240 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
2009-10-27 20:46 1110868 ----a-w- c:\windows\system32\ie5unit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Hide Tool]
2008-01-18 12:01 307200 ----a-w- c:\window hide tool\Window Hide Tool.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\DC++\DCPlusPlus.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe”=
“c:\Program Files\Free Download Manager\fdm.exe”=
“c:\Program Files\BitComet\BitComet.exe”=
“c:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe”=
“c:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe”=
“c:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe”=
“c:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe”=
“c:\Program Files\Metin2_PL\metin2.bin”=
“c:\Program Files\Metin2_PL\metin2client.bin”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“12121:TCP”= 12121:TCP:ElcomSoft Distributed Agents TCP Port
“12122:TCP”= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-08-18 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-08-18 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-18 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-09-29 809736]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm – c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-08-12 5888]
R3 RTL8187B;Realtek RTL8187B bezprzewodowe 802.11b/g 54Mbps USB 2.0 karta sieciowa ;c:\windows\system32\drivers\RTL8187B.sys [2009-08-12 288000]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service – c:\windows\system32\GameMon.des -service [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-08-28 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-08-28 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-08-28 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-08-28 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-11-29 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-08-28 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-11-29 97704]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://warofdragons.pl
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Pobierz plik wideo we Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Pobierz w Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Pobierz wszystkie pliki w Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Pobierz zaznaczone w Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\documents and settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\
FF - component: c:\documents and settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\matroxGTX\Dane aplikacji\Nowe Gadu-Gadu_userdata\npgg.1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
HKCU-Run-FreeCall - c:\program files\FreeCall.com\FreeCall\FreeCall.exe
HKLM-Run-USPU Agent - c:\windows\system32\28463\USPU.exe
MSConfigStartUp-ABBYY Screenshot Reader Bonus - c:\program files\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe
MSConfigStartUp-AntiFreeze - c:\program files\AntiFreeze\AntiFreeze.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-Nowe Gadu-Gadu - c:\program files\Nowe Gadu-Gadu\gg.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 21:38
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spow.sys hal.dll UNKNOWN [0x8A614938]
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk - CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI - ACPI.sys @ 0xb9e4bcb8
\Driver\atapi - 0x89aa9140
\Driver\iaStor - iaStor.sys @ 0xb9d5ed10
IoDeviceObjectType - DeleteProcedure - ntkrnlpa.exe @ 0x80579022
ParseProcedure - ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 - DeleteProcedure - ntkrnlpa.exe @ 0x80579022
ParseProcedure - ntkrnlpa.exe @ 0x80577c84
NDIS: - SendCompleteHandler - 0x0
PacketIndicateHandler - 0x0
SendHandler - 0x0
Warning: possible MBR rootkit infection !
user kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
“ImagePath”=“c:\windows\system32\GameMon.des -service”
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- ‘lsass.exe’(1052)
-
-
-
-
-
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\windows\system32\PrxerNsp.dll
c:\windows\system32\PrxerDrv.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
-
-
-
-
-
-
- ‘explorer.exe’(1160)
-
-
-
-
-
c:\program files\Gadu-Gadu\ggwhook.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Czas ukończenia: 2010-01-02 21:41:28 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-01-02 20:41
Przed: 83 083 550 720 bajtów wolnych
Po: 90 036 215 808 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
-
- End Of File - - 46DC4EC8D209A7960CF0B99C9E9DEC09