Z komputera wysyłany jest spam


(Krzysztof Imianowski) #1

więc jak w temacie z komputera jest wysyłany spam , z konta pocztowego na bieżąco są usuwane "wiadomości wysłane" więc nie wiem nawet do kogo , najgorsze że jest wysyłana reklama chyba viagry , bo kilka osób odpisało oburzonych tymi wiadomościami .

http://www.wklejto.pl/75384

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:18:16, on 2010-08-26

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\windows\Explorer.EXE

C:\windows\RTHDCPL.EXE

C:\windows\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Browser MOUSE\mouse32a.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\system32\oodtray.exe

C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\qttask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

D:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe

C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\windows\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

C:\windows\system32\dgdersvc.exe

C:\windows\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\oodag.exe

C:\windows\system32\PnkBstrA.exe

C:\windows\system32\PnkBstrB.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\windows\system32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Corel\Standby\Standby.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe

O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [S60 PC Suite Tray] "D:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz wszystkie wideo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\windows\system32\dgdersvc.exe

O23 - Service: FsUsbExService - Teruten - C:\windows\system32\FsUsbExService.Exe

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--

End of file - 9722 bytes

(Łukasz) #2

HJT od dawna się nie używa daje krótkie i nie szczegółowe logi, po za tym infekcje nauczyły się ukrywać i ich nie wykryje.

Pobierz OTL : http://oldtimer.geekstogo.com/OTL.exe

Zapisz na pulpit

W OTL przestawiasz Procesy i Moduły na All oraz wklejasz w dolne białe okienko ,, Własne opcje skanowania / skrypt ":

Kliknij Skanuj

Zawartość logów ( otl.txt i extras.txt ) wklej na www.wklej.org lub www.wklej.to, ale ręcznie kopiuj > wklej z notatnika w pole do wklejania tekstu a w poście daj link.


(Krzysztof Imianowski) #3

więc ponownie, mam nadzieję że o to chodziło.

http://www.wklej.org/id/381282/

[list]OTL logfile created on: 2010-08-26 12:45:17 - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\kris\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 200,15 Gb Free Space | 85,95% Space Free | Partition Type: NTFS

Drive D: | 465,76 Gb Total Space | 288,41 Gb Free Space | 61,92% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: KRIS-F783554A1E

Current User Name: kris

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-08-26 12:41:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Pulpit\OTL.exe

PRC - [2010-07-24 09:05:29 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010-07-24 09:05:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010-06-06 22:15:44 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\qttask.exe

PRC - [2010-06-06 16:45:44 | 000,375,296 | ---- | M] () -- C:\Program Files\Muiltmedia keyboard utility\1.3\KBDAP32A.EXE

PRC - [2010-06-06 16:43:18 | 000,360,448 | ---- | M] () -- C:\Program Files\Browser MOUSE\mouse32a.exe

PRC - [2010-01-25 11:46:12 | 000,928,768 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

PRC - [2010-01-22 11:33:26 | 000,102,503 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

PRC - [2010-01-22 11:31:54 | 000,143,467 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

PRC - [2009-12-22 04:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe

PRC - [2009-12-22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe

PRC - [2009-08-12 13:44:52 | 001,678,848 | ---- | M] () -- C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2007-05-11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe

PRC - [2007-05-11 02:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-08-26 12:41:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Pulpit\OTL.exe

MOD - [2010-06-06 16:43:18 | 000,057,344 | ---- | M] () -- C:\Program Files\Browser MOUSE\mouDL32A.dll

MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- C:\windows\System32\hidserv.dll -- (HidServ)

SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010-01-25 11:46:12 | 000,928,768 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)

SRV - [2010-01-22 11:33:26 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)

SRV - [2010-01-22 11:31:54 | 000,143,467 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)

SRV - [2009-12-22 04:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2009-12-22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)

SRV - [2008-11-11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007-05-11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2010-08-25 18:56:52 | 000,138,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010-06-26 15:40:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-01-04 17:31:48 | 000,035,848 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2009-12-22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009-12-22 04:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)

DRV - [2009-09-24 13:38:42 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)

DRV - [2009-09-24 05:40:12 | 000,019,592 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2009-09-19 07:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2009-09-19 07:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)

DRV - [2009-09-19 07:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)

DRV - [2009-09-19 07:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)

DRV - [2009-08-12 00:19:20 | 000,056,992 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2009-08-06 16:50:00 | 007,753,888 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009-06-17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2009-06-17 14:01:42 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2009-06-17 14:01:10 | 000,032,392 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2009-06-17 14:01:04 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008-07-07 09:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007-05-02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsa.sys -- (nmwcdsa)

DRV - [2007-05-02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacm.sys -- (nmwcdsacm)

DRV - [2007-05-02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacj.sys -- (nmwcdsacj)

DRV - [2007-05-02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsac.sys -- (nmwcdsac)

DRV - [2006-12-14 10:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006-11-15 08:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006-11-04 00:45:48 | 000,178,913 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0260Vid.sys -- (V0260VID)

DRV - [2002-07-17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-25 00:58:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-23 06:12:04 | 000,000,000 | ---D | M]


[2010-06-06 19:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kris\Dane aplikacji\Mozilla\Extensions

[2010-08-25 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kris\Dane aplikacji\Mozilla\Firefox\Profiles\klpkwlqt.default\extensions

[2010-06-18 17:04:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kris\Dane aplikacji\Mozilla\Firefox\Profiles\klpkwlqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-06-07 15:37:13 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\kris\Dane aplikacji\Mozilla\Firefox\Profiles\klpkwlqt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2010-08-25 23:20:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-07-01 10:11:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-08-05 23:09:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010-02-21 12:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2003-01-13 16:08:06 | 000,499,712 | ---- | M] (Morgan Multimedia) -- C:\Program Files\Mozilla Firefox\plugins\npjp2.dll

[2010-04-01 19:33:11 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-04-01 19:33:11 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-04-01 19:33:11 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-04-01 19:33:11 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-04-01 19:33:11 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-04-01 19:33:11 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE ()

O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)

O4 - HKLM..\Run: [QuickTime Task] C:\windows\System32\qttask.exe (Apple Computer, Inc.)

O4 - Startup: C:\Documents and Settings\kris\Menu Start\Programy\Autostart\GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Pobierz wszystkie wideo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)

O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.34.49 212.76.34.50

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun\autorun.exe -- File not found

O33 - MountPoints2\L\Shell - "" = AutoRun

O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found

O33 - MountPoints2\M\Shell - "" = AutoRun

O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - C:\windows\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


NetSvcs: 6to4 - File not found

NetSvcs: HidServ - C:\windows\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-08-26 12:41:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kris\Pulpit\OTL.exe

[2010-08-26 11:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Pulpit\POBIERANE

[2010-08-26 10:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-08-23 08:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Dane aplikacji\Ventrilo

[2010-08-23 08:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo

[2010-08-21 08:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Moje dokumenty\America's Army Server Setups

[2010-08-19 18:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Ustawienia lokalne\Dane aplikacji\AA2DeployClient

[2010-08-19 18:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AA2DeployClient

[2010-08-19 18:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Ustawienia lokalne\Dane aplikacji\Deployment

[2010-08-19 11:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Ustawienia lokalne\Dane aplikacji\PunkBuster

[2010-08-15 01:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Dane aplikacji\o2.pl

[2010-08-09 13:57:19 | 013,338,144 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\kris\Pulpit\Opera_1060_int_Setup.exe

[2010-08-05 23:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010-08-02 15:19:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusb.dll

[2010-08-02 15:19:35 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusd.dll

[2010-07-30 12:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Moje dokumenty\ArmA 2 Other Profiles

[2010-07-30 12:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Ustawienia lokalne\Dane aplikacji\ArmA 2 OA

[2010-07-30 12:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kris\Moje dokumenty\ArmA 2

[2010-07-30 12:31:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kris\Dane aplikacji\SecuROM

[3 C:\windows\*.tmp files -> C:\windows\*.tmp ->]

[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-08-26 12:41:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Pulpit\OTL.exe

[2010-08-26 12:27:38 | 000,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2010-08-26 12:27:33 | 000,006,510 | ---- | M] () -- C:\windows\System32\LOCALSERVICE.INI

[2010-08-26 12:27:22 | 000,001,313 | ---- | M] () -- C:\windows\System32\bscs.ini

[2010-08-26 12:27:17 | 000,001,028 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2010-08-26 12:27:14 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

[2010-08-26 12:27:11 | 000,248,739 | ---- | M] () -- C:\windows\System32\NvApps.xml

[2010-08-26 12:27:06 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2010-08-26 12:26:57 | 000,224,752 | ---- | M] () -- C:\windows\System32\oodbs.lor

[2010-08-26 12:25:52 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\kris\ntuser.dat

[2010-08-26 12:25:52 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\kris\ntuser.ini

[2010-08-26 12:02:53 | 000,462,445 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\Silent Runners.vbs

[2010-08-26 12:00:00 | 000,001,032 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2010-08-26 11:32:33 | 000,010,234 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\75384

[2010-08-26 11:18:12 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\HiJackThis.lnk

[2010-08-25 18:57:56 | 000,189,392 | ---- | M] () -- C:\windows\System32\PnkBstrB.xtr

[2010-08-25 18:56:52 | 000,138,016 | ---- | M] () -- C:\windows\System32\drivers\PnkBstrK.sys

[2010-08-23 08:34:34 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ventrilo.lnk

[2010-08-23 06:12:04 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk

[2010-08-21 08:06:38 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\Skrót do AA Server Remote Control.lnk

[2010-08-21 08:06:34 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\Skrót do AA Server Manager.lnk

[2010-08-21 08:01:47 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\Skrót do AALoader.lnk

[2010-08-21 08:01:28 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\Skrót do ArmyOps.lnk

[2010-08-19 18:22:59 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\AA2Deploy.appref-ms

[2010-08-19 11:47:15 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\kris\Dane aplikacji\PnkBstrK.sys

[2010-08-19 11:46:57 | 000,794,408 | ---- | M] () -- C:\windows\System32\pbsvc.exe

[2010-08-19 10:44:02 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\America's Army 3.url

[2010-08-19 10:42:08 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk

[2010-08-15 01:49:14 | 000,490,337 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\przeklejuploader1_0_3_www.przeklej.pl.exe

[2010-08-12 09:41:20 | 000,323,520 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2010-08-12 08:14:07 | 001,052,006 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI

[2010-08-12 08:14:07 | 000,493,976 | ---- | M] () -- C:\windows\System32\perfh015.dat

[2010-08-12 08:14:07 | 000,435,396 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2010-08-12 08:14:07 | 000,085,136 | ---- | M] () -- C:\windows\System32\perfc015.dat

[2010-08-12 08:14:07 | 000,068,292 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2010-08-09 13:57:36 | 013,338,144 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\kris\Pulpit\Opera_1060_int_Setup.exe

[2010-08-07 19:33:23 | 000,000,008 | ---- | M] () -- C:\windows\System32\nvModes.dat

[2010-08-04 14:15:55 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\kris\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-08-02 17:51:04 | 000,005,642 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys

[2010-08-02 15:20:26 | 000,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn

[2010-07-30 12:31:54 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\Uruchom ARMA 2 Operation Arrowhead.lnk

[2010-07-27 23:29:22 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\kris\Pulpit\Skrót do Połączenia sieciowe.lnk

[3 C:\windows\*.tmp files -> C:\windows\*.tmp ->]

[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-08-26 12:02:50 | 000,462,445 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\Silent Runners.vbs

[2010-08-26 11:32:32 | 000,010,234 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\75384

[2010-08-26 10:06:48 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\HiJackThis.lnk

[2010-08-23 08:34:34 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ventrilo.lnk

[2010-08-21 08:06:38 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\Skrót do AA Server Remote Control.lnk

[2010-08-21 08:06:34 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\Skrót do AA Server Manager.lnk

[2010-08-21 08:01:47 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\Skrót do AALoader.lnk

[2010-08-21 08:01:28 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\Skrót do ArmyOps.lnk

[2010-08-19 18:22:59 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\AA2Deploy.appref-ms

[2010-08-19 11:57:06 | 000,189,392 | ---- | C] () -- C:\windows\System32\PnkBstrB.xtr

[2010-08-19 11:47:15 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\kris\Dane aplikacji\PnkBstrK.sys

[2010-08-19 11:47:15 | 000,138,016 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys

[2010-08-19 11:46:57 | 000,794,408 | ---- | C] () -- C:\windows\System32\pbsvc.exe

[2010-08-19 11:46:57 | 000,189,392 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe

[2010-08-19 11:46:57 | 000,075,064 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe

[2010-08-19 10:44:02 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\America's Army 3.url

[2010-08-19 10:38:25 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk

[2010-08-15 01:49:14 | 000,490,337 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\przeklejuploader1_0_3_www.przeklej.pl.exe

[2010-07-30 12:31:54 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\Uruchom ARMA 2 Operation Arrowhead.lnk

[2010-07-27 23:29:22 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\kris\Pulpit\Skrót do Połączenia sieciowe.lnk

[2010-06-28 00:26:13 | 002,560,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2010-06-27 13:40:21 | 000,005,642 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys

[2010-06-27 13:40:21 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\BC00242EE3.sys

[2010-06-26 15:40:40 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys

[2010-06-10 19:25:44 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll

[2010-06-10 19:25:44 | 000,036,640 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys

[2010-06-10 19:25:36 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\kris\Dane aplikacji\$_hpcst$.hpc

[2010-06-10 10:31:23 | 000,000,790 | ---- | C] () -- C:\windows\System32\SHORTCUT.INI

[2010-06-10 10:31:10 | 000,000,130 | ---- | C] () -- C:\windows\System32\REMOTEDEVICE.INI

[2010-06-10 10:30:36 | 000,006,510 | ---- | C] () -- C:\windows\System32\LOCALSERVICE.INI

[2010-06-10 10:30:36 | 000,000,107 | ---- | C] () -- C:\windows\System32\LOCALDEVICE.INI

[2010-06-10 10:25:09 | 000,000,000 | ---- | C] () -- C:\windows\System32\BSPRINT.INI

[2010-06-08 11:01:58 | 000,088,064 | ---- | C] () -- C:\windows\System32\Bmp2Jpeg.dll

[2010-06-07 21:49:58 | 000,029,696 | ---- | C] () -- C:\windows\System32\pthread.dll

[2010-06-07 11:46:54 | 000,000,029 | ---- | C] () -- C:\windows\System32\UNWISE.INI

[2010-06-07 11:46:48 | 000,043,494 | ---- | C] () -- C:\windows\php.ini

[2010-06-06 22:14:39 | 000,000,761 | ---- | C] () -- C:\windows\m3jp2k.ini

[2010-06-06 22:14:39 | 000,000,714 | ---- | C] () -- C:\windows\m3jpeg.ini

[2010-06-06 22:14:39 | 000,000,702 | ---- | C] () -- C:\windows\mmtvmj.ini

[2010-06-06 22:14:35 | 000,019,968 | ---- | C] () -- C:\windows\System32\cpuinf32.dll

[2010-06-06 22:14:34 | 000,152,064 | ---- | C] () -- C:\windows\System32\unrar.dll

[2010-06-06 22:14:32 | 000,761,856 | ---- | C] () -- C:\windows\System32\xvidcore.dll

[2010-06-06 20:10:23 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

[2010-06-06 19:20:20 | 000,000,000 | ---- | C] () -- C:\windows\oodcnt.INI

[2010-06-06 19:11:44 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\kris\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-01-25 11:46:18 | 000,001,313 | ---- | C] () -- C:\windows\System32\bscs.ini

[2010-01-22 11:31:56 | 000,028,672 | ---- | C] () -- C:\windows\System32\BsMobileCSps.dll

[2010-01-22 10:04:30 | 000,081,920 | ---- | C] () -- C:\windows\System32\BsVistaCommon.dll

[2009-11-09 04:08:10 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll

[2009-11-09 04:08:10 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll

[2009-11-09 04:08:10 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll

[2009-11-09 04:08:10 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll

[2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\windows\System32\xlive.dll.cat

[2009-09-24 13:38:42 | 000,022,528 | ---- | C] () -- C:\windows\System32\drivers\btnetBus.sys

[2009-08-03 00:21:54 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll

[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll

[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll

[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll

[2009-08-03 00:21:52 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll

[2009-08-03 00:21:52 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll


[color=#E56717]========== Custom Scans ==========[/color]



[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List >[/color]

"8095:TCP" = 8095:TCP:*:Enabled:BitComet 8095 TCP

"8095:UDP" = 8095:UDP:*:Enabled:BitComet 8095 UDP

"22331:TCP" = 22331:TCP:*:Enabled:BitComet 22331 TCP

"22331:UDP" = 22331:UDP:*:Enabled:BitComet 22331 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002


[color=#E56717]========== Files - Unicode (All) ==========[/color]

[2010-06-14 17:24:07 | 015,505,653 | ---- | M] ()(C:\Documents and Settings\kris\Moje dokumenty\???????_????????_-_???????_(HQ).mp4) -- C:\Documents and Settings\kris\Moje dokumenty\Татьяна_Овсиенко_-_Колечко_(HQ).mp4

[2010-06-14 17:21:57 | 015,505,653 | ---- | C] ()(C:\Documents and Settings\kris\Moje dokumenty\???????_????????_-_???????_(HQ).mp4) -- C:\Documents and Settings\kris\Moje dokumenty\Татьяна_Овсиенко_-_Колечко_(HQ).mp4

[2010-06-14 17:12:41 | 018,055,456 | ---- | M] ()(C:\Documents and Settings\kris\Moje dokumenty\??????_-_???????_????_2_(HQ).mp4) -- C:\Documents and Settings\kris\Moje dokumenty\Краски_-_Старший_Брат_2_(HQ).mp4

[2010-06-14 17:10:00 | 018,055,456 | ---- | C] ()(C:\Documents and Settings\kris\Moje dokumenty\??????_-_???????_????_2_(HQ).mp4) -- C:\Documents and Settings\kris\Moje dokumenty\Краски_-_Старший_Брат_2_(HQ).mp4

< End of report >

[/list]

(Blueboss) #4

Spróbuj MBAM (http://www.dobreprogramy.pl/Malwarebyte ... 13117.html).


(Krzysztof Imianowski) #5

po przeskanowaniu w wynikach mam coś takiego :

  • Zainfekowane informacje rejestru systemowego:

-- Dodane 26.08.2010 (Cz) 13:39 --

Nie wiem czy to jest na pewno wirus , otrzymałem informację o logowaniach na konto :

  • Rosja (213.247.216.141) 09:27 (4 godzin temu)

czyli ktoś się włamał , tyle czy zmiana hasła rozwiązuje problem , czy może coś zostawili.