Pomoc w usunięciu trojana

anhelus · 2 Styczeń 2010 21:18

Witam proszę sprawdzić moje logi strasznie mi muli kompa i plików ukrytych nie mogę odsłonić

ComboFix 10-01-01.05 - matroxGTX 2010-01-02 21:31:59.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1648 [GMT 1:00]

Uruchomiony z: c:\documents and settings\matroxGTX\Pulpit\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Rezydentny antywirus jest aktywny

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Dane aplikacji\1pdfdec.dll

c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat

c:\program files\Cheat Engine\dbk32.sys

c:\recycler\2009-08-29

c:\recycler\2009-08-30

c:\windows\system32\28463

c:\windows\system32\28463\AKV.exe

c:\windows\system32\28463\USPU.001

c:\windows\system32\28463\USPU.005

c:\windows\system32\28463\USPU.006

c:\windows\system32\28463\USPU.007

c:\windows\system32\28463\USPU.exe

c:\windows\system32\drivers\npf.sys

c:\windows\system32\hack.exe

c:\windows\system32\ieuinit.inf

c:\windows\system32\Packet.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\winio.vxd

c:\windows\system32\wpcap.dll

D:\Autorun.inf

----- BITS: Możliwe zainfekowane strony -----

hxxp://armmf.adobe.com

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

((((((((((((((((((((((((( Pliki utworzone od 2009-12-02 do 2010-01-02 )))))))))))))))))))))))))))))))

.

2010-01-02 14:38 . 2010-01-02 14:38 -------- d-----w- c:\program files\SnadBoy’s Revelation v2

2009-12-28 20:44 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll

2009-12-28 20:30 . 2009-12-28 20:30 -------- d-sh–w- c:\windows\ftpcache

2009-12-21 19:36 . 2009-12-21 19:36 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Gadu-Gadu

2009-12-21 17:01 . 2009-12-31 08:25 -------- d-----w- c:\documents and settings\matroxGTX\Gadu-Gadu

2009-12-21 17:01 . 2009-12-21 17:01 -------- d-----w- c:\program files\Gadu-Gadu

2009-12-20 14:41 . 2009-12-20 14:41 -------- d-----w- c:\program files\Luxand

2009-12-19 22:27 . 2009-12-19 22:27 -------- d-----w- c:\program files\Pixelgame

2009-12-19 22:27 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe

2009-12-19 22:04 . 2009-12-19 22:07 -------- d-----w- c:\program files\DAEMON Tools Lite

2009-12-19 22:03 . 2009-12-19 22:27 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\DAEMON Tools Lite

2009-12-19 22:03 . 2009-12-19 22:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite

2009-12-19 19:05 . 2009-12-19 19:05 -------- d-----w- C:\Window Hide Tool3

2009-12-19 18:39 . 2009-12-19 18:39 -------- d-----w- C:\Download

2009-12-18 10:55 . 2009-12-18 10:55 16384 ----a-w- c:\program files\uik.dat

2009-12-18 10:54 . 2009-12-20 11:16 4 ----a-w- c:\program files\is.dat

2009-12-18 10:53 . 2009-12-18 10:53 -------- d-----w- c:\program files\Casino

2009-12-16 16:26 . 2009-12-16 16:26 -------- d-----w- c:\documents and settings\matroxGTX.gstreamer-0.10

2009-12-15 15:19 . 2009-12-15 15:20 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\FreeCall

2009-12-14 17:25 . 2009-12-14 17:33 -------- d-----w- c:\program files\StarCraft Brood War by Monikon

2009-12-14 16:33 . 2009-12-14 16:33 -------- d-----w- c:\program files\Borland

2009-12-14 16:33 . 2009-12-14 16:33 -------- d-----w- c:\program files\Alpha-Net

2009-12-09 09:56 . 2009-12-09 09:56 -------- d-----w- c:\program files\Free PDF to Word Doc Converter

2009-12-09 09:53 . 2009-12-09 09:53 -------- d-----w- c:\program files\PDF to DOC

2009-12-09 09:52 . 2009-12-09 09:52 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\CTdeveloping

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-02 20:34 . 2009-09-05 13:44 -------- d-----w- c:\program files\Cheat Engine

2010-01-02 20:25 . 2009-10-13 17:12 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Free Download Manager

2010-01-02 15:14 . 2009-08-12 09:18 -------- d-----w- c:\program files\DC++

2009-12-28 20:42 . 2009-08-12 09:12 -------- d–h--w- c:\program files\InstallShield Installation Information

2009-12-28 12:40 . 2009-10-13 12:06 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\iPlus

2009-12-21 16:58 . 2009-09-05 06:52 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Nowe Gadu-Gadu

2009-12-19 22:07 . 2009-08-18 13:33 -------- d-----w- c:\program files\DAEMON Tools Toolbar

2009-12-19 22:04 . 2009-08-18 13:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-12-19 18:38 . 2009-11-11 15:49 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-12-12 20:23 . 2009-12-01 15:34 -------- d-----w- c:\program files\ABBYY FineReader 10

2009-12-07 18:59 . 2009-11-08 11:31 -------- d-----w- c:\program files\ABBYY PDF Transformer 1.0

2009-12-05 13:35 . 2009-10-06 07:19 249856 ------w- c:\windows\Setup1.exe

2009-12-03 10:59 . 2009-12-03 10:55 -------- d-----w- c:\program files\Canon

2009-12-03 10:56 . 2009-12-03 10:56 -------- d–h--w- c:\documents and settings\All Users\Dane aplikacji\CanonBJ

2009-12-03 10:56 . 2009-12-03 10:56 -------- d–h--w- c:\program files\CanonBJ

2009-12-02 11:42 . 2009-08-17 07:57 -------- d-----w- c:\program files\Common Files\Adobe

2009-12-02 06:49 . 2009-12-01 11:33 -------- d-----w- c:\program files\ToniArts

2009-12-01 16:07 . 2007-08-02 12:00 85334 ----a-w- c:\windows\system32\perfc015.dat

2009-12-01 16:07 . 2007-08-02 12:00 494082 ----a-w- c:\windows\system32\perfh015.dat

2009-12-01 15:51 . 2009-12-01 15:51 -------- d-----w- c:\program files\Makayama

2009-12-01 15:45 . 2009-12-01 15:45 -------- d-----w- c:\program files\Makayama Interactive

2009-12-01 15:36 . 2009-12-01 15:36 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\ABBYY

2009-12-01 15:34 . 2009-12-01 15:34 -------- d-----w- c:\program files\Common Files\ABBYY

2009-12-01 15:34 . 2009-11-08 11:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ABBYY

2009-12-01 15:16 . 2009-12-01 15:16 -------- d-----w- c:\program files\Softi Software

2009-12-01 15:16 . 2009-12-01 15:16 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Softi Software

2009-12-01 11:30 . 2009-12-01 11:30 -------- d-----w- c:\program files\Ss-Tools

2009-12-01 11:28 . 2009-08-12 16:25 -------- d—a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-12-01 11:26 . 2009-11-08 11:38 -------- d-----w- c:\program files\ElcomSoft

2009-12-01 11:25 . 2009-11-08 08:19 -------- d-----w- c:\program files\FlashGet

2009-12-01 11:24 . 2009-12-01 11:24 2560 ----a-w- c:\windows_MSRSTRT.EXE

2009-11-30 09:00 . 2009-11-30 09:00 -------- d-----w- c:\program files\MSXML 4.0

2009-11-29 20:22 . 2009-11-29 18:23 -------- d-----w- c:\program files\Metin2_PL

2009-11-29 17:33 . 2009-11-27 15:50 -------- d-----w- c:\program files\Passware

2009-11-29 17:33 . 2009-11-29 14:22 -------- d-----w- c:\program files\eSkiMoS R2

2009-11-29 17:26 . 2009-11-29 10:49 -------- d-----w- c:\program files\BramaSMS.pl

2009-11-29 17:23 . 2009-11-29 17:23 -------- d-----w- c:\program files\Muxe Inc

2009-11-29 15:39 . 2009-11-11 14:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM

2009-11-29 14:42 . 2009-11-29 14:42 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Teleca

2009-11-29 14:27 . 2009-11-29 14:25 -------- d-----w- c:\program files\Common Files\Teleca Shared

2009-11-29 14:26 . 2009-11-29 14:26 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\Sony Ericsson

2009-11-29 14:26 . 2009-11-29 14:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Teleca

2009-11-29 14:26 . 2009-11-29 14:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson

2009-11-29 14:25 . 2009-11-29 14:25 -------- d-----w- c:\program files\Common Files\Sony Ericsson Shared

2009-11-29 14:25 . 2009-11-29 14:25 -------- d-----w- c:\program files\Sony Ericsson

2009-11-29 14:23 . 2009-11-29 14:23 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\eSkiMoS R2

2009-11-29 13:03 . 2009-11-29 13:01 63 ----a-w- c:\documents and settings\matroxGTX\jagex_runescape_preferences2.dat

2009-11-29 13:01 . 2009-11-29 13:00 38 ----a-w- c:\documents and settings\matroxGTX\jagex_runescape_preferences.dat

2009-11-27 16:40 . 2009-11-27 16:40 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\Softland

2009-11-27 16:32 . 2009-11-27 16:32 -------- d-----w- c:\program files\PDF-Convert

2009-11-27 16:01 . 2009-11-27 16:01 -------- d-----w- c:\program files\Adultpdf

2009-11-26 17:14 . 2009-11-26 17:13 -------- d-----w- c:\program files\ivo

2009-11-26 17:14 . 2009-11-26 17:05 -------- d-----w- c:\program files\Spambot

2009-11-24 15:39 . 2009-11-24 15:39 1093064 ----a-w- c:\documents and settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

2009-11-19 11:15 . 2009-11-19 11:15 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\gtk-2.0

2009-11-19 11:11 . 2009-11-19 11:11 -------- d-----w- c:\program files\GIMP-2.0

2009-11-11 14:10 . 2009-11-11 14:10 -------- d-----w- c:\documents and settings\matroxGTX\Dane aplikacji\OpenFM

2009-11-08 18:59 . 2009-11-08 18:59 -------- d-----w- c:\program files\BitComet

2009-11-08 16:32 . 2009-08-12 17:58 46832 ----a-w- c:\documents and settings\matroxGTX\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-11-07 10:19 . 2009-11-07 10:19 -------- d-----w- c:\program files\MSECache

2009-10-29 05:26 . 2007-08-02 12:00 669696 ----a-w- c:\windows\system32\wininet.dll

2009-10-27 20:46 . 2009-10-27 20:50 1110868 ----a-w- c:\windows\system32\ie5unit.exe

2009-10-21 05:40 . 2007-08-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:40 . 2007-08-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2007-08-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-14 09:13 . 2009-10-14 09:13 205312 ----a-w- c:\windows\system32\Darkorbit Uridium Hacker.exe

2009-10-13 10:34 . 2007-08-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:40 . 2007-08-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:40 . 2007-08-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-06 07:19 . 2009-10-06 07:19 73216 ------w- c:\windows\ST6UNST.EXE

2009-08-12 10:49 . 2009-08-12 10:49 56 --sh–r- c:\windows\system32\1A9411245D.sys

2009-08-12 10:49 . 2009-08-12 10:49 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows$NtServicePackUninstall$\atapi.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]

“Free Download Manager”=“c:\program files\Free Download Manager\fdm.exe” [2009-01-31 3399727]

“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\DTLite.exe” [2009-10-30 369200]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-03-17 135168]

“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-03-17 159744]

“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-03-17 131072]

“THotkey”=“c:\program files\Toshiba\Toshiba Applet\thotkey.exe” [2008-03-04 360448]

“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2009-02-06 2021400]

“RTHDCPL”=“RTHDCPL.EXE” [2007-04-10 16126464]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-09-01 149280]

“ElcomSoft DPR Server”=“c:\program files\ElcomSoft\Distributed Password Recovery\esdprs.exe” [2009-10-22 356008]

“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-06-13 528384]

“Bonus.SSR.FR10”=“c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe” [2009-12-01 939272]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 35696]

“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]

“CanonSolutionMenu”=“c:\program files\Canon\SolutionMenu\CNSLMAIN.exe” [2008-03-11 689488]

“CanonMyPrinter”=“c:\program files\Canon\MyPrinter\BJMyPrt.exe” [2008-03-04 1848648]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]

2009-06-04 20:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager]

2009-05-06 07:39 438272 ----a-w- c:\program files\iPlus\iPlusChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

2009-10-05 11:38 1435240 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]

2009-10-27 20:46 1110868 ----a-w- c:\windows\system32\ie5unit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Hide Tool]

2008-01-18 12:01 307200 ----a-w- c:\window hide tool\Window Hide Tool.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\DC++\DCPlusPlus.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“c:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe”=

“c:\Program Files\Free Download Manager\fdm.exe”=

“c:\Program Files\BitComet\BitComet.exe”=

“c:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe”=

“c:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe”=

“c:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe”=

“c:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe”=

“c:\Program Files\Metin2_PL\metin2.bin”=

“c:\Program Files\Metin2_PL\metin2client.bin”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“12121:TCP”= 12121:TCP:ElcomSoft Distributed Agents TCP Port

“12122:TCP”= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-08-18 160640]

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-08-18 5248]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-18 691696]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-09-29 809736]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm – c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-08-12 5888]

R3 RTL8187B;Realtek RTL8187B bezprzewodowe 802.11b/g 54Mbps USB 2.0 karta sieciowa ;c:\windows\system32\drivers\RTL8187B.sys [2009-08-12 288000]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service – c:\windows\system32\GameMon.des -service [?]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-08-28 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-08-28 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-08-28 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-08-28 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-11-29 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-08-28 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-11-29 97704]

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://warofdragons.pl

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Pobierz plik wideo we Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Pobierz w Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Pobierz wszystkie pliki w Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Pobierz zaznaczone w Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

LSP: %SystemRoot%\system32\PrxerDrv.dll

LSP: c:\progra~1\SPEEDB~1\sblsp.dll

FF - ProfilePath - c:\documents and settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\

FF - component: c:\documents and settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - plugin: c:\documents and settings\matroxGTX\Dane aplikacji\Nowe Gadu-Gadu_userdata\npgg.1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - USUNIĘTO PUSTE WPISY - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

HKCU-Run-FreeCall - c:\program files\FreeCall.com\FreeCall\FreeCall.exe

HKLM-Run-USPU Agent - c:\windows\system32\28463\USPU.exe

MSConfigStartUp-ABBYY Screenshot Reader Bonus - c:\program files\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe

MSConfigStartUp-AntiFreeze - c:\program files\AntiFreeze\AntiFreeze.exe

MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

MSConfigStartUp-Nowe Gadu-Gadu - c:\program files\Nowe Gadu-Gadu\gg.exe

MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-02 21:38

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spow.sys hal.dll UNKNOWN [0x8A614938]

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk - CLASSPNP.SYS @ 0xba0ecf28

\Driver\ACPI - ACPI.sys @ 0xb9e4bcb8

\Driver\atapi - 0x89aa9140

\Driver\iaStor - iaStor.sys @ 0xb9d5ed10

IoDeviceObjectType - DeleteProcedure - ntkrnlpa.exe @ 0x80579022

ParseProcedure - ntkrnlpa.exe @ 0x80577c84

\Device\Harddisk0\DR0 - DeleteProcedure - ntkrnlpa.exe @ 0x80579022

ParseProcedure - ntkrnlpa.exe @ 0x80577c84

NDIS: - SendCompleteHandler - 0x0

PacketIndicateHandler - 0x0

SendHandler - 0x0

Warning: possible MBR rootkit infection !

user kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

“ImagePath”=“c:\windows\system32\GameMon.des -service”

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - ‘lsass.exe’(1052)

c:\program files\SpeedBit Video Accelerator\Accelerator.dll

c:\program files\SpeedBit Video Accelerator\CommPipe.dll

c:\windows\system32\PrxerNsp.dll

c:\windows\system32\PrxerDrv.dll

c:\program files\SpeedBit Video Accelerator\Collector.dll

- - - - ‘explorer.exe’(1160)

c:\program files\Gadu-Gadu\ggwhook.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Czas ukończenia: 2010-01-02 21:41:28 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2010-01-02 20:41

Przed: 83 083 550 720 bajtów wolnych

Po: 90 036 215 808 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect

- End Of File - - 46DC4EC8D209A7960CF0B99C9E9DEC09

matmaxalez · 2 Styczeń 2010 22:28

daj logi z otl

Agaton · 3 Styczeń 2010 07:55

anhelus ,

Proszę zapoznać się z tematem TYTUŁOWANIE TEMATÓW DOTYCZĄCYCH LOGÓW i poprawić tytuł na konkretny. W celu dokonania zaleconej korekty proszę użyć przycisku Edytuj przy poście otwierającym ten temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

Wklejanie logów na forum - przeczytaj i zastosuj się do zaleceń

anhelus · 3 Styczeń 2010 09:19

Temat juz zmieniony

Prosze logi z otl

OTL logfile created on: 2010-01-03 10:32:51 - Run 2

OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\matroxGTX\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 117,68 Gb Total Space | 83,92 Gb Free Space | 71,31% Space Free | Partition Type: NTFS

Drive D: | 115,20 Gb Total Space | 17,49 Gb Free Space | 15,18% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: komputer454

Current User Name: matroxGTX

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-01-03 10:20:14 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\matroxGTX\Pulpit\OTL.exe

PRC - [2009-12-16 13:27:36 | 00,908,248 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-10-30 12:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) – C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2009-10-22 10:27:36 | 00,356,008 | ---- | M] (Elcomsoft Co. Ltd.) – C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe

PRC - [2009-10-05 12:38:16 | 00,300,656 | ---- | M] (Speedbit Ltd.) – C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe

PRC - [2009-10-05 12:38:16 | 00,140,920 | ---- | M] (Speedbit Ltd.) – C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

PRC - [2009-09-29 18:18:41 | 00,809,736 | ---- | M] (ABBYY) – C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe

PRC - [2009-09-01 19:11:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009-09-01 19:11:18 | 00,386,872 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jucheck.exe

PRC - [2009-09-01 19:11:18 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-02-06 13:23:36 | 00,727,720 | ---- | M] (ESET) – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009-02-06 13:23:12 | 02,021,400 | ---- | M] (ESET) – C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2009-01-31 02:45:14 | 03,399,727 | ---- | M] (FreeDownloadManager.ORG) – C:\Program Files\Free Download Manager\fdm.exe

PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2008-03-20 11:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) – C:\Program Files\Gadu-Gadu\gg.exe

PRC - [2008-03-17 07:05:34 | 00,159,744 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\hkcmd.exe

PRC - [2008-03-17 07:05:32 | 00,135,168 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\igfxtray.exe

PRC - [2008-03-17 07:05:08 | 00,131,072 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\igfxpers.exe

PRC - [2008-03-17 07:04:54 | 00,249,856 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\igfxsrvc.exe

PRC - [2008-03-04 11:12:04 | 00,360,448 | ---- | M] (TOSHIBA) – C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe

PRC - [2008-03-04 02:06:00 | 01,848,648 | ---- | M] (CANON INC.) – C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2007-07-11 15:57:42 | 00,880,640 | R— | M] (Sony Ericsson Mobile Communications AB) – C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

PRC - [2007-06-13 08:16:02 | 00,528,384 | R— | M] () – C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

PRC - [2007-04-10 13:28:44 | 16,126,464 | R— | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\RTHDCPL.exe

PRC - [2007-04-10 07:45:20 | 00,035,840 | ---- | M] (TOSHIBA Corp.) – C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

PRC - [2007-03-16 03:23:20 | 00,983,040 | R— | M] (Teleca AB) – C:\Program Files\Common Files\Teleca Shared\Generic.exe

========== Modules (SafeList) ==========

MOD - [2010-01-03 10:20:14 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\matroxGTX\Pulpit\OTL.exe

MOD - [2006-12-21 13:30:44 | 00,102,400 | ---- | M] (Gadu-Gadu S.A.) – C:\Program Files\Gadu-Gadu\ggwhook.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-10-05 12:38:16 | 00,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] – C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe – (VideoAcceleratorService)

SRV - [2009-09-29 18:18:41 | 00,809,736 | ---- | M] (ABBYY) [Auto | Running] – C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe – (ABBYY.Licensing.FineReader.Professional.10.0)

SRV - [2009-09-01 19:11:18 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService)

SRV - [2009-07-14 20:19:00 | 03,280,192 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] – C:\WINDOWS\System32\GameMon.des – (npggsvc)

SRV - [2009-02-06 13:27:06 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe – (EhttpSrv)

SRV - [2009-02-06 13:23:36 | 00,727,720 | ---- | M] (ESET) [Auto | Running] – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe – (ekrn)

SRV - [2007-04-10 07:45:20 | 00,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] – C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe – (TAPPSRV)

SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE – (ose)

========== Driver Services (SafeList) ==========

DRV - [2009-12-19 23:04:24 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\sptd.sys – (sptd)

DRV - [2009-04-08 09:43:13 | 00,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\iaStor.sys – (iaStor)

DRV - [2009-03-17 15:18:38 | 00,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ewusbmdm.sys – (hwdatacard)

DRV - [2009-02-06 13:24:24 | 00,093,336 | ---- | M] (ESET) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\epfwtdir.sys – (epfwtdir)

DRV - [2009-02-06 13:23:18 | 00,106,208 | ---- | M] (ESET) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\ehdrv.sys – (ehdrv)

DRV - [2009-02-06 13:19:52 | 00,113,448 | ---- | M] (ESET) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\eamon.sys – (eamon)

DRV - [2008-10-15 06:51:20 | 00,985,856 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HSF_DPV.sys – (HSF_DPV)

DRV - [2008-10-15 06:50:42 | 00,210,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HSFHWAZL.sys – (HSFHWAZL)

DRV - [2008-10-15 06:50:38 | 00,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HSF_CNXT.sys – (winachsf)

DRV - [2008-04-13 19:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] – C:\WINDOWS\system32\drivers\nwlnkipx.sys – (NwlnkIpx)

DRV - [2008-04-13 19:40:30 | 00,096,512 | ---- | M] () [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\atapi.sys – (atapi)

DRV - [2008-04-13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\secdrv.sys – (Secdrv)

DRV - [2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)

DRV - [2008-03-17 07:45:50 | 05,955,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\igxpmp32.sys – (ialm)

DRV - [2008-01-03 20:10:16 | 00,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rtenicxp.sys – (RTLE8023xp)

DRV - [2007-12-26 09:20:18 | 00,288,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RTL8187B.sys – (RTL8187B)

DRV - [2007-08-02 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\nwlnknb.sys – (NwlnkNb)

DRV - [2007-08-02 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\nwlnkspx.sys – (NwlnkSpx)

DRV - [2007-08-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ptilink.sys – (Ptilink)

DRV - [2007-06-19 09:51:18 | 00,021,928 | R— | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s816nd5.sys – (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)

DRV - [2007-06-19 08:51:20 | 00,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s816mdm.sys – (s816mdm)

DRV - [2007-06-19 08:51:18 | 00,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s816mgmt.sys – (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)

DRV - [2007-06-19 08:51:18 | 00,097,704 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s816unic.sys – (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)

DRV - [2007-06-19 08:51:18 | 00,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s816obex.sys – (s816obex)

DRV - [2007-06-19 08:51:18 | 00,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s816mdfl.sys – (s816mdfl)

DRV - [2007-06-19 08:51:16 | 00,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s816bus.sys – (s816bus) Sony Ericsson Device 816 driver (WDM)

DRV - [2007-04-10 17:04:40 | 04,397,568 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007-04-04 07:56:48 | 00,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\FwLnk.sys – (FwLnk)

DRV - [2006-06-19 04:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\mdmxsdk.sys – (mdmxsdk)

DRV - [2004-04-30 08:37:02 | 00,160,640 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\a347bus.sys – (a347bus)

DRV - [2004-04-30 08:33:00 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\a347scsi.sys – (a347scsi)

DRV - [2001-08-17 20:53:42 | 00,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\loop.sys – (msloop)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://warofdragons.pl

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2

FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js…extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009-12-19 12:24:41 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-16 13:27:41 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-08-12 10:48:18 | 00,000,000 | —D | M]

[2009-10-23 16:21:37 | 00,000,000 | —D | M] – C:\Documents and Settings\matroxGTX\Dane aplikacji\Mozilla\Extensions

[2009-12-30 16:26:07 | 00,000,000 | —D | M] – C:\Documents and Settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\extensions

[2009-12-12 21:26:20 | 00,000,000 | —D | M] (Adblock Plus) – C:\Documents and Settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009-12-19 23:07:12 | 00,000,000 | —D | M] – C:\Documents and Settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\extensions\DTToolbar@toolbarnet.com

[2009-12-19 23:07:05 | 00,002,055 | ---- | M] () – C:\Documents and Settings\matroxGTX\Dane aplikacji\Mozilla\Firefox\Profiles\gkfh0uec.default\searchplugins\daemon-search.xml

[2009-10-23 16:21:28 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions

[2009-08-24 20:19:13 | 00,002,767 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-08-24 20:19:13 | 00,001,406 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-08-24 20:19:13 | 00,000,917 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-08-24 20:19:13 | 00,000,858 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-08-24 20:19:13 | 00,001,183 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-08-24 20:19:13 | 00,001,683 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\matroxGTX\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll (GG Network S.A.)

O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM…\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O4 - HKLM…\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM…\Run: [bonus.SSR.FR10] C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)

O4 - HKLM…\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM…\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM…\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM…\Run: [ElcomSoft DPR Server] C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe (Elcomsoft Co. Ltd.)

O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM…\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM…\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM…\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)

O4 - HKCU…\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU…\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)

O4 - HKCU…\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Pobierz w Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll ( )

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)

O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta … s-i586.cab (Java Plug-in 1.5.0_12)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc … wflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.195.232.72 91.195.232.73

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-08-12 10:04:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O33 - MountPoints2{72cfa70a-b7f1-11de-9bd5-0021634bf40f}\Shell - “” = AutoRun

O33 - MountPoints2{72cfa70a-b7f1-11de-9bd5-0021634bf40f}\Shell\AutoRun\command - “” = G:\AutoRun.exe – File not found

O33 - MountPoints2{9a79913e-b80d-11de-9bd9-0021634bf40f}\Shell - “” = AutoRun

O33 - MountPoints2{9a79913e-b80d-11de-9bd9-0021634bf40f}\Shell\AutoRun\command - “” = G:\AutoRun.exe – File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] – “%1” %*

O35 - exefile [open] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2010-01-03 10:20:03 | 00,513,536 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\matroxGTX\Pulpit\OTL.exe

[2010-01-02 21:46:34 | 00,000,000 | -H-D | C] – C:\WINDOWS\System32\GroupPolicy

[2010-01-02 21:30:14 | 00,000,000 | RHSD | C] – C:\cmdcons

[2010-01-02 21:29:24 | 00,031,232 | ---- | C] (NirSoft) – C:\WINDOWS\NIRCMD.exe

[2010-01-02 21:29:22 | 00,161,792 | ---- | C] (SteelWerX) – C:\WINDOWS\SWREG.exe

[2010-01-02 21:29:21 | 00,212,480 | ---- | C] (SteelWerX) – C:\WINDOWS\SWXCACLS.exe

[2010-01-02 21:29:21 | 00,136,704 | ---- | C] (SteelWerX) – C:\WINDOWS\SWSC.exe

[2010-01-02 21:29:06 | 00,000,000 | —D | C] – C:\WINDOWS\ERDNT

[2010-01-02 21:27:13 | 00,000,000 | —D | C] – C:\Qoobox

[2010-01-02 15:38:42 | 00,000,000 | —D | C] – C:\Program Files\SnadBoy’s Revelation v2

[2009-12-28 21:45:15 | 00,266,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_8.dll

[2009-12-28 21:45:15 | 00,018,280 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\x3daudio1_2.dll

[2009-12-28 21:45:13 | 01,124,720 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DCompiler_34.dll

[2009-12-28 21:45:13 | 00,443,752 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx10_34.dll

[2009-12-28 21:45:12 | 03,497,832 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_34.dll

[2009-12-28 21:45:11 | 00,081,768 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xinput1_3.dll

[2009-12-28 21:45:09 | 00,261,480 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_7.dll

[2009-12-28 21:45:07 | 01,123,696 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DCompiler_33.dll

[2009-12-28 21:45:07 | 00,443,752 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx10_33.dll

[2009-12-28 21:45:03 | 03,495,784 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_33.dll

[2009-12-28 21:45:02 | 00,255,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_6.dll

[2009-12-28 21:45:01 | 00,251,672 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_5.dll

[2009-12-28 21:45:00 | 03,426,072 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_32.dll

[2009-12-28 21:44:59 | 02,414,360 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_31.dll

[2009-12-28 21:44:59 | 00,237,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_4.dll

[2009-12-28 21:44:59 | 00,236,824 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_3.dll

[2009-12-28 21:44:59 | 00,062,744 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xinput1_2.dll

[2009-12-28 21:44:59 | 00,015,128 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\x3daudio1_1.dll

[2009-12-28 21:44:58 | 00,230,168 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_2.dll

[2009-12-28 21:44:58 | 00,229,584 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_1.dll

[2009-12-28 21:44:58 | 00,062,672 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xinput1_1.dll

[2009-12-28 21:44:51 | 02,388,176 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_30.dll

[2009-12-28 21:44:51 | 00,230,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_0.dll

[2009-12-28 21:44:51 | 00,014,032 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\x3daudio1_0.dll

[2009-12-28 21:44:50 | 02,332,368 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_29.dll

[2009-12-28 21:44:50 | 02,323,664 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_28.dll

[2009-12-28 21:44:50 | 02,319,568 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_27.dll

[2009-12-28 21:44:50 | 00,061,136 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xinput9_1_0.dll

[2009-12-28 21:44:49 | 02,337,488 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_25.dll

[2009-12-28 21:44:49 | 02,297,552 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_26.dll

[2009-12-28 21:44:47 | 02,222,800 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_24.dll

[2009-12-28 21:30:23 | 00,000,000 | -HSD | C] – C:\WINDOWS\ftpcache

[2009-12-27 11:57:23 | 00,000,000 | —D | C] – C:\Documents and Settings\matroxGTX\Pulpit\spambot2

[2009-12-21 20:36:19 | 00,000,000 | —D | C] – C:\Documents and Settings\matroxGTX\Dane aplikacji\Gadu-Gadu

[2009-12-21 18:01:30 | 00,000,000 | —D | C] – C:\Documents and Settings\matroxGTX\Gadu-Gadu

[2009-12-21 18:01:24 | 00,000,000 | —D | C] – C:\Program Files\Gadu-Gadu

[2009-12-20 15:41:41 | 00,000,000 | —D | C] – C:\Program Files\Luxand

[2009-12-20 15:16:04 | 00,000,000 | —D | C] – C:\Documents and Settings\matroxGTX\Pulpit\FRATER

[2009-12-19 23:27:18 | 00,000,000 | —D | C] – C:\Program Files\Pixelgame

[2009-12-19 23:27:13 | 00,306,688 | ---- | C] (InstallShield Software Corporation) – C:\WINDOWS\IsUninst.exe

[2009-12-19 23:04:16 | 00,000,000 | —D | C] – C:\Program Files\DAEMON Tools Lite

[2009-12-19 23:03:48 | 00,000,000 | —D | C] – C:\Documents and Settings\matroxGTX\Dane aplikacji\DAEMON Tools Lite

[2009-12-19 23:03:40 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2009-12-19 20:05:10 | 00,000,000 | —D | C] – C:\Window Hide Tool3

[2009-12-19 19:39:38 | 00,000,000 | —D | C] – C:\Download

[2009-12-18 11:53:36 | 00,000,000 | —D | C] – C:\Program Files\Casino

[2009-12-16 17:26:25 | 00,000,000 | —D | C] – C:\Documents and Settings\matroxGTX.gstreamer-0.10

[2009-12-15 16:19:00 | 00,000,000 | —D | C] – C:\Documents and Settings\matroxGTX\Dane aplikacji\FreeCall

[2009-12-14 18:25:09 | 00,000,000 | —D | C] – C:\Program Files\StarCraft Brood War by Monikon

[2009-12-14 17:33:38 | 00,000,000 | —D | C] – C:\Program Files\Borland

[2009-12-14 17:33:38 | 00,000,000 | —D | C] – C:\Program Files\Alpha-Net

[2009-12-09 10:56:43 | 00,000,000 | —D | C] – C:\Program Files\Free PDF to Word Doc Converter

[2009-12-09 10:53:14 | 00,000,000 | —D | C] – C:\Program Files\PDF to DOC

[2009-12-09 10:52:59 | 00,000,000 | —D | C] – C:\Documents and Settings\matroxGTX\Dane aplikacji\CTdeveloping

[2009-12-05 14:35:09 | 00,073,216 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\temp.000

[2009-11-27 17:40:52 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Softland

[2009-10-31 19:18:17 | 00,061,440 | ---- | C] ( ) – C:\WINDOWS\System32\PrxerNsp.dll

[2009-08-18 14:55:45 | 00,160,640 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\a347bus.sys

[2009-08-18 14:55:45 | 00,005,248 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\a347scsi.sys

[2009-08-17 08:37:17 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-08-12 10:28:29 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET

[2009-08-12 10:13:13 | 00,053,248 | ---- | C] ( ) – C:\WINDOWS\System32\DLLVGA.dll

[2009-08-12 10:07:22 | 00,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-08-12 10:04:16 | 00,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2009-08-12 10:04:16 | 00,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[5 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[2 C:\Documents and Settings\matroxGTX\Dane aplikacji*.tmp files -> C:\Documents and Settings\matroxGTX\Dane aplikacji*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2010-01-03 10:20:14 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\matroxGTX\Pulpit\OTL.exe

[2010-01-03 10:12:39 | 00,013,666 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2010-01-03 10:11:52 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2010-01-03 10:11:46 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2010-01-02 23:25:06 | 04,718,592 | -H-- | M] () – C:\Documents and Settings\matroxGTX\NTUSER.DAT

[2010-01-02 23:25:06 | 00,000,292 | -HS- | M] () – C:\Documents and Settings\matroxGTX\ntuser.ini

[2010-01-02 23:10:04 | 00,052,298 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\dysk.JPG

[2010-01-02 21:37:13 | 00,000,239 | ---- | M] () – C:\WINDOWS\system.ini

[2010-01-02 21:36:45 | 00,000,027 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\hosts

[2010-01-02 21:30:21 | 00,000,281 | RHS- | M] () – C:\boot.ini

[2010-01-02 21:26:56 | 03,817,629 | R— | M] () – C:\Documents and Settings\matroxGTX\Pulpit\ComboFix.exe

[2010-01-02 15:38:24 | 00,217,666 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\RevelationV2.zip

[2009-12-30 19:30:11 | 00,020,992 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\marelniusek.doc

[2009-12-29 21:07:03 | 00,064,000 | ---- | M] () – C:\Documents and Settings\matroxGTX\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-12-28 21:42:43 | 00,000,319 | ---- | M] () – C:\WINDOWS\game.ini

[2009-12-27 12:17:31 | 00,471,886 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\ggFlooder.exe.part

[2009-12-27 12:17:17 | 00,000,000 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\ggFlooder.exe

[2009-12-27 11:55:53 | 01,240,737 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\spambot2.rar

[2009-12-26 16:14:32 | 00,020,480 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\Nowy Dokument programu Microsoft Word (2).doc

[2009-12-26 15:48:52 | 00,915,456 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\GG Spambot.exe

[2009-12-26 15:35:10 | 00,000,303 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\tekst.ini

[2009-12-26 15:23:36 | 00,000,162 | -H-- | M] () – C:\Documents and Settings\matroxGTX\Pulpit~$wy Dokument programu Microsoft Word.doc

[2009-12-26 15:23:34 | 00,010,752 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\Nowy Dokument programu Microsoft Word.doc

[2009-12-26 15:20:31 | 01,179,411 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\ggflooder.rar

[2009-12-23 12:32:53 | 00,000,653 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\Gadu-Gadu.lnk

[2009-12-22 21:19:59 | 00,000,162 | -H-- | M] () – C:\Documents and Settings\matroxGTX\Pulpit~$relniusek.doc

[2009-12-22 12:52:19 | 00,010,752 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\7792931.doc

[2009-12-21 18:02:26 | 04,350,416 | ---- | M] () – C:\Documents and Settings\matroxGTX\Pulpit\gg77.exe

[2009-12-20 12:16:33 | 00,000,004 | ---- | M] () – C:\Program Files\is.dat

[2009-12-19 23:04:24 | 00,691,696 | ---- | M] () – C:\WINDOWS\System32\drivers\sptd.sys

[2009-12-19 19:38:19 | 00,421,888 | ---- | M] (NEXON Inc.) – C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe

[2009-12-18 11:55:11 | 00,016,384 | ---- | M] () – C:\Program Files\uik.dat

[2009-12-17 20:13:38 | 00,000,162 | -H-- | M] () – C:\Documents and Settings\matroxGTX\Pulpit~$siazka.doc

[2009-12-17 19:48:32 | 00,188,840 | ---- | M] () – C:\Documents and Settings\matroxGTX\Moje dokumenty\screen przelew.JPG

[2009-12-17 12:04:30 | 00,000,162 | -H-- | M] () – C:\Documents and Settings\matroxGTX\Pulpit~$wy Dokument programu Microsoft Word (4).doc

[2009-12-17 11:30:33 | 00,000,162 | -H-- | M] () – C:\Documents and Settings\matroxGTX\Pulpit~$zapis.doc

[2009-12-14 21:59:46 | 02,643,106 | -H-- | M] () – C:\Documents and Settings\matroxGTX\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-12-09 22:54:07 | 00,261,632 | ---- | M] () – C:\WINDOWS\PEV.exe

[2009-12-09 10:55:52 | 00,000,000 | ---- | M] () – C:\Documents and Settings\matroxGTX\Moje dokumenty\druk.rtf

[2009-12-09 10:53:15 | 00,001,663 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\PDF to DOC.lnk

[2009-12-09 10:02:36 | 00,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK

[2009-12-05 14:35:09 | 00,249,856 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Setup1.exe

[2009-12-05 14:35:09 | 00,073,216 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\temp.000

[5 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[2 C:\Documents and Settings\matroxGTX\Dane aplikacji*.tmp files -> C:\Documents and Settings\matroxGTX\Dane aplikacji*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files Created - No Company Name ==========

[2010-01-02 21:30:20 | 00,000,211 | ---- | C] () – C:\Boot.bak

[2010-01-02 21:30:18 | 00,262,400 | ---- | C] () – C:\cmldr

[2010-01-02 21:29:24 | 00,077,312 | ---- | C] () – C:\WINDOWS\MBR.exe

[2010-01-02 21:29:22 | 00,261,632 | ---- | C] () – C:\WINDOWS\PEV.exe

[2010-01-02 21:29:22 | 00,098,816 | ---- | C] () – C:\WINDOWS\sed.exe

[2010-01-02 21:29:22 | 00,080,412 | ---- | C] () – C:\WINDOWS\grep.exe

[2010-01-02 21:29:22 | 00,068,096 | ---- | C] () – C:\WINDOWS\zip.exe

[2010-01-02 21:25:52 | 03,817,629 | R— | C] () – C:\Documents and Settings\matroxGTX\Pulpit\ComboFix.exe

[2010-01-02 16:27:17 | 00,052,298 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\dysk.JPG

[2010-01-02 15:38:20 | 00,217,666 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\RevelationV2.zip

[2009-12-28 21:42:42 | 00,000,319 | ---- | C] () – C:\WINDOWS\game.ini

[2009-12-27 12:17:17 | 00,000,000 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\ggFlooder.exe

[2009-12-27 12:17:16 | 00,471,886 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\ggFlooder.exe.part

[2009-12-27 11:55:41 | 01,240,737 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\spambot2.rar

[2009-12-26 15:48:37 | 00,915,456 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\GG Spambot.exe

[2009-12-26 15:27:44 | 00,000,303 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\tekst.ini

[2009-12-26 15:23:36 | 00,000,162 | -H-- | C] () – C:\Documents and Settings\matroxGTX\Pulpit~$wy Dokument programu Microsoft Word.doc

[2009-12-26 15:23:34 | 00,010,752 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\Nowy Dokument programu Microsoft Word.doc

[2009-12-26 15:20:24 | 01,179,411 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\ggflooder.rar

[2009-12-22 21:19:59 | 00,000,162 | -H-- | C] () – C:\Documents and Settings\matroxGTX\Pulpit~$relniusek.doc

[2009-12-22 12:52:19 | 00,010,752 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\7792931.doc

[2009-12-21 20:57:01 | 00,020,992 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\marelniusek.doc

[2009-12-21 18:01:28 | 00,000,653 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\Gadu-Gadu.lnk

[2009-12-21 18:00:18 | 04,350,416 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\gg77.exe

[2009-12-18 11:55:11 | 00,016,384 | ---- | C] () – C:\Program Files\uik.dat

[2009-12-18 11:54:04 | 00,000,004 | ---- | C] () – C:\Program Files\is.dat

[2009-12-18 11:07:57 | 00,020,480 | ---- | C] () – C:\Documents and Settings\matroxGTX\Pulpit\Nowy Dokument programu Microsoft Word (2).doc

[2009-12-17 20:13:38 | 00,000,162 | -H-- | C] () – C:\Documents and Settings\matroxGTX\Pulpit~$siazka.doc

[2009-12-17 19:48:14 | 00,188,840 | ---- | C] () – C:\Documents and Settings\matroxGTX\Moje dokumenty\screen przelew.JPG

[2009-12-17 12:04:30 | 00,000,162 | -H-- | C] () – C:\Documents and Settings\matroxGTX\Pulpit~$wy Dokument programu Microsoft Word (4).doc

[2009-12-17 11:30:33 | 00,000,162 | -H-- | C] () – C:\Documents and Settings\matroxGTX\Pulpit~$zapis.doc

[2009-12-09 10:55:52 | 00,000,000 | ---- | C] () – C:\Documents and Settings\matroxGTX\Moje dokumenty\druk.rtf

[2009-12-09 10:53:15 | 00,001,663 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\PDF to DOC.lnk

[2009-11-29 15:42:30 | 00,000,000 | ---- | C] () – C:\WINDOWS\mngui.INI

[2009-11-27 17:32:31 | 00,116,224 | ---- | C] () – C:\WINDOWS\System32\pdfmonnt.dll

[2009-11-27 17:28:58 | 00,000,165 | ---- | C] () – C:\WINDOWS\pdf2word.INI

[2009-11-27 17:10:28 | 00,000,048 | ---- | C] () – C:\WINDOWS\System32\pdfutil.ini

[2009-11-27 16:18:53 | 00,001,069 | ---- | C] () – C:\WINDOWS\APDFPRP.INI

[2009-11-08 12:42:33 | 00,000,040 | ---- | C] () – C:\WINDOWS\winDecrypt.INI

[2009-10-31 19:18:56 | 00,000,112 | ---- | C] () – C:\Documents and Settings\matroxGTX\Dane aplikacji\Current.prx

[2009-10-28 16:06:02 | 00,000,056 | ---- | C] () – C:\WINDOWS\SpeedGear.INI

[2009-10-27 21:50:19 | 00,000,134 | ---- | C] () – C:\WINDOWS\w5win.ini

[2009-10-17 17:22:50 | 00,000,038 | ---- | C] () – C:\WINDOWS\System32\aces.ini

[2009-10-13 18:51:36 | 00,168,448 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2009-09-05 14:44:48 | 01,970,176 | ---- | C] () – C:\WINDOWS\System32\d3dx9.dll

[2009-08-18 14:38:29 | 00,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2009-08-18 14:30:42 | 00,691,696 | ---- | C] () – C:\WINDOWS\System32\drivers\sptd.sys

[2009-08-12 19:04:46 | 00,064,000 | ---- | C] () – C:\Documents and Settings\matroxGTX\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-12 15:32:52 | 00,000,318 | ---- | C] () – C:\WINDOWS\WPE PRO.INI

[2009-08-12 11:54:40 | 00,421,888 | ---- | C] () – C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2009-08-12 11:54:34 | 00,019,968 | ---- | C] () – C:\WINDOWS\System32\cpuinf32.dll

[2009-08-12 11:49:07 | 00,000,056 | RHS- | C] () – C:\WINDOWS\System32\1A9411245D.sys

[2009-08-12 11:49:06 | 00,001,890 | -HS- | C] () – C:\WINDOWS\System32\KGyGaAvL.sys

[2009-08-12 10:13:13 | 00,118,784 | ---- | C] () – C:\WINDOWS\System32\TCtrlIO.dll

[2009-08-12 10:11:18 | 00,147,456 | ---- | C] () – C:\WINDOWS\System32\igfxCoIn_v4935.dll

[2007-08-02 13:00:00 | 00,096,512 | ---- | C] () – C:\WINDOWS\System32\drivers\atapi.sys

[2004-09-01 16:49:17 | 03,375,104 | ---- | C] () – C:\WINDOWS\System32\qt-mt331.dll

[2003-04-08 10:40:22 | 00,005,679 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8FF81EB0

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D74B6CF5

< End of report >

jessica · 3 Styczeń 2010 10:13

Nie widać tu żadnej infekcji.

Kosmetyka:

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL O3 - HKLM…\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. [2010-01-02 21:27:13 | 00,000,000 | —D | C] – C:\Qoobox :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “SuperHidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “Hidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “ShowSuperHidden”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] “CheckedValue”=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" :Commands [emptytemp] [Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Na wszelki wypadek możesz przeskanować komputer >http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html

Raport z niego wklej na http://wklejto.pl/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)

jessi

anhelus · 3 Styczeń 2010 10:53

dziękuje za pomoc