Kryptik.GXQ, Olmarik and some other stuff

View previous topic View next topic Go down

Kryptik.GXQ, Olmarik and some other stuff

Post by Nath4N on Sun 07 Nov 2010, 7:50 am

NOD finds these but can't delete them. I ran HJT and Malwarebytes and deleted the dectected infections but something is still here.
Few days ago this fake antivir Security Tool showed up too, i managed to delete it by myself.

OTL logfile created on: 2010-11-06 21:41:18 - Run 3
OTL by OldTimer - Version 3.2.17.2 Folder = D:\Inne
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 3,74 Gb Free Space | 18,68% Space Free | Partition Type: NTFS
Drive D: | 445,76 Gb Total Space | 27,77 Gb Free Space | 6,23% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Pawel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-05 08:02:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Inne\OLT.exe
PRC - [2009-02-06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Programy\ESET Smart Security\ekrn.exe
PRC - [2009-02-06 13:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Programy\ESET Smart Security\egui.exe
PRC - [2008-12-10 21:32:46 | 000,098,816 | ---- | M] (Opera Software) -- C:\Programy\Opera\opera.exe
PRC - [2008-07-18 10:45:10 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-02-10 23:07:32 | 000,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Programy\A4Tech\Mouse\Amoumain.exe
PRC - [2006-11-13 14:57:16 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-11-13 14:57:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2004-08-28 19:27:04 | 000,295,424 | ---- | M] (http://autoconnect.prv.pl) -- C:\Programy\AutoConnect\AutoConnect.exe
PRC - [2004-08-23 12:49:56 | 000,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe


========== Modules (SafeList) ==========

MOD - [2010-11-05 08:02:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Inne\OLT.exe
MOD - [2008-04-15 13:00:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008-04-15 13:00:00 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll
MOD - [2007-02-10 22:51:40 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-08-24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009-04-14 05:58:22 | 000,696,320 | ---- | M] (COMARCH S.A.) [Disabled | Stopped] -- C:\WINDOWS\system32\HASPSrv.exe -- (HASPSrv)
SRV - [2009-02-06 13:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programy\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009-02-06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Programy\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008-11-11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-07-18 10:45:10 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008-04-15 13:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (.EsetTrialReset)
SRV - [2007-11-07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Inne\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006-02-01 23:51:06 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- D:\Inne\Oracle\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006-02-01 23:49:14 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- D:\Inne\Oracle\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006-02-01 23:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- D:\Inne\Oracle\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006-02-01 23:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- d:\inne\oracle\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006-02-01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- d:\inne\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [2005-07-27 11:53:00 | 000,536,576 | ---- | M] () [Disabled | Stopped] -- D:\Inne\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver)
SRV - [2004-08-23 12:49:56 | 000,040,960 | ---- | M] (France Telecom) [Auto | Running] -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\fsakj\catchme.sys -- (catchme)
DRV - [2010-11-06 19:50:08 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-11-02 09:07:14 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010-09-11 03:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-10-19 09:55:14 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\5c231369.sys -- (5c231369)
DRV - [2009-09-17 19:09:56 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009-06-06 19:14:12 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009-02-06 13:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009-02-06 13:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009-02-06 13:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009-02-06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009-02-06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008-09-15 06:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008-09-15 06:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008-09-15 06:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-04-15 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-02-11 00:55:50 | 000,013,824 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007-01-31 14:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007-01-24 18:46:50 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2007-01-18 13:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006-11-22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006-05-25 18:28:44 | 000,684,265 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2004-05-05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003-08-12 17:51:00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-08-04 12:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programy\ESET Smart Security\Mozilla Thunderbird [2009-04-04 19:08:51 | 000,000,000 | ---D | M]

[2010-10-10 15:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawel\Dane aplikacji\Mozilla\Extensions
[2010-10-10 15:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawel\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com
[2009-05-25 08:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawel\Dane aplikacji\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010-11-02 10:44:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programy\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Programy\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Programy\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKCU..\Run: [AutoConnect] C:\Programy\AutoConnect\AutoConnect.exe (http://autoconnect.prv.pl)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Programy\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programy\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programy\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programy\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Programy\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} [You must be registered and logged in to see this link.] (OggX Control)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\SAP\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\SAP\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: D:\Inne\tapeta z tatą winieta.bmp
O24 - Desktop BackupWallPaper: D:\Inne\tapeta z tatą winieta.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-03 20:59:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c074f4bf-d446-11df-8392-001fd096c95a}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "SQLWriter"
MsConfig - Services: "MSSQL$SQLEXPRESS"
MsConfig - Services: "OracleXETNSListener"
MsConfig - Services: "OracleXEClrAgent"
MsConfig - Services: "OracleServiceXE"
MsConfig - Services: "OracleMTSRecoveryService"
MsConfig - Services: "matlabserver"
MsConfig - Services: "StarWindServiceAE"
MsConfig - Services: "ServiceLayer"
MsConfig - Services: "TomTomHOMEService"
MsConfig - Services: "wuauserv"
MsConfig - StartUpFolder: C:^Documents and Settings^Pawel^Menu Start^Programy^Autostart^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programy\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Programy\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programy\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: IPLA! - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programy\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: WOOTASKBARICON - hkey= - key= - C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found
MsConfig - StartUpReg: WOOWATCH - hkey= - key= - C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Renderowanie grafiki wektorowej (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Powiązania danych dynamicznego HTML dla języka Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autorstwo zaawansowane
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Klasy Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Harmonogram zadań
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D1C124B5-CDC7-D632-3AE9-9FDC59E37886} - Outlook Express
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.CSCD - C:\WINDOWS\System32\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Programy\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (91492978182324224)

========== Files/Folders - Created Within 30 Days ==========

[2010-11-02 15:50:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-11-02 14:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-11-02 12:04:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-02 12:04:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-02 10:56:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-11-02 10:52:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-11-02 10:28:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-11-02 10:28:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-11-02 10:28:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-11-02 10:28:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-11-02 10:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-11-02 10:22:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-11-02 10:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-11-02 09:07:14 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010-11-02 09:07:14 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010-11-02 09:07:14 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010-10-29 15:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles
[2010-10-29 15:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI
[2010-10-29 15:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010-10-29 15:08:07 | 044,303,904 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Pawel\Moje dokumenty\10-10_xp32_dd_ccc_enu.exe
[2010-10-28 10:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Macromedia
[2010-10-23 19:10:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe
[2010-10-18 13:25:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DSS
[2010-10-11 18:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\kaneandlynch
[2010-10-10 15:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TomTom
[2010-10-10 15:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawel\Moje dokumenty\TomTom
[2010-10-10 15:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\TomTom
[2010-10-10 15:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawel\Dane aplikacji\TomTom
[2010-10-10 15:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010-10-10 15:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-11-06 19:50:08 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010-11-06 19:49:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-06 15:00:18 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-06 08:39:29 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-02 15:51:52 | 000,000,684 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010-11-02 14:53:17 | 000,209,306 | ---- | M] () -- C:\Documents and Settings\Pawel\Moje dokumenty\kopia zapasowa cc.reg
[2010-11-02 14:16:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-11-02 11:09:05 | 000,558,514 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-11-02 11:09:05 | 000,499,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-02 11:09:05 | 000,110,360 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-11-02 11:09:05 | 000,093,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-11-02 10:44:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-11-02 09:20:23 | 003,887,136 | ---- | M] () -- C:\ComboFix.exe
[2010-11-02 09:07:14 | 001,004,544 | ---- | M] () -- C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\7765968548.exe
[2010-11-02 09:07:14 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010-11-02 09:07:14 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010-11-02 09:07:14 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010-10-29 16:39:14 | 000,024,441 | ---- | M] () -- C:\Documents and Settings\Pawel\Pulpit\k3.jpg
[2010-10-29 16:39:08 | 000,025,584 | ---- | M] () -- C:\Documents and Settings\Pawel\Pulpit\k2.jpg
[2010-10-29 16:39:02 | 000,051,373 | ---- | M] () -- C:\Documents and Settings\Pawel\Pulpit\k1.jpg
[2010-10-29 15:32:43 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk
[2010-10-29 15:20:37 | 000,000,347 | ---- | M] () -- C:\Documents and Settings\Pawel\Pulpit\Skrót do Internet.lnk
[2010-10-29 15:15:42 | 044,303,904 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Pawel\Moje dokumenty\10-10_xp32_dd_ccc_enu.exe
[2010-10-27 17:07:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-10-25 22:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010-10-23 19:10:28 | 000,030,720 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2010-10-14 08:27:37 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Pawel\Pulpit\Skrót do PES2011.lnk
[2010-10-11 18:44:45 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Pawel\Pulpit\PISMO DO DZIEKANA.doc
[2010-10-11 17:50:43 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-11-02 14:52:58 | 000,209,306 | ---- | C] () -- C:\Documents and Settings\Pawel\Moje dokumenty\kopia zapasowa cc.reg
[2010-11-02 10:28:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-11-02 10:28:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-11-02 10:28:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-11-02 10:28:31 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-11-02 10:28:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-11-02 09:20:32 | 003,887,136 | ---- | C] () -- C:\ComboFix.exe
[2010-11-02 09:07:14 | 001,004,544 | ---- | C] () -- C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\7765968548.exe
[2010-10-29 16:39:14 | 000,024,441 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\k3.jpg
[2010-10-29 16:39:08 | 000,025,584 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\k2.jpg
[2010-10-29 16:39:02 | 000,051,373 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\k1.jpg
[2010-10-29 16:32:48 | 002,515,315 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\SDC10139.JPG
[2010-10-29 16:32:48 | 002,488,223 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\SDC10138.JPG
[2010-10-29 16:32:47 | 002,581,557 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\SDC10137.JPG
[2010-10-29 16:32:46 | 002,529,292 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\SDC10135.JPG
[2010-10-29 16:32:46 | 002,429,889 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\SDC10136.JPG
[2010-10-29 16:32:45 | 002,570,975 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\SDC10134.JPG
[2010-10-29 15:32:43 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk
[2010-10-29 15:20:37 | 000,000,347 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\Skrót do Internet.lnk
[2010-10-29 15:19:57 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-10-29 15:19:55 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-10-14 08:27:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\Skrót do PES2011.lnk
[2010-10-11 18:15:45 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Pawel\Pulpit\PISMO DO DZIEKANA.doc
[2010-10-11 17:50:43 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010-10-11 17:50:43 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010-07-25 10:10:52 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010-07-03 19:16:46 | 000,000,144 | ---- | C] () -- C:\WINDOWS\sapshortcut.ini
[2010-07-03 19:15:04 | 000,000,658 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2010-07-03 19:14:28 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2010-07-03 19:14:28 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2010-07-03 19:14:28 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2010-07-03 19:14:28 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2010-07-03 19:14:28 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2010-07-03 19:14:26 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2010-05-11 18:33:25 | 000,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2010-04-28 16:06:53 | 000,001,085 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2010-01-10 10:49:14 | 001,032,582 | ---- | C] () -- C:\WINDOWS\System32\alleg42.dll
[2009-11-10 17:33:42 | 000,163,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-09-23 23:05:33 | 000,000,476 | ---- | C] () -- C:\WINDOWS\VISDATA.ini
[2009-09-23 23:05:33 | 000,000,223 | ---- | C] () -- C:\WINDOWS\BAH.ini
[2009-09-20 10:20:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\5c231369.sys
[2009-08-16 22:03:58 | 000,000,042 | ---- | C] () -- C:\WINDOWS\fiscprn.ini
[2009-08-16 22:03:40 | 000,000,066 | ---- | C] () -- C:\WINDOWS\mxreader.INI
[2009-08-16 22:03:08 | 000,002,055 | R--- | C] () -- C:\WINDOWS\BTI.INI
[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-07-02 17:49:40 | 000,000,155 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009-07-02 17:48:39 | 000,000,907 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009-06-06 19:15:12 | 000,000,684 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-06-06 19:14:38 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\HASPXPx64.dll
[2009-06-06 19:14:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\HASPXPx32.dll
[2009-06-06 19:14:12 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009-04-18 18:53:59 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Pawel\Dane aplikacji\$_hpcst$.hpc
[2009-04-05 13:49:09 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009-04-04 19:25:04 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
[2009-04-04 19:25:00 | 000,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2009-04-04 19:14:46 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2009-04-03 22:44:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-04-03 21:04:43 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-12-15 22:43:58 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\Pawel\Dane aplikacji\WWB7_32.DAT

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006-04-19 20:21:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-07-02 22:37:10 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-19 20:21:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-07-02 22:37:12 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-04-03 20:59:23 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2009-04-12 19:09:58 | 000,414,144 | ---- | M] () -- C:\WINDOWS\system32\UACnxtjkoml.db
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009-04-03 21:03:08 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\Pawel\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009-04-03 21:03:07 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Pawel\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Pokaż pulpit.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2008-04-15 13:00:00 | 002,025,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntkrnlpa.exe
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009-04-03 22:42:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-04-03 22:42:51 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-04-03 22:42:51 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2008-04-15 13:00:00 | 000,009,043 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008-04-15 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2009-06-06 19:14:12 | 000,000,383 | ---- | M] () -- C:\WINDOWS\system32\haspdos.sys
[2008-04-15 13:00:00 | 000,004,976 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008-04-15 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008-04-15 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008-04-15 13:00:00 | 000,027,898 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008-04-15 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008-04-15 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008-04-15 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008-04-15 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008-04-15 13:00:00 | 000,033,936 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008-04-15 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008-04-15 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008-04-15 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008-04-15 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2003-08-04 12:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS
[2008-04-15 13:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2008-04-15 13:00:00 | 001,845,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2010-09-11 02:11:14 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2009-04-03 20:59:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-11-02 14:16:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008-04-15 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-11-02 09:20:23 | 003,887,136 | ---- | M] () -- C:\ComboFix.exe
[2010-11-02 10:52:25 | 000,020,623 | ---- | M] () -- C:\ComboFix.txt
[2009-04-03 20:59:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-04-04 19:04:50 | 000,000,154 | ---- | M] () -- C:\csb.log
[2010-09-19 15:42:54 | 000,001,744 | ---- | M] () -- C:\DSLTest.log
[2010-01-06 16:13:23 | 000,001,076 | ---- | M] () -- C:\filename.reg
[2009-05-17 21:05:15 | 000,029,797 | ---- | M] () -- C:\firebird.log
[2009-04-03 20:59:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-04-03 20:59:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-15 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-15 13:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-11-06 19:49:52 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-05-17 21:05:16 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009-04-04 19:03:28 | 000,000,429 | ---- | M] () -- C:\RHDSetup.log
[2010-11-02 11:16:52 | 000,000,353 | ---- | M] () -- C:\rkill.log
[2010-11-06 19:50:12 | 000,000,125 | ---- | M] () -- C:\service.log

< %PROGRAMFILES%\*. >
[2010-04-24 19:04:22 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010-01-16 20:59:03 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010-08-31 13:44:12 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009-12-19 19:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010-10-29 15:20:32 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009-04-04 19:01:02 | 000,000,000 | ---D | M] -- C:\Program Files\Browser Configuration Utility
[2010-11-02 14:51:30 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010-01-25 09:40:47 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2010-10-30 10:29:35 | 000,000,000 | ---D | M] -- C:\Program Files\CeRegEditor
[2010-07-03 19:14:32 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009-04-03 20:57:33 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010-11-02 15:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2009-04-18 19:19:41 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010-04-28 16:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\ElcomSoft
[2009-04-04 19:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\GIGABYTE
[2010-01-25 09:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2010-10-29 15:30:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009-04-04 19:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009-11-10 17:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010-09-18 21:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\ipla
[2009-04-17 14:18:05 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010-11-05 07:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-04-03 20:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009-09-24 19:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009-12-03 15:16:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2009-04-03 21:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009-11-10 17:37:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010-01-25 09:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009-12-03 15:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2009-12-03 15:20:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009-12-03 15:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009-12-03 15:15:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009-04-05 14:01:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010-04-28 10:26:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio .NET
[2009-12-03 15:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2009-04-05 14:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009-04-05 14:01:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009-04-03 20:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010-01-25 09:42:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009-04-03 20:56:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009-06-06 19:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSSOAP
[2009-06-06 19:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009-12-03 15:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010-11-06 19:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\neostrada tp
[2009-04-03 20:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009-04-18 19:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009-04-03 22:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\Norton PartitionMagic 8.0
[2010-08-31 13:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009-04-03 23:37:11 | 000,000,000 | ---D | M] -- C:\Program Files\Ontrack
[2009-12-19 18:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2009-04-03 20:58:20 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009-04-14 14:26:47 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010-09-18 21:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\PlayReady
[2009-04-04 19:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009-11-10 17:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009-05-12 10:59:52 | 000,000,000 | ---D | M] -- C:\Program Files\SAMSUNG
[2010-07-23 00:18:23 | 000,000,000 | ---D | M] -- C:\Program Files\SkanerOnline
[2009-11-04 19:23:29 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010-10-10 15:28:51 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010-10-10 15:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2009-04-19 13:21:22 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010-05-03 15:14:07 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2009-06-06 19:13:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009-04-03 20:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Usługi online
[2010-09-30 20:12:18 | 000,000,000 | ---D | M] -- C:\Program Files\vShare
[2009-04-06 10:21:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009-04-06 10:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009-12-03 15:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2009-04-03 20:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009-04-03 20:58:48 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009-04-03 21:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009-04-04 19:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE ZXDSL 852

< %appdata%\*.* >
[2009-04-18 18:53:59 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Pawel\Dane aplikacji\$_hpcst$.hpc
[2009-04-03 22:44:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Pawel\Dane aplikacji\desktop.ini
[2006-12-16 10:25:23 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Pawel\Dane aplikacji\WWB7_32.DAT


< MD5 for: AGP440.SYS >
[2008-04-15 13:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008-04-15 13:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-15 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008-04-15 13:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008-04-15 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-15 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-15 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-15 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008-04-15 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=9858AD0A3FCD83C3B100EDD5852DE540 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008-04-15 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=9858AD0A3FCD83C3B100EDD5852DE540 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008-04-15 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=9858AD0A3FCD83C3B100EDD5852DE540 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-15 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=3F74B6B4E2721272A117D25990141F73 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008-04-15 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=3F74B6B4E2721272A117D25990141F73 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008-04-15 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=3F74B6B4E2721272A117D25990141F73 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008-04-15 13:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008-04-13 23:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008-04-13 23:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9E00596C

< End of report >

Nath4N

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2009-04-18
Operating System : XP Home SP3

View user profile

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by DragonMaster Jay on Mon 08 Nov 2010, 6:22 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





This file is infected:
C:\WINDOWS\System32\userinit.exe


It is an important system file, and without it, your system will not operate properly. Keep in mind, if you decide to fix the system, it may become unbootable. BEFORE you proceed with the fixes below, please read through this warning, and provide me the proper information.



You have a severe infection on the system.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

  • Back up all important data on the machine.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:

    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for potential identity theft caused by the infections.
  • In the event these type of infections occur, it is best to reformat and reinstall your operating system. Are you prepared to do this?
  • Please put the XP disc in the computer (if you have it), boot from it, go in to setup and press R for the Recovery Console, when prompted.

    If you do not have an XP disc... STOP! and reply back to me to let me know you do not have a disc, and have no access to the Recovery Console. There are different avenues we can take to full disinfection.





===FIXES===

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by Nath4N on Mon 08 Nov 2010, 9:12 pm

i don't have an XP disc

2010/11/08 11:06:11.0015 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/08 11:06:11.0015 ================================================================================
2010/11/08 11:06:11.0015 SystemInfo:
2010/11/08 11:06:11.0015
2010/11/08 11:06:11.0015 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/08 11:06:11.0015 Product type: Workstation
2010/11/08 11:06:11.0015 ComputerName: HOME
2010/11/08 11:06:11.0015 UserName: Pawel
2010/11/08 11:06:11.0015 Windows directory: C:\WINDOWS
2010/11/08 11:06:11.0015 System windows directory: C:\WINDOWS
2010/11/08 11:06:11.0015 Processor architecture: Intel x86
2010/11/08 11:06:11.0015 Number of processors: 2
2010/11/08 11:06:11.0015 Page size: 0x1000
2010/11/08 11:06:11.0015 Boot type: Normal boot
2010/11/08 11:06:11.0015 ================================================================================
2010/11/08 11:06:11.0296 Initialize success
2010/11/08 11:06:17.0859 ================================================================================
2010/11/08 11:06:17.0859 Scan started
2010/11/08 11:06:17.0859 Mode: Manual;
2010/11/08 11:06:17.0859 ================================================================================
2010/11/08 11:06:18.0328 ACPI (05118282f5d039595a2b92b4a4afe197) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/08 11:06:18.0359 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/08 11:06:18.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/08 11:06:18.0437 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2010/11/08 11:06:18.0515 Amfilter (868ae6fa93c29c8a105539f3e6d5a77f) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
2010/11/08 11:06:18.0546 Amusbprt (37646d4559ad45c96225521b44c45d01) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
2010/11/08 11:06:18.0609 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/08 11:06:18.0625 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/08 11:06:18.0750 ati2mtag (662c08fef641d8d6e9dcdb39168895b0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/08 11:06:18.0796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/08 11:06:18.0828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/08 11:06:18.0843 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
2010/11/08 11:06:18.0859 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
2010/11/08 11:06:18.0890 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/08 11:06:18.0937 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/08 11:06:18.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/08 11:06:18.0984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/08 11:06:19.0000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/08 11:06:19.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/08 11:06:19.0125 dmboot (bc9219abc5696942e6f9ac8a9b28670f) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/08 11:06:19.0171 dmio (5fa232e3ba6e1346f9f5a7e519320cb0) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/08 11:06:19.0187 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/08 11:06:19.0218 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/08 11:06:19.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/08 11:06:19.0265 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/11/08 11:06:19.0281 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/11/08 11:06:19.0312 epfw (1a7384d0684adc204178f593994194b1) C:\WINDOWS\system32\DRIVERS\epfw.sys
2010/11/08 11:06:19.0328 Epfwndis (82ccb9d92dd674f3a4758f4a6a18fc1c) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2010/11/08 11:06:19.0343 epfwtdi (db4fe66ecc47e6934dd769ff00e170bc) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2010/11/08 11:06:19.0359 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/08 11:06:19.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/08 11:06:19.0390 Fips (09e2a4d33f81a06a8aab2ba0a0b5d235) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/08 11:06:19.0406 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/08 11:06:19.0421 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/08 11:06:19.0453 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/08 11:06:19.0468 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/08 11:06:19.0484 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
2010/11/08 11:06:19.0500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/08 11:06:19.0546 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
2010/11/08 11:06:19.0593 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2010/11/08 11:06:19.0625 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/08 11:06:19.0640 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/08 11:06:19.0671 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/08 11:06:19.0718 i8042prt (177b372af55c4460d0968b5f1d02aa1c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/08 11:06:19.0734 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/08 11:06:19.0843 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/08 11:06:19.0890 intelppm (da153edc09de8c4f846c085caa39d1cc) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/08 11:06:19.0906 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/08 11:06:19.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/08 11:06:19.0953 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/08 11:06:19.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/08 11:06:19.0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/08 11:06:20.0000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/08 11:06:20.0031 isapnp (c8eef2e93835b81bd335de2123121283) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/08 11:06:20.0046 Kbdclass (2aeca45d4aeaacbdcb77ad11184e4601) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/08 11:06:20.0093 kbdhid (f718dcddac2544bc693f22977d06f78b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/08 11:06:20.0125 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/08 11:06:20.0140 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/08 11:06:20.0171 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/08 11:06:20.0203 Modem (4a068db7dc37d5afedb6512d2931d7b3) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/08 11:06:20.0203 Mouclass (fbed3df6b884f8cf00447b73507f2c48) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/08 11:06:20.0218 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/08 11:06:20.0234 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/08 11:06:20.0265 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/08 11:06:20.0296 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/08 11:06:20.0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/08 11:06:20.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/08 11:06:20.0375 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/08 11:06:20.0390 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/08 11:06:20.0421 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/08 11:06:20.0453 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/08 11:06:20.0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/08 11:06:20.0500 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/08 11:06:20.0531 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/08 11:06:20.0546 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/08 11:06:20.0562 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/08 11:06:20.0578 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/08 11:06:20.0593 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/08 11:06:20.0656 nmwcd (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/11/08 11:06:20.0671 nmwcdc (68ec3ee2348e475ea62c66e6aafcfc9b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/11/08 11:06:20.0703 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
2010/11/08 11:06:20.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/08 11:06:20.0750 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/08 11:06:20.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/08 11:06:20.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/08 11:06:20.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/08 11:06:20.0890 Parport (2d4cdaebced17743aa9e25d3016dc229) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/08 11:06:20.0906 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/08 11:06:20.0921 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/08 11:06:20.0953 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\system32\PCANDIS5.SYS
2010/11/08 11:06:21.0000 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/11/08 11:06:21.0015 PCI (6862c69168d787b85a7d95ccd33c694e) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/08 11:06:21.0062 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/08 11:06:21.0093 Pcmcia (8db27f1ae9593c94095485305a583862) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/08 11:06:21.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/08 11:06:21.0203 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/11/08 11:06:21.0218 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/08 11:06:21.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/08 11:06:21.0265 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/08 11:06:21.0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/08 11:06:21.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/08 11:06:21.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/08 11:06:21.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/08 11:06:21.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/08 11:06:21.0421 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/08 11:06:21.0453 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/08 11:06:21.0484 redbook (e0c7bbd18040b58651bac700c804861d) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/08 11:06:21.0500 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/11/08 11:06:21.0531 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/08 11:06:21.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/08 11:06:21.0562 Serial (d07b02f88165e69b9f17162cf592c8a6) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/08 11:06:21.0578 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/08 11:06:21.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/08 11:06:21.0656 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/11/08 11:06:21.0703 sr (eb032822be406ef220d546ddffcf0002) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/08 11:06:21.0718 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/08 11:06:21.0750 Stmatm (2fc0c3d5615395585abdb16660efbc3a) C:\WINDOWS\system32\DRIVERS\stmatm.sys
2010/11/08 11:06:21.0765 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/08 11:06:21.0781 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/08 11:06:21.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/08 11:06:21.0890 TaurusUsb (3b9daa8751f3881f8d105793dde634a4) C:\WINDOWS\system32\DRIVERS\torususb.sys
2010/11/08 11:06:21.0921 Tcpip (68f06fe0021b01e670af37b8c5964fdf) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/08 11:06:21.0937 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/08 11:06:21.0953 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/08 11:06:21.0968 TermDD (dea5b59783be7b4732a17b15db18f837) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/08 11:06:21.0968 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: dea5b59783be7b4732a17b15db18f837, Fake md5: 88155247177638048422893737429d9e
2010/11/08 11:06:21.0984 TermDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/08 11:06:22.0015 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/08 11:06:22.0046 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/08 11:06:22.0093 upperdev (a34560a5d516a2f5240180370866b99d) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/11/08 11:06:22.0109 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/08 11:06:22.0125 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/08 11:06:22.0125 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/08 11:06:22.0140 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/11/08 11:06:22.0171 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/08 11:06:22.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/08 11:06:22.0203 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/11/08 11:06:22.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/08 11:06:22.0250 VolSnap (56b191ac5fc0df219949c95a6c87afe7) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/08 11:06:22.0281 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/08 11:06:22.0296 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/11/08 11:06:22.0328 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/11/08 11:06:22.0359 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/08 11:06:22.0421 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/08 11:06:22.0437 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/08 11:06:22.0484 ================================================================================
2010/11/08 11:06:22.0484 Scan finished
2010/11/08 11:06:22.0484 ================================================================================
2010/11/08 11:06:22.0500 Detected object count: 1
2010/11/08 11:06:44.0859 TermDD (dea5b59783be7b4732a17b15db18f837) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/08 11:06:44.0859 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: dea5b59783be7b4732a17b15db18f837, Fake md5: 88155247177638048422893737429d9e
2010/11/08 11:06:45.0156 Backup copy found, using it..
2010/11/08 11:06:45.0171 C:\WINDOWS\system32\DRIVERS\termdd.sys - will be cured after reboot
2010/11/08 11:06:45.0171 Rootkit.Win32.TDSS.tdl3(TermDD) - User select action: Cure
2010/11/08 11:06:54.0359 Deinitialize success

after the reboot

2010/11/08 11:11:39.0500 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/08 11:11:39.0500 ================================================================================
2010/11/08 11:11:39.0500 SystemInfo:
2010/11/08 11:11:39.0500
2010/11/08 11:11:39.0500 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/08 11:11:39.0500 Product type: Workstation
2010/11/08 11:11:39.0500 ComputerName: HOME
2010/11/08 11:11:39.0500 UserName: Pawel
2010/11/08 11:11:39.0500 Windows directory: C:\WINDOWS
2010/11/08 11:11:39.0500 System windows directory: C:\WINDOWS
2010/11/08 11:11:39.0500 Processor architecture: Intel x86
2010/11/08 11:11:39.0500 Number of processors: 2
2010/11/08 11:11:39.0500 Page size: 0x1000
2010/11/08 11:11:39.0500 Boot type: Normal boot
2010/11/08 11:11:39.0515 ================================================================================
2010/11/08 11:11:39.0703 Initialize success
2010/11/08 11:11:40.0796 ================================================================================
2010/11/08 11:11:40.0796 Scan started
2010/11/08 11:11:40.0796 Mode: Manual;
2010/11/08 11:11:40.0796 ================================================================================
2010/11/08 11:11:41.0468 ACPI (05118282f5d039595a2b92b4a4afe197) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/08 11:11:41.0500 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/08 11:11:41.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/08 11:11:41.0593 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2010/11/08 11:11:41.0671 Amfilter (868ae6fa93c29c8a105539f3e6d5a77f) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
2010/11/08 11:11:41.0687 Amusbprt (37646d4559ad45c96225521b44c45d01) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
2010/11/08 11:11:41.0750 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/08 11:11:41.0765 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/08 11:11:41.0890 ati2mtag (662c08fef641d8d6e9dcdb39168895b0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/08 11:11:41.0921 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/08 11:11:41.0937 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/08 11:11:41.0968 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
2010/11/08 11:11:41.0984 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
2010/11/08 11:11:42.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/08 11:11:42.0015 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/08 11:11:42.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/08 11:11:42.0062 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/08 11:11:42.0078 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/08 11:11:42.0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/08 11:11:42.0187 dmboot (bc9219abc5696942e6f9ac8a9b28670f) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/08 11:11:42.0218 dmio (5fa232e3ba6e1346f9f5a7e519320cb0) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/08 11:11:42.0234 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/08 11:11:42.0250 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/08 11:11:42.0296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/08 11:11:42.0312 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/11/08 11:11:42.0328 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/11/08 11:11:42.0359 epfw (1a7384d0684adc204178f593994194b1) C:\WINDOWS\system32\DRIVERS\epfw.sys
2010/11/08 11:11:42.0375 Epfwndis (82ccb9d92dd674f3a4758f4a6a18fc1c) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2010/11/08 11:11:42.0390 epfwtdi (db4fe66ecc47e6934dd769ff00e170bc) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2010/11/08 11:11:42.0406 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/08 11:11:42.0421 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/08 11:11:42.0437 Fips (09e2a4d33f81a06a8aab2ba0a0b5d235) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/08 11:11:42.0437 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/08 11:11:42.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/08 11:11:42.0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/08 11:11:42.0500 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/08 11:11:42.0546 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
2010/11/08 11:11:42.0562 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/08 11:11:42.0625 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
2010/11/08 11:11:42.0656 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2010/11/08 11:11:42.0671 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/08 11:11:42.0671 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/08 11:11:42.0718 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/08 11:11:42.0750 i8042prt (177b372af55c4460d0968b5f1d02aa1c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/08 11:11:42.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/08 11:11:42.0875 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/08 11:11:42.0921 intelppm (da153edc09de8c4f846c085caa39d1cc) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/08 11:11:42.0937 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/08 11:11:42.0953 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/08 11:11:42.0984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/08 11:11:42.0984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/08 11:11:43.0000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/08 11:11:43.0031 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/08 11:11:43.0046 isapnp (c8eef2e93835b81bd335de2123121283) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/08 11:11:43.0062 Kbdclass (2aeca45d4aeaacbdcb77ad11184e4601) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/08 11:11:43.0078 kbdhid (f718dcddac2544bc693f22977d06f78b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/08 11:11:43.0093 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/08 11:11:43.0109 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/08 11:11:43.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/08 11:11:43.0171 Modem (4a068db7dc37d5afedb6512d2931d7b3) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/08 11:11:43.0171 Mouclass (fbed3df6b884f8cf00447b73507f2c48) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/08 11:11:43.0187 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/08 11:11:43.0203 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/08 11:11:43.0234 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/08 11:11:43.0250 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/08 11:11:43.0265 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/08 11:11:43.0281 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/08 11:11:43.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/08 11:11:43.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/08 11:11:43.0343 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/08 11:11:43.0359 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/08 11:11:43.0390 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/08 11:11:43.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/08 11:11:43.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/08 11:11:43.0437 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/08 11:11:43.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/08 11:11:43.0453 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/08 11:11:43.0468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/08 11:11:43.0515 nmwcd (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/11/08 11:11:43.0531 nmwcdc (68ec3ee2348e475ea62c66e6aafcfc9b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/11/08 11:11:43.0593 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
2010/11/08 11:11:43.0593 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/08 11:11:43.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/08 11:11:43.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/08 11:11:43.0671 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/08 11:11:43.0687 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/08 11:11:43.0718 Parport (2d4cdaebced17743aa9e25d3016dc229) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/08 11:11:43.0734 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/08 11:11:43.0750 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/08 11:11:43.0781 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\system32\PCANDIS5.SYS
2010/11/08 11:11:43.0812 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/11/08 11:11:43.0828 PCI (6862c69168d787b85a7d95ccd33c694e) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/08 11:11:43.0843 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/08 11:11:43.0875 Pcmcia (8db27f1ae9593c94095485305a583862) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/08 11:11:43.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/08 11:11:43.0984 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/11/08 11:11:44.0000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/08 11:11:44.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/08 11:11:44.0015 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/08 11:11:44.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/08 11:11:44.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/08 11:11:44.0109 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/08 11:11:44.0125 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/08 11:11:44.0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/08 11:11:44.0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/08 11:11:44.0187 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/08 11:11:44.0218 redbook (e0c7bbd18040b58651bac700c804861d) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/08 11:11:44.0234 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/11/08 11:11:44.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/08 11:11:44.0281 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/08 11:11:44.0296 Serial (d07b02f88165e69b9f17162cf592c8a6) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/08 11:11:44.0312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/08 11:11:44.0359 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/08 11:11:44.0375 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/11/08 11:11:44.0421 sr (eb032822be406ef220d546ddffcf0002) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/08 11:11:44.0437 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/08 11:11:44.0468 Stmatm (2fc0c3d5615395585abdb16660efbc3a) C:\WINDOWS\system32\DRIVERS\stmatm.sys
2010/11/08 11:11:44.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/08 11:11:44.0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/08 11:11:44.0765 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/08 11:11:44.0796 TaurusUsb (3b9daa8751f3881f8d105793dde634a4) C:\WINDOWS\system32\DRIVERS\torususb.sys
2010/11/08 11:11:44.0812 Tcpip (68f06fe0021b01e670af37b8c5964fdf) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/08 11:11:44.0828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/08 11:11:44.0843 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/08 11:11:44.0859 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/08 11:11:44.0906 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/08 11:11:44.0937 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/08 11:11:44.0953 upperdev (a34560a5d516a2f5240180370866b99d) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/11/08 11:11:44.0968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/08 11:11:44.0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/08 11:11:45.0000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/08 11:11:45.0015 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/11/08 11:11:45.0046 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/08 11:11:45.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/08 11:11:45.0078 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/11/08 11:11:45.0093 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/08 11:11:45.0125 VolSnap (56b191ac5fc0df219949c95a6c87afe7) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/08 11:11:45.0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/08 11:11:45.0171 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/11/08 11:11:45.0203 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/11/08 11:11:45.0234 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/08 11:11:45.0281 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/08 11:11:45.0312 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/08 11:11:45.0343 ================================================================================
2010/11/08 11:11:45.0359 Scan finished
2010/11/08 11:11:45.0359 ================================================================================

Nath4N

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2009-04-18
Operating System : XP Home SP3

View user profile

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by DragonMaster Jay on Mon 08 Nov 2010, 9:46 pm

Kindly Read Properly

Please be sure to read all instructions properly.

If you do not have an XP disc... STOP! and reply back to me to let me know you do not have a disc

You placed your system in great danger by continuing with the fixes. Thank goodness that driver was not a critical driver.

This next tool will install the Recovery Console so we can reverse any other negative changes in the future, if necessary.

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix from BleepingComputer.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    *NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by Nath4N on Mon 08 Nov 2010, 10:50 pm

ComboFix couldn't detect my internet connection (it was definitely on), it didn't install the Recovery Console.
I can translate the Polish lines for you, but I don't think it will be neccessary, right?

ComboFix 10-11-07.09 - Pawel 2010-11-08 12:34:41.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1438 [GMT 1]
Uruchomiony z: c:\documents and settings\Pawel\pulpit\combo-fix.exe
Użyto następujących komend :: /killall
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezydentny antywirus jest aktywny


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dane aplikacji\Macromedia\SwUpdate
c:\documents and settings\All Users\Dane aplikacji\Macromedia\SwUpdate\B64.dtd
c:\documents and settings\All Users\Dane aplikacji\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Dane aplikacji\Macromedia\SwUpdate\swupdate.dll
c:\documents and settings\Pawel\Moje dokumenty\kopia zapasowa cc.reg
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\7765968548.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Temporary Internet Files\udRemove.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\wqdhpqov.sys
c:\windows\system32\Packet.dll
c:\windows\system32\UACnxtjkoml.db
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Service_ljjvuh


((((((((((((((((((((((((( Pliki utworzone od 2010-10-08 do 2010-11-08 )))))))))))))))))))))))))))))))
.

2010-11-02 13:51 . 2010-11-02 13:51 -------- d-----w- c:\program files\CCleaner
2010-11-02 11:04 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 11:04 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 09:04 . 2010-11-05 06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-02 08:20 . 2010-11-02 08:20 3887136 ----a-w- C:\ComboFix.exe
2010-10-29 14:32 . 2010-10-29 14:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\POP3Profiles
2010-10-29 14:22 . 2010-10-29 14:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI
2010-10-29 14:19 . 2010-10-29 14:20 -------- d-----w- c:\program files\ATI Technologies
2010-10-23 18:10 . 2008-04-15 12:00 26624 ----a-w- c:\windows\system32\stu2.exe
2010-10-18 12:25 . 2010-10-18 12:25 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\DSS
2010-10-11 17:05 . 2010-10-11 17:06 -------- d-----w- c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\kaneandlynch
2010-10-11 16:50 . 2010-10-11 16:50 1409 ----a-w- c:\windows\QTFont.for
2010-10-10 14:30 . 2010-10-10 14:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TomTom
2010-10-10 14:29 . 2010-10-10 14:29 -------- d-----w- c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\TomTom
2010-10-10 14:29 . 2010-10-10 14:29 -------- d-----w- c:\documents and settings\Pawel\Dane aplikacji\TomTom
2010-10-10 14:28 . 2010-10-10 14:28 -------- d-----w- c:\program files\TomTom International B.V
2010-10-10 14:28 . 2010-10-10 14:28 -------- d-----w- c:\program files\TomTom HOME 2

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 11:38 . 2009-04-04 17:59 16608 ----a-w- c:\windows\gdrv.sys
2010-11-08 10:07 . 2009-04-03 19:56 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-11-02 14:53 . 2009-12-03 14:13 1651104 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2010-10-23 18:10 . 2008-04-15 12:00 30720 ----a-w- c:\windows\system32\userinit.exe
2010-09-11 02:19 . 2009-02-25 22:58 5417472 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-09-11 01:57 . 2009-02-25 20:32 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-11 01:57 . 2009-02-25 20:32 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-11 01:56 . 2009-02-25 20:30 4419584 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-11 01:54 . 2009-02-25 21:30 16248832 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-11 01:50 . 2009-02-25 21:09 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-09-11 01:43 . 2009-02-25 21:42 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-11 01:42 . 2009-02-25 21:41 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-09-11 01:39 . 2009-02-25 21:16 3942880 ----a-w- c:\windows\system32\ati3duag.dll
2010-09-11 01:29 . 2009-02-25 20:35 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-09-11 01:26 . 2009-02-25 21:30 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-11 01:26 . 2009-02-25 21:29 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-11 01:26 . 2009-02-25 21:29 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-09-11 01:26 . 2009-02-25 21:29 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-11 01:26 . 2009-02-25 21:29 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-09-11 01:25 . 2009-02-25 20:59 2669312 ----a-w- c:\windows\system32\ativvaxx.dll
2010-09-11 01:25 . 2009-02-25 21:27 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-09-11 01:24 . 2009-02-25 21:26 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-09-11 01:23 . 2010-07-22 09:52 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-11 01:19 . 2009-02-25 20:40 634880 ----a-w- c:\windows\system32\atikvmag.dll
2010-09-11 01:18 . 2009-02-25 20:38 192512 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-11 01:17 . 2009-02-25 20:38 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-09-11 01:13 . 2009-02-25 20:32 696320 ----a-w- c:\windows\system32\ati2cqag.dll
2010-09-11 01:11 . 2009-09-23 21:36 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-11 01:11 . 2009-02-25 20:44 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-11 01:11 . 2009-02-25 20:37 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.

------- Sigcheck -------

[-] 2009-04-04 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-04-04 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2010-10-23 18:10 . E052E5E1E2CDCFA25AAC1DD9C18721A2 . 30720 . . [------] . . c:\windows\system32\userinit.exe
[7] 2008-04-15 . 2A5B37D520508BE6570A3EA79695F5B5 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 12:00 . 2010-06-07 22:27 93516 c:\windows\system32\perfc009.dat
+ 2008-04-15 12:00 . 2010-11-02 10:09 93516 c:\windows\system32\perfc009.dat
+ 2009-04-03 20:01 . 2010-11-08 06:52 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-03 20:01 . 2009-04-12 18:09 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-03 20:01 . 2009-04-12 18:09 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2009-04-03 20:01 . 2010-11-08 06:52 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2010-11-06 21:42 . 2010-11-08 06:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-03 20:01 . 2009-04-12 18:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-15 12:00 . 2010-11-02 10:09 558514 c:\windows\system32\perfh015.dat
- 2008-04-15 12:00 . 2010-06-07 22:27 558514 c:\windows\system32\perfh015.dat
- 2008-04-15 12:00 . 2010-06-07 22:27 499934 c:\windows\system32\perfh009.dat
+ 2008-04-15 12:00 . 2010-11-02 10:09 499934 c:\windows\system32\perfh009.dat
- 2008-04-15 12:00 . 2010-06-07 22:27 110360 c:\windows\system32\perfc015.dat
+ 2008-04-15 12:00 . 2010-11-02 10:09 110360 c:\windows\system32\perfc015.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="c:\programy\AutoConnect\AutoConnect.exe" [2004-08-28 295424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"egui"="c:\programy\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
"WheelMouse"="c:\programy\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-10 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\malbytes.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Pawel^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=c:\documents and settings\Pawel\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 11:06 40048 ----a-w- c:\programy\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\programy\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\programy\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:57 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-09-17 16:03 17438712 ----a-w- c:\program files\ipla\ipla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 08:56 286720 ----a-w- c:\programy\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
2004-10-14 13:55 32768 ------w- c:\progra~1\NEOSTR~1\GestMAJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2004-08-23 11:49 20480 ------w- c:\progra~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"OracleXETNSListener"=2 (0x2)
"OracleXEClrAgent"=3 (0x3)
"OracleServiceXE"=2 (0x2)
"OracleMTSRecoveryService"=3 (0x3)
"matlabserver"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"ServiceLayer"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programy\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programy\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programy\\Gadu-Gadu\\gg.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Programy\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programy\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Gry\\Pro Evolution Soccer 2011\\PES2011.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S1 5c231369;5c231369;c:\windows\system32\drivers\5c231369.sys [2009-09-20 0]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2008-04-15 3584]
S2 ekrn;ESET Service;c:\programy\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-04-04 80392]
S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2009-04-04 60255]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-04-04 684265]
S4 HASPSrv;HASPSrv;c:\windows\system32\HASPSrv.exe [2009-06-06 696320]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;d:\inne\oracle\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> d:\inne\oracle\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleServiceXE;OracleServiceXE;d:\inne\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> d:\inne\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S4 OracleXETNSListener;OracleXETNSListener;d:\inne\Oracle\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-02-01 204800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-05 721904]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
.
.
------- Skan uzupełniający -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\programy\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programy\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programy\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programy\Orbitdownloader\orbitmxt.dll/202
IE: E&ksportuj do programu Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {18B3AD0D-B37A-44A3-AB8D-3744D5188047} = 194.204.152.34 194.204.159.1
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - [You must be registered and logged in to see this link.]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-08 12:41
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,cf,f6,e2,83,f7,46,40,b5,3e,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,cf,f6,e2,83,f7,46,40,b5,3e,46,\

[HKEY_USERS\S-1-5-21-1844237615-1500820517-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d4,a7,61,8b,4f,10,a4,b9,82,f5,0e,b4,84,d9,8f,52,57,74,34,13,65,
07,68,3f,c6,8c,15,cf,82,4d,15,3c,d5,d5,ea,0d,f8,66,cf,94,ed,9c,c4,3f,5e,48,\
"rkeysecu"=hex:7e,e2,52,5c,a1,56,94,f5,f2,49,4d,58,63,70,aa,0d
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(204)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(344)
c:\windows\system32\ieframe.dll
.
Czas ukończenia: 2010-11-08 12:44:53 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-11-08 11:44

Przed: 3 890 294 784 bajtów wolnych
Po: 3 802 345 472 bajtów wolnych

- - End Of File - - 7279F87A6421CEE0ACB62B6D9AAD8A7D

Nath4N

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2009-04-18
Operating System : XP Home SP3

View user profile

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by Nath4N on Mon 08 Nov 2010, 11:49 pm

Security Tool showed up again :/

I deleted these two usingh HJT
O4 - HKCU\..\RunOnce: [8589936] "C:\DOCUME~1\Pawel\USTAWI~1\DANEAP~1\8589936.exe" 17 39
O4 - HKLM\..\Run: [sniffer] C:\WINDOWS\Temp\_ex-08.exe

EDIT:
and again.

Nath4N

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2009-04-18
Operating System : XP Home SP3

View user profile

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by DragonMaster Jay on Tue 09 Nov 2010, 6:35 am

Manually fixing the computer yourself using HijackThis

Please do NOT fix things in HijackThis. HijackThis is not a normal removal tool, and the dangers of fixing incorrect things in HijackThis is high. For best results, follow as I have said, and do not make any more changes to your computer unless requested by any of the staff noted above. This will save time in getting your computer clean.

Manually install the Recovery Console

ComboFix includes a method of installing the Windows Recovery console by downloading a file from Microsoft. To install the Windows Recovery Console when you do not have the Windows XP CD, please follow these instructions:
  1. Click on the following link to go to Microsoft's Web site: [You must be registered and logged in to see this link.]
  2. At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop. If you are using Windows XP Service Pack 3 (SP3), then select the Service Pack 2 download. If you are using Windows XP Media Center, then you should select the Windows XP Pro Service Pack 2 download. If you are unsure what version of Windows you have and what Service Pack is installed, you can follow these instructions to gain that information.
    1. Click on the Start button.
    2. Click on the Run menu option.
    3. In the Open: field type the following: sysdm.cpl and then click on the OK button.
    4. A screen will appear showing information about your installation. Under the System: category you should see your Windows version and the installed Service Pack. When you are done determining this information continue with Step 2.
  3. Once the Microsoft file has finished downloading, you should drag it on top of the ComboFix icon and let your mouse button go. This is shown in the following image.
  4. ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.
Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. If you wish to continue, then press the Yes button. Post the log from ComboFix. Source

WARNING: Before proceeding with the fixes below, make sure the Recovery Console got installed. If it was unsuccessful, STOP, don't go any further, and reply to tell me how far you got.




Dr. Web CureIt

The following tool will scan and remove severe infections.

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by Nath4N on Wed 10 Nov 2010, 6:36 am

ComboFix 10-11-07.A2 - Pawel 2010-11-08 22:49:27.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1369 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Pawel\Pulpit\combo-fix.exe
Użyto następujących komend :: c:\documents and settings\Pawel\Pulpit\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\187310.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\32450571.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\3629923296.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\5064491918.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\5548640769.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\6551405868.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\672091.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\7159978514.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\739382285.exe
c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\7765968548.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Drivers\wqdhpqov.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\Temp\_ex-08.exe

----- BITS: Możliwe zainfekowane strony -----

[You must be registered and logged in to see this link.]
Zainfekowana kopia c:\windows\system32\userinit.exe została znaleziona. Problem naprawiono
Plik odzyskano z - c:\windows\system32\dllcache\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Pliki utworzone od 2010-10-08 do 2010-11-08 )))))))))))))))))))))))))))))))
.

2010-11-08 18:08 . 2010-11-08 18:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-08 12:21 . 2010-11-08 18:04 -------- d-----w- C:\RECYCLER(2)
2010-11-02 13:51 . 2010-11-02 13:51 -------- d-----w- c:\program files\CCleaner
2010-11-02 11:04 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 11:04 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 09:04 . 2010-11-08 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-02 08:20 . 2010-11-02 08:20 3887136 ----a-w- C:\ComboFix.exe
2010-10-29 14:32 . 2010-10-29 14:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\POP3Profiles
2010-10-29 14:22 . 2010-10-29 14:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI
2010-10-29 14:19 . 2010-10-29 14:20 -------- d-----w- c:\program files\ATI Technologies
2010-10-23 18:10 . 2008-04-15 12:00 26624 ----a-w- c:\windows\system32\stu2.exe
2010-10-18 12:25 . 2010-10-18 12:25 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\DSS
2010-10-11 17:05 . 2010-10-11 17:06 -------- d-----w- c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\kaneandlynch
2010-10-11 16:50 . 2010-10-11 16:50 1409 ----a-w- c:\windows\QTFont.for
2010-10-10 14:30 . 2010-10-10 14:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TomTom
2010-10-10 14:29 . 2010-10-10 14:29 -------- d-----w- c:\documents and settings\Pawel\Ustawienia lokalne\Dane aplikacji\TomTom
2010-10-10 14:29 . 2010-10-10 14:29 -------- d-----w- c:\documents and settings\Pawel\Dane aplikacji\TomTom
2010-10-10 14:28 . 2010-10-10 14:28 -------- d-----w- c:\program files\TomTom International B.V
2010-10-10 14:28 . 2010-10-10 14:28 -------- d-----w- c:\program files\TomTom HOME 2

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 18:11 . 2009-04-04 17:59 16608 ----a-w- c:\windows\gdrv.sys
2010-11-08 10:07 . 2009-04-03 19:56 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-11-02 14:53 . 2009-12-03 14:13 1651104 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2010-09-11 02:19 . 2009-02-25 22:58 5417472 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-09-11 01:57 . 2009-02-25 20:32 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-11 01:57 . 2009-02-25 20:32 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-11 01:56 . 2009-02-25 20:30 4419584 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-11 01:54 . 2009-02-25 21:30 16248832 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-11 01:50 . 2009-02-25 21:09 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-09-11 01:43 . 2009-02-25 21:42 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-11 01:42 . 2009-02-25 21:41 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-09-11 01:39 . 2009-02-25 21:16 3942880 ----a-w- c:\windows\system32\ati3duag.dll
2010-09-11 01:29 . 2009-02-25 20:35 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-09-11 01:26 . 2009-02-25 21:30 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-11 01:26 . 2009-02-25 21:29 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-11 01:26 . 2009-02-25 21:29 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-09-11 01:26 . 2009-02-25 21:29 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-11 01:26 . 2009-02-25 21:29 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-09-11 01:25 . 2009-02-25 20:59 2669312 ----a-w- c:\windows\system32\ativvaxx.dll
2010-09-11 01:25 . 2009-02-25 21:27 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-09-11 01:24 . 2009-02-25 21:26 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-09-11 01:23 . 2010-07-22 09:52 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-11 01:19 . 2009-02-25 20:40 634880 ----a-w- c:\windows\system32\atikvmag.dll
2010-09-11 01:18 . 2009-02-25 20:38 192512 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-11 01:17 . 2009-02-25 20:38 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-09-11 01:13 . 2009-02-25 20:32 696320 ----a-w- c:\windows\system32\ati2cqag.dll
2010-09-11 01:11 . 2009-09-23 21:36 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-11 01:11 . 2009-02-25 20:44 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-11 01:11 . 2009-02-25 20:37 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.

------- Sigcheck -------

[-] 2009-04-04 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-04-04 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-15 12:00 . 2008-04-15 12:00 26624 c:\windows\system32\userinit.exe
- 2008-04-15 12:00 . 2010-06-07 22:27 93516 c:\windows\system32\perfc009.dat
+ 2008-04-15 12:00 . 2010-11-02 10:09 93516 c:\windows\system32\perfc009.dat
+ 2009-04-03 20:01 . 2010-11-08 06:52 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-03 20:01 . 2009-04-12 18:09 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-03 20:01 . 2010-11-08 06:52 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2009-04-03 20:01 . 2009-04-12 18:09 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-04-15 12:00 . 2010-06-07 22:27 558514 c:\windows\system32\perfh015.dat
+ 2008-04-15 12:00 . 2010-11-02 10:09 558514 c:\windows\system32\perfh015.dat
+ 2008-04-15 12:00 . 2010-11-02 10:09 499934 c:\windows\system32\perfh009.dat
- 2008-04-15 12:00 . 2010-06-07 22:27 499934 c:\windows\system32\perfh009.dat
- 2008-04-15 12:00 . 2010-06-07 22:27 110360 c:\windows\system32\perfc015.dat
+ 2008-04-15 12:00 . 2010-11-02 10:09 110360 c:\windows\system32\perfc015.dat
+ 2010-11-03 10:41 . 2010-11-03 10:41 479232 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-11-08 18:04 . 2010-11-08 18:10 1177560 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="c:\programy\AutoConnect\AutoConnect.exe" [2004-08-28 295424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"egui"="c:\programy\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
"WheelMouse"="c:\programy\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-10 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Pawel^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=c:\documents and settings\Pawel\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 11:06 40048 ----a-w- c:\programy\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\programy\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\programy\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:57 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-09-17 16:03 17438712 ----a-w- c:\program files\ipla\ipla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 08:56 286720 ----a-w- c:\programy\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
2004-10-14 13:55 32768 ------w- c:\progra~1\NEOSTR~1\GestMAJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2004-08-23 11:49 20480 ------w- c:\progra~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"OracleXETNSListener"=2 (0x2)
"OracleXEClrAgent"=3 (0x3)
"OracleServiceXE"=2 (0x2)
"OracleMTSRecoveryService"=3 (0x3)
"matlabserver"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"ServiceLayer"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programy\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programy\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programy\\Gadu-Gadu\\gg.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Programy\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programy\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Gry\\Pro Evolution Soccer 2011\\PES2011.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6348:TCP"= 6348:TCP:Bearshare 6348
"6347:TCP"= 6347:TCP:Bearshare 6347
"16348:TCP"= 16348:TCP:bear
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S1 5c231369;5c231369;c:\windows\system32\drivers\5c231369.sys [2009-09-20 0]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2008-04-15 3584]
S2 ekrn;ESET Service;c:\programy\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-04-04 80392]
S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2009-04-04 60255]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-04-04 684265]
S4 HASPSrv;HASPSrv;c:\windows\system32\HASPSrv.exe [2009-06-06 696320]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;d:\inne\oracle\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> d:\inne\oracle\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleServiceXE;OracleServiceXE;d:\inne\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> d:\inne\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S4 OracleXETNSListener;OracleXETNSListener;d:\inne\Oracle\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-02-01 204800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-05 721904]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
.
.
------- Skan uzupełniający -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\programy\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programy\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programy\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programy\Orbitdownloader\orbitmxt.dll/202
IE: E&ksportuj do programu Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-08 22:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,cf,f6,e2,83,f7,46,40,b5,3e,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,cf,f6,e2,83,f7,46,40,b5,3e,46,\

[HKEY_USERS\S-1-5-21-1844237615-1500820517-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d4,a7,61,8b,4f,10,a4,b9,82,f5,0e,b4,84,d9,8f,52,57,74,34,13,65,
07,68,3f,c6,8c,15,cf,82,4d,15,3c,d5,d5,ea,0d,f8,66,cf,94,ed,9c,c4,3f,5e,48,\
"rkeysecu"=hex:7e,e2,52,5c,a1,56,94,f5,f2,49,4d,58,63,70,aa,0d
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(204)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(1020)
c:\windows\system32\ieframe.dll
.
Czas ukończenia: 2010-11-08 22:57:39 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-11-08 21:57
ComboFix2.txt 2010-11-08 11:44

Przed: 3 520 626 688 bajtów wolnych
Po: 3 514 560 512 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 869C3C033A70F7D97101976EF1321C4E



Process.exe;C:\Documents and Settings\Pawel\Moje dokumenty\SmitfraudFix;Tool.Killproc.3;Niewyleczalny.Usunięty.;
restart.exe;C:\Documents and Settings\Pawel\Moje dokumenty\SmitfraudFix;Tool.ShutDown.14;Niewyleczalny.Usunięty.;
58f83732-740f9e64\a2ea.class;C:\Documents and Settings\Pawel\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50\58f83732-740f9e64;Exploit.Java.145;;
58f83732-740f9e64\ab66.class;C:\Documents and Settings\Pawel\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50\58f83732-740f9e64;Exploit.Java.145;;
58f83732-740f9e64\ac60.class;C:\Documents and Settings\Pawel\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50\58f83732-740f9e64;Exploit.Java.145;;
58f83732-740f9e64\ac98.class;C:\Documents and Settings\Pawel\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50\58f83732-740f9e64;Exploit.Java.145;;
58f83732-740f9e64\aefe.class;C:\Documents and Settings\Pawel\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50\58f83732-740f9e64;Exploit.Java.145;;
58f83732-740f9e64\WhatTheJava.class;C:\Documents and Settings\Pawel\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50\58f83732-740f9e64;Exploit.Java.145;;
58f83732-740f9e64;C:\Documents and Settings\Pawel\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\Pawel\Moje dokumenty\SmitfraudFix.exe;Tool.Killproc.3;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\Pawel\Moje dokumenty\SmitfraudFix.exe;Tool.ShutDown.14;;
SmitfraudFix.exe;C:\Documents and Settings\Pawel\Moje dokumenty;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
swupdate.dll.tmp.vir;C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dane aplikacji\Macromedia\SwUpdate;Win32.HLLW.Autoruner.34009;Błędna ścieżka do pliku ;
7765968548.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji;Trojan.Fakealert.19460;Usunięty.;
userinit.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.35735;Usunięty.;
A0000013.dll;C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP1;Win32.HLLW.Autoruner.34009;Błędna ścieżka do pliku ;
A0004233.dll;C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP10;Win32.HLLW.Autoruner.34009;Błędna ścieżka do pliku ;
A0004234.exe;C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP10;Trojan.Fakealert.19460;Usunięty.;
A0005774.exe;C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11;Trojan.DownLoad.35735;Usunięty.;
A0005779.exe;C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11;Trojan.Fakealert.19460;Usunięty.;
A0003935.dll;C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP6;BackDoor.Tdss.4246;Usunięty.;


Nath4N

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2009-04-18
Operating System : XP Home SP3

View user profile

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by DragonMaster Jay on Wed 10 Nov 2010, 5:36 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by Nath4N on Thu 11 Nov 2010, 2:50 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2f3b5736c19edc4294370654c2592e39
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-10 11:41:14
# local_time=2010-11-10 12:41:14 )
# country="Poland"
# lang=1033
# osver=5.1.2600 NT Dodatek Service Pack 3
# compatibility_mode=512 16777215 100 0 49229613 49229613 0 0
# compatibility_mode=8201 22379925 100 100 45560 55454107 0 0
# scanned=350561
# found=33
# cleaned=33
# scan_time=15978
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Pawel\DoctorWeb\Quarantine\58f83732-740f9e64 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\187310.exe.vir a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\32450571.exe.vir a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\3629923296.exe.vir a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\5064491918.exe.vir a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\5548640769.exe.vir a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\6551405868.exe.vir a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\672091.exe.vir a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\7159978514.exe.vir a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\739382285.exe.vir a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005377.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005378.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005379.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005380.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005381.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005389.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005393.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005399.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005400.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005401.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005402.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005405.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005407.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005412.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005421.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005426.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005775.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005776.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005777.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8FF6387D-0DCA-410C-85A4-8768BF55FB7F}\RP11\A0005778.exe a variant of Win32/Kryptik.IAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Nath4N

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2009-04-18
Operating System : XP Home SP3

View user profile

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by DragonMaster Jay on Thu 11 Nov 2010, 3:17 pm

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by Nath4N on Thu 11 Nov 2010, 7:28 pm

Everything seems fine, but NOD still shows a message from time to time that it found Kryptik.

Nath4N

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2009-04-18
Operating System : XP Home SP3

View user profile

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by DragonMaster Jay on Fri 12 Nov 2010, 10:26 pm

Do a full ESET Nod32 scan, and take a screenshot(s) of the results, please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by DragonMaster Jay on Mon 22 Nov 2010, 4:43 pm

Are you still with us?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Kryptik.GXQ, Olmarik and some other stuff

Post by Sponsored content Today at 8:04 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum